August 2016 - openSUSE Security Announce

[security-announce] SUSE-SU-2016:2195-1: important: Security update for MozillaFirefox
by opensuse-security＠opensuse.org 30 Aug '16

30 Aug '16

SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2195-1 Rating: important References: #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12722=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12722=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12722=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12722=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12722=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12722=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-12722=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12722=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12722=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.3.0esr-50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.3.0esr-50.1 MozillaFirefox-translations-45.3.0esr-50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-50.1 MozillaFirefox-debugsource-45.3.0esr-50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-50.1 MozillaFirefox-debugsource-45.3.0esr-50.1 References: https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2184-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2184-1 Rating: important References: #947337 #950998 #951844 #953048 #954847 #956491 #957990 #962742 #963655 #963762 #965087 #966245 #968667 #970114 #970506 #971770 #972933 #973378 #973499 #974165 #974308 #974620 #975531 #975533 #975772 #975788 #977417 #978401 #978469 #978822 #979213 #979419 #979485 #979489 #979521 #979548 #979681 #979867 #979879 #979922 #980348 #980363 #980371 #981038 #981143 #981344 #982282 #982354 #982544 #982698 #983143 #983213 #983318 #983721 #983904 #983977 #984148 #984456 #984755 #985232 #985978 #986362 #986365 #986569 #986572 #986811 #988215 #988498 #988552 #990058 Cross-References: CVE-2014-9904 CVE-2015-7833 CVE-2015-8551 CVE-2015-8552 CVE-2015-8845 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3672 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-4997 CVE-2016-4998 CVE-2016-5244 CVE-2016-5828 CVE-2016-5829 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 49 fixes is now available. Description: The openSUSE 13.1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975531 bsc#975533). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. (bsc#983143) - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (bnc#978401) - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. (bsc#979213) - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. (bnc#986365). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. (bsc#986569) - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). The following non-security bugs were fixed: - Add wait_event_cmd() (bsc#953048). - alsa: hrtimer: Handle start/stop more properly (bsc#973378). - base: make module_create_drivers_dir race-free (bnc#983977). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: do not use src fd for printk (bsc#980348). - btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552). - ceph: tolerate bad i_size for symlink inode (bsc#985232). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521). - EDAC/sb_edac: Fix computation of channel address (bsc#979521). - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521). - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screen_info struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid-elo: kill not flush the work (bnc#982354). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes. (bnc#979922, LTC#141736) - ktime: make ktime_divns exported on 32-bit architectures. - md: be careful when testing resync_max against curr_resync_completed (bsc#953048). - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048). - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048). - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048). - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048). - md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048). - md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048). - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripe_head management. - md/raid5: consider updating reshape_position at start of reshape (bsc#953048). - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048). - md/raid5: do not let shrink_slab shrink too far (bsc#953048). - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048). - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix init_stripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048). - md/raid5: fix newly-broken locking in get_active_stripe. - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore released_stripes check (bsc#953048). - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048). - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048). - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048). - md/raid5: need_this_block: tidy/fix last condition (bsc#953048). - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048). - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048). - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list. - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048). - md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048). - md/raid5: separate large if clause out of fetch_block() (bsc#953048). - md/raid5: separate out the easy conditions in need_this_block (bsc#953048). - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048). - md/raid5: strengthen check on reshape_position at run (bsc#953048). - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048). - md/raid5: use bio_list for the list of bios to return (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048). - mm: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - net: fix wrong mac_len calculation for vlans (bsc#968667). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: batch adjacent full stripe write (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: get_active_stripe avoids device_lock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: make_request does less prepare wait. - raid5: relieve lock contention in get_active_stripe(). - raid5: relieve lock contention in get_active_stripe(). - raid5: Retry R5_ReadNoMerge flag when hit a read error. - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - raid5: speedup sync_request processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flex_array for scribble data (bsc#953048). - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sb_edac: Fix support for systems with two home agents per socket (bsc#979521). - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521). - sb_edac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - scsi: Increase REPORT_LUNS timeout (bsc#982282). - series.conf: move netfilter section at the end of core networking - series.conf: move stray netfilter patches to the right section - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - usb: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417). - wait: introduce wait_event_exclusive_cmd (bsc#953048). - x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521). - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86: standardize mmap_rnd() usage (bnc#974308). - xen: fix i586 build after SLE12-SP1 commit 2f4c3ff45d5e. - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2016-1029=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): cloop-2.639-11.32.2 cloop-debuginfo-2.639-11.32.2 cloop-debugsource-2.639-11.32.2 cloop-kmp-default-2.639_k3.12.62_52-11.32.2 cloop-kmp-default-debuginfo-2.639_k3.12.62_52-11.32.2 cloop-kmp-desktop-2.639_k3.12.62_52-11.32.2 cloop-kmp-desktop-debuginfo-2.639_k3.12.62_52-11.32.2 cloop-kmp-xen-2.639_k3.12.62_52-11.32.2 cloop-kmp-xen-debuginfo-2.639_k3.12.62_52-11.32.2 crash-7.0.2-2.32.7 crash-debuginfo-7.0.2-2.32.7 crash-debugsource-7.0.2-2.32.7 crash-devel-7.0.2-2.32.7 crash-doc-7.0.2-2.32.7 crash-eppic-7.0.2-2.32.7 crash-eppic-debuginfo-7.0.2-2.32.7 crash-gcore-7.0.2-2.32.7 crash-gcore-debuginfo-7.0.2-2.32.7 crash-kmp-default-7.0.2_k3.12.62_52-2.32.7 crash-kmp-default-debuginfo-7.0.2_k3.12.62_52-2.32.7 crash-kmp-desktop-7.0.2_k3.12.62_52-2.32.7 crash-kmp-desktop-debuginfo-7.0.2_k3.12.62_52-2.32.7 crash-kmp-xen-7.0.2_k3.12.62_52-2.32.7 crash-kmp-xen-debuginfo-7.0.2_k3.12.62_52-2.32.7 hdjmod-debugsource-1.28-16.32.2 hdjmod-kmp-default-1.28_k3.12.62_52-16.32.2 hdjmod-kmp-default-debuginfo-1.28_k3.12.62_52-16.32.2 hdjmod-kmp-desktop-1.28_k3.12.62_52-16.32.2 hdjmod-kmp-desktop-debuginfo-1.28_k3.12.62_52-16.32.2 hdjmod-kmp-xen-1.28_k3.12.62_52-16.32.2 hdjmod-kmp-xen-debuginfo-1.28_k3.12.62_52-16.32.2 ipset-6.21.1-2.36.2 ipset-debuginfo-6.21.1-2.36.2 ipset-debugsource-6.21.1-2.36.2 ipset-devel-6.21.1-2.36.2 ipset-kmp-default-6.21.1_k3.12.62_52-2.36.2 ipset-kmp-default-debuginfo-6.21.1_k3.12.62_52-2.36.2 ipset-kmp-desktop-6.21.1_k3.12.62_52-2.36.2 ipset-kmp-desktop-debuginfo-6.21.1_k3.12.62_52-2.36.2 ipset-kmp-xen-6.21.1_k3.12.62_52-2.36.2 ipset-kmp-xen-debuginfo-6.21.1_k3.12.62_52-2.36.2 iscsitarget-1.4.20.3-13.32.2 iscsitarget-debuginfo-1.4.20.3-13.32.2 iscsitarget-debugsource-1.4.20.3-13.32.2 iscsitarget-kmp-default-1.4.20.3_k3.12.62_52-13.32.2 iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.62_52-13.32.2 iscsitarget-kmp-desktop-1.4.20.3_k3.12.62_52-13.32.2 iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.62_52-13.32.2 iscsitarget-kmp-xen-1.4.20.3_k3.12.62_52-13.32.2 iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.62_52-13.32.2 kernel-default-3.12.62-52.1 kernel-default-base-3.12.62-52.1 kernel-default-base-debuginfo-3.12.62-52.1 kernel-default-debuginfo-3.12.62-52.1 kernel-default-debugsource-3.12.62-52.1 kernel-default-devel-3.12.62-52.1 kernel-syms-3.12.62-52.1 libipset3-6.21.1-2.36.2 libipset3-debuginfo-6.21.1-2.36.2 ndiswrapper-1.58-33.2 ndiswrapper-debuginfo-1.58-33.2 ndiswrapper-debugsource-1.58-33.2 ndiswrapper-kmp-default-1.58_k3.12.62_52-33.2 ndiswrapper-kmp-default-debuginfo-1.58_k3.12.62_52-33.2 ndiswrapper-kmp-desktop-1.58_k3.12.62_52-33.2 ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.62_52-33.2 openvswitch-1.11.0-0.39.3 openvswitch-controller-1.11.0-0.39.3 openvswitch-controller-debuginfo-1.11.0-0.39.3 openvswitch-debuginfo-1.11.0-0.39.3 openvswitch-debugsource-1.11.0-0.39.3 openvswitch-kmp-default-1.11.0_k3.12.62_52-0.39.3 openvswitch-kmp-default-debuginfo-1.11.0_k3.12.62_52-0.39.3 openvswitch-kmp-desktop-1.11.0_k3.12.62_52-0.39.3 openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.62_52-0.39.3 openvswitch-kmp-xen-1.11.0_k3.12.62_52-0.39.3 openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.62_52-0.39.3 openvswitch-pki-1.11.0-0.39.3 openvswitch-switch-1.11.0-0.39.3 openvswitch-switch-debuginfo-1.11.0-0.39.3 openvswitch-test-1.11.0-0.39.3 pcfclock-0.44-258.33.2 pcfclock-debuginfo-0.44-258.33.2 pcfclock-debugsource-0.44-258.33.2 pcfclock-kmp-default-0.44_k3.12.62_52-258.33.2 pcfclock-kmp-default-debuginfo-0.44_k3.12.62_52-258.33.2 pcfclock-kmp-desktop-0.44_k3.12.62_52-258.33.2 pcfclock-kmp-desktop-debuginfo-0.44_k3.12.62_52-258.33.2 python-openvswitch-1.11.0-0.39.3 python-openvswitch-test-1.11.0-0.39.3 python-virtualbox-4.2.36-2.64.4 python-virtualbox-debuginfo-4.2.36-2.64.4 vhba-kmp-debugsource-20130607-2.32.2 vhba-kmp-default-20130607_k3.12.62_52-2.32.2 vhba-kmp-default-debuginfo-20130607_k3.12.62_52-2.32.2 vhba-kmp-desktop-20130607_k3.12.62_52-2.32.2 vhba-kmp-desktop-debuginfo-20130607_k3.12.62_52-2.32.2 vhba-kmp-xen-20130607_k3.12.62_52-2.32.2 vhba-kmp-xen-debuginfo-20130607_k3.12.62_52-2.32.2 virtualbox-4.2.36-2.64.4 virtualbox-debuginfo-4.2.36-2.64.4 virtualbox-debugsource-4.2.36-2.64.4 virtualbox-devel-4.2.36-2.64.4 virtualbox-guest-kmp-default-4.2.36_k3.12.62_52-2.64.4 virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.62_52-2.64.4 virtualbox-guest-kmp-desktop-4.2.36_k3.12.62_52-2.64.4 virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.62_52-2.64.4 virtualbox-guest-tools-4.2.36-2.64.4 virtualbox-guest-tools-debuginfo-4.2.36-2.64.4 virtualbox-guest-x11-4.2.36-2.64.4 virtualbox-guest-x11-debuginfo-4.2.36-2.64.4 virtualbox-host-kmp-default-4.2.36_k3.12.62_52-2.64.4 virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.62_52-2.64.4 virtualbox-host-kmp-desktop-4.2.36_k3.12.62_52-2.64.4 virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.62_52-2.64.4 virtualbox-qt-4.2.36-2.64.4 virtualbox-qt-debuginfo-4.2.36-2.64.4 virtualbox-websrv-4.2.36-2.64.4 virtualbox-websrv-debuginfo-4.2.36-2.64.4 xen-debugsource-4.3.4_10-65.3 xen-devel-4.3.4_10-65.3 xen-kmp-default-4.3.4_10_k3.12.62_52-65.3 xen-kmp-default-debuginfo-4.3.4_10_k3.12.62_52-65.3 xen-kmp-desktop-4.3.4_10_k3.12.62_52-65.3 xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.62_52-65.3 xen-libs-4.3.4_10-65.3 xen-libs-debuginfo-4.3.4_10-65.3 xen-tools-domU-4.3.4_10-65.3 xen-tools-domU-debuginfo-4.3.4_10-65.3 xtables-addons-2.3-2.31.2 xtables-addons-debuginfo-2.3-2.31.2 xtables-addons-debugsource-2.3-2.31.2 xtables-addons-kmp-default-2.3_k3.12.62_52-2.31.2 xtables-addons-kmp-default-debuginfo-2.3_k3.12.62_52-2.31.2 xtables-addons-kmp-desktop-2.3_k3.12.62_52-2.31.2 xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.62_52-2.31.2 xtables-addons-kmp-xen-2.3_k3.12.62_52-2.31.2 xtables-addons-kmp-xen-debuginfo-2.3_k3.12.62_52-2.31.2 - openSUSE 13.1 (i686 x86_64): kernel-debug-3.12.62-52.1 kernel-debug-base-3.12.62-52.1 kernel-debug-base-debuginfo-3.12.62-52.1 kernel-debug-debuginfo-3.12.62-52.1 kernel-debug-debugsource-3.12.62-52.1 kernel-debug-devel-3.12.62-52.1 kernel-debug-devel-debuginfo-3.12.62-52.1 kernel-desktop-3.12.62-52.1 kernel-desktop-base-3.12.62-52.1 kernel-desktop-base-debuginfo-3.12.62-52.1 kernel-desktop-debuginfo-3.12.62-52.1 kernel-desktop-debugsource-3.12.62-52.1 kernel-desktop-devel-3.12.62-52.1 kernel-ec2-3.12.62-52.1 kernel-ec2-base-3.12.62-52.1 kernel-ec2-base-debuginfo-3.12.62-52.1 kernel-ec2-debuginfo-3.12.62-52.1 kernel-ec2-debugsource-3.12.62-52.1 kernel-ec2-devel-3.12.62-52.1 kernel-trace-3.12.62-52.1 kernel-trace-base-3.12.62-52.1 kernel-trace-base-debuginfo-3.12.62-52.1 kernel-trace-debuginfo-3.12.62-52.1 kernel-trace-debugsource-3.12.62-52.1 kernel-trace-devel-3.12.62-52.1 kernel-vanilla-3.12.62-52.1 kernel-vanilla-debuginfo-3.12.62-52.1 kernel-vanilla-debugsource-3.12.62-52.1 kernel-vanilla-devel-3.12.62-52.1 kernel-xen-3.12.62-52.1 kernel-xen-base-3.12.62-52.1 kernel-xen-base-debuginfo-3.12.62-52.1 kernel-xen-debuginfo-3.12.62-52.1 kernel-xen-debugsource-3.12.62-52.1 kernel-xen-devel-3.12.62-52.1 - openSUSE 13.1 (noarch): kernel-devel-3.12.62-52.1 kernel-docs-3.12.62-52.2 kernel-macros-3.12.62-52.1 kernel-source-3.12.62-52.1 kernel-source-vanilla-3.12.62-52.1 virtualbox-host-source-4.2.36-2.64.4 - openSUSE 13.1 (x86_64): xen-4.3.4_10-65.3 xen-doc-html-4.3.4_10-65.3 xen-libs-32bit-4.3.4_10-65.3 xen-libs-debuginfo-32bit-4.3.4_10-65.3 xen-tools-4.3.4_10-65.3 xen-tools-debuginfo-4.3.4_10-65.3 xen-xend-tools-4.3.4_10-65.3 xen-xend-tools-debuginfo-4.3.4_10-65.3 - openSUSE 13.1 (i586): cloop-kmp-pae-2.639_k3.12.62_52-11.32.2 cloop-kmp-pae-debuginfo-2.639_k3.12.62_52-11.32.2 crash-kmp-pae-7.0.2_k3.12.62_52-2.32.7 crash-kmp-pae-debuginfo-7.0.2_k3.12.62_52-2.32.7 hdjmod-kmp-pae-1.28_k3.12.62_52-16.32.2 hdjmod-kmp-pae-debuginfo-1.28_k3.12.62_52-16.32.2 ipset-kmp-pae-6.21.1_k3.12.62_52-2.36.2 ipset-kmp-pae-debuginfo-6.21.1_k3.12.62_52-2.36.2 iscsitarget-kmp-pae-1.4.20.3_k3.12.62_52-13.32.2 iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.62_52-13.32.2 ndiswrapper-kmp-pae-1.58_k3.12.62_52-33.2 ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.62_52-33.2 openvswitch-kmp-pae-1.11.0_k3.12.62_52-0.39.3 openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.62_52-0.39.3 pcfclock-kmp-pae-0.44_k3.12.62_52-258.33.2 pcfclock-kmp-pae-debuginfo-0.44_k3.12.62_52-258.33.2 vhba-kmp-pae-20130607_k3.12.62_52-2.32.2 vhba-kmp-pae-debuginfo-20130607_k3.12.62_52-2.32.2 virtualbox-guest-kmp-pae-4.2.36_k3.12.62_52-2.64.4 virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.62_52-2.64.4 virtualbox-host-kmp-pae-4.2.36_k3.12.62_52-2.64.4 virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.62_52-2.64.4 xen-kmp-pae-4.3.4_10_k3.12.62_52-65.3 xen-kmp-pae-debuginfo-4.3.4_10_k3.12.62_52-65.3 xtables-addons-kmp-pae-2.3_k3.12.62_52-2.31.2 xtables-addons-kmp-pae-debuginfo-2.3_k3.12.62_52-2.31.2 - openSUSE 13.1 (i686): kernel-pae-3.12.62-52.1 kernel-pae-base-3.12.62-52.1 kernel-pae-base-debuginfo-3.12.62-52.1 kernel-pae-debuginfo-3.12.62-52.1 kernel-pae-debugsource-3.12.62-52.1 kernel-pae-devel-3.12.62-52.1 References: https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/947337 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953048 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/962742 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/965087 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/971770 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973499 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/975531 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975788 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979489 https://bugzilla.suse.com/979521 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979922 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984456 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/988215 https://bugzilla.suse.com/988498 https://bugzilla.suse.com/988552 https://bugzilla.suse.com/990058 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2181-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2181-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_20 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1289=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-6-2.1 kgraft-patch-3_12_51-60_20-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2180-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2180-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1285=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-3-2.1 kgraft-patch-3_12_57-60_35-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2179-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2179-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1287=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-5-2.1 kgraft-patch-3_12_51-60_25-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2178-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2178-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1286=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-4-2.1 kgraft-patch-3_12_53-60_30-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2177-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2177-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1284=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-3-2.1 kgraft-patch-3_12_59-60_41-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2175-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2175-1 Rating: important References: #986573 #991667 Cross-References: CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1283=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-3-2.1 kgraft-patch-3_12_59-60_45-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2174-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2174-1 Rating: important References: #986377 #986573 #991667 Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1288=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-6-17.2 kgraft-patch-3_12_49-11-xen-6-17.2 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/991667 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2168-1: important: Security update for phpMyAdmin
by opensuse-security＠opensuse.org 29 Aug '16

29 Aug '16

openSUSE Security Update: Security update for phpMyAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2168-1 Rating: important References: #994313 Cross-References: CVE-2016-6606 CVE-2016-6607 CVE-2016-6608 CVE-2016-6609 CVE-2016-6610 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6614 CVE-2016-6615 CVE-2016-6616 CVE-2016-6617 CVE-2016-6618 CVE-2016-6619 CVE-2016-6620 CVE-2016-6621 CVE-2016-6622 CVE-2016-6623 CVE-2016-6624 CVE-2016-6625 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-6633 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the following issues: - Upstream changelog for 4.4.15.8: * Improve session cookie code for openid.php and signon.php example files * Full path disclosure in openid.php and signon.php example files * Unsafe generation of BlowfishSecret (when not supplied by the user) * Referrer leak when phpinfo is enabled * Use HTTPS for wiki links * Improve SSL certificate handling * Fix full path disclosure in debugging code * Administrators could trigger SQL injection attack against users - other fixes * Remove Swekey support - Security fixes: https://www.phpmyadmin.net/security/ * Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661) * PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661) * Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661) * SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661) * Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661) * Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661) * Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661) * SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661) * Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661) * Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661) * SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661) * Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661) * Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661) * Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661) * Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661) * Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661) * Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661) * Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661) * ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661) * Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661) * Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661) * Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661) * Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1021=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-1021=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): phpMyAdmin-4.4.15.8-25.1 - openSUSE 13.2 (noarch): phpMyAdmin-4.4.15.8-39.1 References: https://www.suse.com/security/cve/CVE-2016-6606.html https://www.suse.com/security/cve/CVE-2016-6607.html https://www.suse.com/security/cve/CVE-2016-6608.html https://www.suse.com/security/cve/CVE-2016-6609.html https://www.suse.com/security/cve/CVE-2016-6610.html https://www.suse.com/security/cve/CVE-2016-6611.html https://www.suse.com/security/cve/CVE-2016-6612.html https://www.suse.com/security/cve/CVE-2016-6613.html https://www.suse.com/security/cve/CVE-2016-6614.html https://www.suse.com/security/cve/CVE-2016-6615.html https://www.suse.com/security/cve/CVE-2016-6616.html https://www.suse.com/security/cve/CVE-2016-6617.html https://www.suse.com/security/cve/CVE-2016-6618.html https://www.suse.com/security/cve/CVE-2016-6619.html https://www.suse.com/security/cve/CVE-2016-6620.html https://www.suse.com/security/cve/CVE-2016-6621.html https://www.suse.com/security/cve/CVE-2016-6622.html https://www.suse.com/security/cve/CVE-2016-6623.html https://www.suse.com/security/cve/CVE-2016-6624.html https://www.suse.com/security/cve/CVE-2016-6625.html https://www.suse.com/security/cve/CVE-2016-6626.html https://www.suse.com/security/cve/CVE-2016-6627.html https://www.suse.com/security/cve/CVE-2016-6628.html https://www.suse.com/security/cve/CVE-2016-6629.html https://www.suse.com/security/cve/CVE-2016-6630.html https://www.suse.com/security/cve/CVE-2016-6631.html https://www.suse.com/security/cve/CVE-2016-6632.html https://www.suse.com/security/cve/CVE-2016-6633.html https://bugzilla.suse.com/994313 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2144-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 24 Aug '16

24 Aug '16

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2144-1 Rating: important References: #901754 #941113 #942702 #945219 #955654 #957052 #957988 #959709 #960561 #961512 #963762 #963765 #966245 #966437 #966693 #966849 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968018 #968670 #969354 #969355 #970114 #970275 #970892 #970909 #970911 #970948 #970955 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #971628 #971799 #971919 #971944 #972174 #973378 #973570 #974308 #974418 #974646 #975945 #978401 #978445 #978469 #978821 #978822 #979021 #979213 #979548 #979867 #979879 #979913 #980348 #980363 #980371 #980725 #981267 #982706 #983143 #983213 #984464 #984755 #984764 #986362 #986365 #986377 #986572 #986573 #986811 Cross-References: CVE-2012-6701 CVE-2013-7446 CVE-2014-9904 CVE-2015-3288 CVE-2015-6526 CVE-2015-7566 CVE-2015-8709 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2015-8830 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 53 vulnerabilities and has 28 fixes is now available. Description: The openSUSE 13.2 kernel was updated to fix various bugs and security issues. The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971919 971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse a mount propagation tree in a certain case involving a slave mount, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls (bnc#979913). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2015-3288: A security flaw was found in the Linux kernel that there was a way to arbitrary change zero page memory. (bnc#979021). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 974646). - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression (bnc#969354 bsc#969355). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandles uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here (bnc#959709 960561 ). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572 986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362 986365 986377). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755 984764). - CVE-2015-6526: The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms allowed local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace (bnc#942702). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - ALSA: rawmidi: Fix race at copying & updating the position (bsc#968018). - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - ALSA: seq: Fix double port list deletion (bsc#968018). - ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - ALSA: seq: Fix race at closing in virmidi driver (bsc#968018). - ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Code cleanup (bsc#968018). - ALSA: timer: Fix leftover link at closing (bsc#968018). - ALSA: timer: Fix link corruption due to double start or stop (bsc#968018). - ALSA: timer: Fix race between stop and interrupt (bsc#968018). - ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849). - Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849). - Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849). - Btrfs: do not use src fd for printk (bsc#980348). - Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly. Fix the build error on 32bit architectures. - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates on /proc/xen/xenbus (bsc#970275). - Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982706). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - backends: guarantee one time reads of shared ring contents (bsc#957988). - btrfs: do not go readonly on existing qgroup items (bsc#957052). - btrfs: remove error message from search ioctl for nonexistent tree. - drm/i915: Fix missing backlight update during panel disablement (bsc#941113 boo#901754). - enic: set netdev->vlan_features (bsc#966245). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipvs: count pre-established TCP states as active (bsc#970114). - net: core: Correct an over-stringent device loop detection (bsc#945219). - netback: do not use last request to determine minimum Tx credit (bsc#957988). - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY. - pciback: Save the number of MSI-X entries to be copied later. - pciback: guarantee one time reads of shared ring contents (bsc#957988). - series.conf: move cxgb3 patch to network drivers section - usb: quirk to stop runtime PM for Intel 7260 (bnc#984464). - x86: standardize mmap_rnd() usage (bnc#974308). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1015=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): bbswitch-0.8-3.20.3 bbswitch-debugsource-0.8-3.20.3 bbswitch-kmp-default-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-default-debuginfo-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-desktop-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-xen-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_42-3.20.3 cloop-2.639-14.20.3 cloop-debuginfo-2.639-14.20.3 cloop-debugsource-2.639-14.20.3 cloop-kmp-default-2.639_k3.16.7_42-14.20.3 cloop-kmp-default-debuginfo-2.639_k3.16.7_42-14.20.3 cloop-kmp-desktop-2.639_k3.16.7_42-14.20.3 cloop-kmp-desktop-debuginfo-2.639_k3.16.7_42-14.20.3 cloop-kmp-xen-2.639_k3.16.7_42-14.20.3 cloop-kmp-xen-debuginfo-2.639_k3.16.7_42-14.20.3 crash-7.0.8-20.3 crash-debuginfo-7.0.8-20.3 crash-debugsource-7.0.8-20.3 crash-devel-7.0.8-20.3 crash-doc-7.0.8-20.3 crash-eppic-7.0.8-20.3 crash-eppic-debuginfo-7.0.8-20.3 crash-gcore-7.0.8-20.3 crash-gcore-debuginfo-7.0.8-20.3 crash-kmp-default-7.0.8_k3.16.7_42-20.3 crash-kmp-default-debuginfo-7.0.8_k3.16.7_42-20.3 crash-kmp-desktop-7.0.8_k3.16.7_42-20.3 crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_42-20.3 crash-kmp-xen-7.0.8_k3.16.7_42-20.3 crash-kmp-xen-debuginfo-7.0.8_k3.16.7_42-20.3 hdjmod-debugsource-1.28-18.21.3 hdjmod-kmp-default-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-default-debuginfo-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-desktop-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-xen-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_42-18.21.3 ipset-6.23-20.3 ipset-debuginfo-6.23-20.3 ipset-debugsource-6.23-20.3 ipset-devel-6.23-20.3 ipset-kmp-default-6.23_k3.16.7_42-20.3 ipset-kmp-default-debuginfo-6.23_k3.16.7_42-20.3 ipset-kmp-desktop-6.23_k3.16.7_42-20.3 ipset-kmp-desktop-debuginfo-6.23_k3.16.7_42-20.3 ipset-kmp-xen-6.23_k3.16.7_42-20.3 ipset-kmp-xen-debuginfo-6.23_k3.16.7_42-20.3 kernel-default-3.16.7-42.1 kernel-default-base-3.16.7-42.1 kernel-default-base-debuginfo-3.16.7-42.1 kernel-default-debuginfo-3.16.7-42.1 kernel-default-debugsource-3.16.7-42.1 kernel-default-devel-3.16.7-42.1 kernel-ec2-3.16.7-42.1 kernel-ec2-base-3.16.7-42.1 kernel-ec2-devel-3.16.7-42.1 kernel-obs-build-3.16.7-42.2 kernel-obs-build-debugsource-3.16.7-42.2 kernel-obs-qa-3.16.7-42.1 kernel-obs-qa-xen-3.16.7-42.1 kernel-syms-3.16.7-42.1 libipset3-6.23-20.3 libipset3-debuginfo-6.23-20.3 pcfclock-0.44-260.20.2 pcfclock-debuginfo-0.44-260.20.2 pcfclock-debugsource-0.44-260.20.2 pcfclock-kmp-default-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-default-debuginfo-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-desktop-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_42-260.20.2 python-virtualbox-5.0.20-48.5 python-virtualbox-debuginfo-5.0.20-48.5 vhba-kmp-debugsource-20140629-2.20.2 vhba-kmp-default-20140629_k3.16.7_42-2.20.2 vhba-kmp-default-debuginfo-20140629_k3.16.7_42-2.20.2 vhba-kmp-desktop-20140629_k3.16.7_42-2.20.2 vhba-kmp-desktop-debuginfo-20140629_k3.16.7_42-2.20.2 vhba-kmp-xen-20140629_k3.16.7_42-2.20.2 vhba-kmp-xen-debuginfo-20140629_k3.16.7_42-2.20.2 virtualbox-5.0.20-48.5 virtualbox-debuginfo-5.0.20-48.5 virtualbox-debugsource-5.0.20-48.5 virtualbox-devel-5.0.20-48.5 virtualbox-guest-kmp-default-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-guest-tools-5.0.20-48.5 virtualbox-guest-tools-debuginfo-5.0.20-48.5 virtualbox-guest-x11-5.0.20-48.5 virtualbox-guest-x11-debuginfo-5.0.20-48.5 virtualbox-host-kmp-default-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-desktop-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-qt-5.0.20-48.5 virtualbox-qt-debuginfo-5.0.20-48.5 virtualbox-websrv-5.0.20-48.5 virtualbox-websrv-debuginfo-5.0.20-48.5 xen-debugsource-4.4.4_02-46.2 xen-devel-4.4.4_02-46.2 xen-libs-4.4.4_02-46.2 xen-libs-debuginfo-4.4.4_02-46.2 xen-tools-domU-4.4.4_02-46.2 xen-tools-domU-debuginfo-4.4.4_02-46.2 xtables-addons-2.6-22.3 xtables-addons-debuginfo-2.6-22.3 xtables-addons-debugsource-2.6-22.3 xtables-addons-kmp-default-2.6_k3.16.7_42-22.3 xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_42-22.3 xtables-addons-kmp-desktop-2.6_k3.16.7_42-22.3 xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_42-22.3 xtables-addons-kmp-xen-2.6_k3.16.7_42-22.3 xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_42-22.3 - openSUSE 13.2 (i686 x86_64): kernel-debug-3.16.7-42.1 kernel-debug-base-3.16.7-42.1 kernel-debug-base-debuginfo-3.16.7-42.1 kernel-debug-debuginfo-3.16.7-42.1 kernel-debug-debugsource-3.16.7-42.1 kernel-debug-devel-3.16.7-42.1 kernel-debug-devel-debuginfo-3.16.7-42.1 kernel-desktop-3.16.7-42.1 kernel-desktop-base-3.16.7-42.1 kernel-desktop-base-debuginfo-3.16.7-42.1 kernel-desktop-debuginfo-3.16.7-42.1 kernel-desktop-debugsource-3.16.7-42.1 kernel-desktop-devel-3.16.7-42.1 kernel-ec2-base-debuginfo-3.16.7-42.1 kernel-ec2-debuginfo-3.16.7-42.1 kernel-ec2-debugsource-3.16.7-42.1 kernel-vanilla-3.16.7-42.1 kernel-vanilla-debuginfo-3.16.7-42.1 kernel-vanilla-debugsource-3.16.7-42.1 kernel-vanilla-devel-3.16.7-42.1 kernel-xen-3.16.7-42.1 kernel-xen-base-3.16.7-42.1 kernel-xen-base-debuginfo-3.16.7-42.1 kernel-xen-debuginfo-3.16.7-42.1 kernel-xen-debugsource-3.16.7-42.1 kernel-xen-devel-3.16.7-42.1 - openSUSE 13.2 (x86_64): xen-4.4.4_02-46.2 xen-doc-html-4.4.4_02-46.2 xen-kmp-default-4.4.4_02_k3.16.7_42-46.2 xen-kmp-default-debuginfo-4.4.4_02_k3.16.7_42-46.2 xen-kmp-desktop-4.4.4_02_k3.16.7_42-46.2 xen-kmp-desktop-debuginfo-4.4.4_02_k3.16.7_42-46.2 xen-libs-32bit-4.4.4_02-46.2 xen-libs-debuginfo-32bit-4.4.4_02-46.2 xen-tools-4.4.4_02-46.2 xen-tools-debuginfo-4.4.4_02-46.2 - openSUSE 13.2 (noarch): kernel-devel-3.16.7-42.1 kernel-docs-3.16.7-42.2 kernel-macros-3.16.7-42.1 kernel-source-3.16.7-42.1 kernel-source-vanilla-3.16.7-42.1 virtualbox-guest-desktop-icons-5.0.20-48.5 virtualbox-host-source-5.0.20-48.5 - openSUSE 13.2 (i586): bbswitch-kmp-pae-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_42-3.20.3 cloop-kmp-pae-2.639_k3.16.7_42-14.20.3 cloop-kmp-pae-debuginfo-2.639_k3.16.7_42-14.20.3 crash-kmp-pae-7.0.8_k3.16.7_42-20.3 crash-kmp-pae-debuginfo-7.0.8_k3.16.7_42-20.3 hdjmod-kmp-pae-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_42-18.21.3 ipset-kmp-pae-6.23_k3.16.7_42-20.3 ipset-kmp-pae-debuginfo-6.23_k3.16.7_42-20.3 pcfclock-kmp-pae-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_42-260.20.2 vhba-kmp-pae-20140629_k3.16.7_42-2.20.2 vhba-kmp-pae-debuginfo-20140629_k3.16.7_42-2.20.2 virtualbox-guest-kmp-pae-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-pae-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5 xtables-addons-kmp-pae-2.6_k3.16.7_42-22.3 xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_42-22.3 - openSUSE 13.2 (i686): kernel-pae-3.16.7-42.1 kernel-pae-base-3.16.7-42.1 kernel-pae-base-debuginfo-3.16.7-42.1 kernel-pae-debuginfo-3.16.7-42.1 kernel-pae-debugsource-3.16.7-42.1 kernel-pae-devel-3.16.7-42.1 References: https://www.suse.com/security/cve/CVE-2012-6701.html https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-3288.html https://www.suse.com/security/cve/CVE-2015-6526.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-8709.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2015-8830.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4581.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/901754 https://bugzilla.suse.com/941113 https://bugzilla.suse.com/942702 https://bugzilla.suse.com/945219 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/957052 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/959709 https://bugzilla.suse.com/960561 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/966849 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968018 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/969354 https://bugzilla.suse.com/969355 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970275 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/971799 https://bugzilla.suse.com/971919 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978445 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979021 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979913 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/982706 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/984464 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/984764 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/986811 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2131-1: important: Security update for MozillaFirefox
by opensuse-security＠opensuse.org 22 Aug '16

22 Aug '16

SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2131-1 Rating: important References: #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1254=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1254=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1254=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1254=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-devel-45.3.0esr-78.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 References: https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2105-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 19 Aug '16

19 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2105-1 Rating: important References: #947337 #950998 #951844 #953048 #954847 #956491 #957990 #962742 #963655 #963762 #965087 #966245 #968667 #970114 #970506 #971770 #972933 #973378 #973499 #974165 #974308 #974620 #975531 #975533 #975772 #975788 #977417 #978401 #978469 #978822 #979074 #979213 #979419 #979485 #979489 #979521 #979548 #979681 #979867 #979879 #979922 #980348 #980363 #980371 #980856 #980883 #981038 #981143 #981344 #981597 #982282 #982354 #982544 #982698 #983143 #983213 #983318 #983721 #983904 #983977 #984148 #984456 #984755 #984764 #985232 #985978 #986362 #986365 #986569 #986572 #986573 #986811 #988215 #988498 #988552 #990058 Cross-References: CVE-2014-9904 CVE-2015-7833 CVE-2015-8551 CVE-2015-8552 CVE-2015-8845 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3672 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-4997 CVE-2016-4998 CVE-2016-5244 CVE-2016-5828 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 55 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983143). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bsc#978401). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bsc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986362). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction an exec system call (bsc#986569). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - Add wait_event_cmd() (bsc#953048). - Btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - Disable btrfs patch (bsc#981597) - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521). - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521). - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521). - EDAC/sb_edac: Fix computation of channel address (bsc#979521). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - RAID5: batch adjacent full stripe write (bsc#953048). - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048). - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - Restore copying of SKBs with head exceeding page size (bsc#978469). - SCSI: Increase REPORT_LUNS timeout (bsc#982282). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417). - base: make module_create_drivers_dir race-free (bnc#983977). - cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552). - ceph: tolerate bad i_size for symlink inode (bsc#985232). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screen_info struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid-elo: kill not flush the work (bnc#982354). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes (bnc#979922, LTC#141736) - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kvm: Guest does not show the cpu flag nonstop_tsc (bsc#971770) - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE. - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048). - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048). - md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048). - md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048). - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripe_head management. - md/raid5: consider updating reshape_position at start of reshape (bsc#953048). - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048). - md/raid5: do not let shrink_slab shrink too far (bsc#953048). - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix init_stripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048). - md/raid5: fix newly-broken locking in get_active_stripe. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore released_stripes check (bsc#953048). - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048). - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048). - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048). - md/raid5: need_this_block: tidy/fix last condition (bsc#953048). - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048). - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048). - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list. - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048). - md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048). - md/raid5: separate large if clause out of fetch_block() (bsc#953048). - md/raid5: separate out the easy conditions in need_this_block (bsc#953048). - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048). - md/raid5: strengthen check on reshape_position at run (bsc#953048). - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md/raid5: use bio_list for the list of bios to return (bsc#953048). - md: be careful when testing resync_max against curr_resync_completed (bsc#953048). - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048). - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - net: fix wrong mac_len calculation for vlans (bsc#968667). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087). - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: Retry R5_ReadNoMerge flag when hit a read error. - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: get_active_stripe avoids device_lock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: make_request does less prepare wait. - raid5: relieve lock contention in get_active_stripe(). - raid5: relieve lock contention in get_active_stripe(). - raid5: speedup sync_request processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flex_array for scribble data (bsc#953048). - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138). - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sb_edac: Fix support for systems with two home agents per socket (bsc#979521). - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521). - sb_edac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - wait: introduce wait_event_exclusive_cmd (bsc#953048). - x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521). - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058). - x86: standardize mmap_rnd() usage (bnc#974308). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1246=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1246=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1246=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1246=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1246=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1246=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-extra-3.12.62-60.62.1 kernel-default-extra-debuginfo-3.12.62-60.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.62-60.62.1 kernel-obs-build-debugsource-3.12.62-60.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.62-60.62.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.62-60.62.1 kernel-default-base-3.12.62-60.62.1 kernel-default-base-debuginfo-3.12.62-60.62.1 kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-devel-3.12.62-60.62.1 kernel-syms-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.62-60.62.1 kernel-macros-3.12.62-60.62.1 kernel-source-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.62-60.62.1 kernel-xen-base-3.12.62-60.62.1 kernel-xen-base-debuginfo-3.12.62-60.62.1 kernel-xen-debuginfo-3.12.62-60.62.1 kernel-xen-debugsource-3.12.62-60.62.1 kernel-xen-devel-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.62-60.62.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.62-60.62.1 kernel-ec2-debuginfo-3.12.62-60.62.1 kernel-ec2-debugsource-3.12.62-60.62.1 kernel-ec2-devel-3.12.62-60.62.1 kernel-ec2-extra-3.12.62-60.62.1 kernel-ec2-extra-debuginfo-3.12.62-60.62.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-1-4.2 kgraft-patch-3_12_62-60_62-xen-1-4.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.62-60.62.1 kernel-macros-3.12.62-60.62.1 kernel-source-3.12.62-60.62.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.62-60.62.1 kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-devel-3.12.62-60.62.1 kernel-default-extra-3.12.62-60.62.1 kernel-default-extra-debuginfo-3.12.62-60.62.1 kernel-syms-3.12.62-60.62.1 kernel-xen-3.12.62-60.62.1 kernel-xen-debuginfo-3.12.62-60.62.1 kernel-xen-debugsource-3.12.62-60.62.1 kernel-xen-devel-3.12.62-60.62.1 References: https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/947337 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953048 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/962742 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/965087 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/971770 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973499 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/975531 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975788 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979489 https://bugzilla.suse.com/979521 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979922 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/981597 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984456 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/984764 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/988215 https://bugzilla.suse.com/988498 https://bugzilla.suse.com/988552 https://bugzilla.suse.com/990058 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2100-1: important: Security update for xen
by opensuse-security＠opensuse.org 18 Aug '16

18 Aug '16

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2100-1 Rating: important References: #954872 #955399 #957986 #958848 #961600 #963161 #964427 #967630 #973188 #974038 #974912 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979035 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #985503 #986586 #988675 #989235 #990843 #990923 Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 16 fixes is now available. Description: This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend. Additional memory adjustment made. - bsc#974912: Persistent performance drop after live-migration using xend tool stack - bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399 - bsc#989235: xen dom0 xm create command only searched /etc/xen instead of /etc/xen/vm - Live Migration SLES 11 SP3 to SP4 on AMD: "xc: error: Couldn't set extended vcpu0 info" - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12702=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12702=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12702=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_07_3.0.101_77-37.1 xen-libs-4.4.4_07-37.1 xen-tools-domU-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_07-37.1 xen-doc-html-4.4.4_07-37.1 xen-libs-32bit-4.4.4_07-37.1 xen-tools-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_07_3.0.101_77-37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_07-37.1 xen-debugsource-4.4.4_07-37.1 References: https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6351.html https://bugzilla.suse.com/954872 https://bugzilla.suse.com/955399 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/967630 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/974912 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979035 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/989235 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2094-1: important: Security update for yast2-ntp-client
by opensuse-security＠opensuse.org 17 Aug '16

17 Aug '16

SUSE Security Update: Security update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2094-1 Rating: important References: #985065 Cross-References: CVE-2015-1798 CVE-2015-1799 CVE-2015-5194 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 43 vulnerabilities is now available. It includes one version update. Description: The YaST2 NTP Client was updated to handle the presence of both xntp and ntp packages. If none are installed, "ntp" will be installed. Security Issues: * CVE-2016-4953 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953> * CVE-2016-4954 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954> * CVE-2016-4955 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955> * CVE-2016-4956 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956> * CVE-2016-4957 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957> * CVE-2016-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547> * CVE-2016-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548> * CVE-2016-1549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549> * CVE-2016-1550 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550> * CVE-2016-1551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551> * CVE-2016-2516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516> * CVE-2016-2517 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517> * CVE-2016-2518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518> * CVE-2016-2519 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519> * CVE-2015-8158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158> * CVE-2015-8138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138> * CVE-2015-7979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979> * CVE-2015-7978 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978> * CVE-2015-7977 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977> * CVE-2015-7976 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976> * CVE-2015-7975 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975> * CVE-2015-7974 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974> * CVE-2015-7973 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973> * CVE-2015-5300 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300> * CVE-2015-5194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194> * CVE-2015-7871 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871> * CVE-2015-7855 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855> * CVE-2015-7854 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854> * CVE-2015-7853 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853> * CVE-2015-7852 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852> * CVE-2015-7851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851> * CVE-2015-7850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850> * CVE-2015-7849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849> * CVE-2015-7848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848> * CVE-2015-7701 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701> * CVE-2015-7703 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703> * CVE-2015-7704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704> * CVE-2015-7705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705> * CVE-2015-7691 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691> * CVE-2015-7692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692> * CVE-2015-7702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702> * CVE-2015-1798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798> * CVE-2015-1799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (noarch) [New Version: 2.13.18]: yast2-ntp-client-2.13.18-0.20.1 References: https://www.suse.com/security/cve/CVE-2015-1798.html https://www.suse.com/security/cve/CVE-2015-1799.html https://www.suse.com/security/cve/CVE-2015-5194.html https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7691.html https://www.suse.com/security/cve/CVE-2015-7692.html https://www.suse.com/security/cve/CVE-2015-7701.html https://www.suse.com/security/cve/CVE-2015-7702.html https://www.suse.com/security/cve/CVE-2015-7703.html https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7848.html https://www.suse.com/security/cve/CVE-2015-7849.html https://www.suse.com/security/cve/CVE-2015-7850.html https://www.suse.com/security/cve/CVE-2015-7851.html https://www.suse.com/security/cve/CVE-2015-7852.html https://www.suse.com/security/cve/CVE-2015-7853.html https://www.suse.com/security/cve/CVE-2015-7854.html https://www.suse.com/security/cve/CVE-2015-7855.html https://www.suse.com/security/cve/CVE-2015-7871.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8158.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/985065 https://download.suse.com/patch/finder/?keywords=005fabcea379ebb53725d3077b… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2093-1: important: Security update for xen
by opensuse-security＠opensuse.org 17 Aug '16

17 Aug '16

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2093-1 Rating: important References: #900418 #949889 #953339 #953362 #953518 #954872 #957986 #958848 #961600 #963161 #964427 #973188 #973631 #974038 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #984981 #985503 #986586 #988675 #988676 #990843 #990923 Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 18 fixes is now available. Description: This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) (bsc#988676). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#900418: Dump cannot be performed on SLES12 XEN - bsc#953339: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#953362: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#953518: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#984981: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#949889: Fail to install 32-bit paravirt VM under SLES12SP1Beta3 XEN - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#973631: AWS EC2 kdump issue - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1238=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1238=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.3_08-17.1 xen-devel-4.5.3_08-17.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.3_08-17.1 xen-debugsource-4.5.3_08-17.1 xen-doc-html-4.5.3_08-17.1 xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1 xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1 xen-libs-32bit-4.5.3_08-17.1 xen-libs-4.5.3_08-17.1 xen-libs-debuginfo-32bit-4.5.3_08-17.1 xen-libs-debuginfo-4.5.3_08-17.1 xen-tools-4.5.3_08-17.1 xen-tools-debuginfo-4.5.3_08-17.1 xen-tools-domU-4.5.3_08-17.1 xen-tools-domU-debuginfo-4.5.3_08-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.3_08-17.1 xen-debugsource-4.5.3_08-17.1 xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1 xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1 xen-libs-32bit-4.5.3_08-17.1 xen-libs-4.5.3_08-17.1 xen-libs-debuginfo-32bit-4.5.3_08-17.1 xen-libs-debuginfo-4.5.3_08-17.1 References: https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6259.html https://www.suse.com/security/cve/CVE-2016-6351.html https://bugzilla.suse.com/900418 https://bugzilla.suse.com/949889 https://bugzilla.suse.com/953339 https://bugzilla.suse.com/953362 https://bugzilla.suse.com/953518 https://bugzilla.suse.com/954872 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/973631 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/984981 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/988676 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2089-1: important: Security update for squid3
by opensuse-security＠opensuse.org 16 Aug '16

16 Aug '16

SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2089-1 Rating: important References: #895773 #902197 #938715 #963539 #967011 #968392 #968393 #968394 #968395 #973782 #973783 #976553 #976556 #976708 #979008 #979009 #979010 #979011 #993299 Cross-References: CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12701=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12701=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): squid3-debuginfo-3.1.23-8.16.30.1 References: https://www.suse.com/security/cve/CVE-2011-3205.html https://www.suse.com/security/cve/CVE-2011-4096.html https://www.suse.com/security/cve/CVE-2012-5643.html https://www.suse.com/security/cve/CVE-2013-0188.html https://www.suse.com/security/cve/CVE-2013-4115.html https://www.suse.com/security/cve/CVE-2014-0128.html https://www.suse.com/security/cve/CVE-2014-6270.html https://www.suse.com/security/cve/CVE-2014-7141.html https://www.suse.com/security/cve/CVE-2014-7142.html https://www.suse.com/security/cve/CVE-2015-5400.html https://www.suse.com/security/cve/CVE-2016-2390.html https://www.suse.com/security/cve/CVE-2016-2569.html https://www.suse.com/security/cve/CVE-2016-2570.html https://www.suse.com/security/cve/CVE-2016-2571.html https://www.suse.com/security/cve/CVE-2016-2572.html https://www.suse.com/security/cve/CVE-2016-3947.html https://www.suse.com/security/cve/CVE-2016-3948.html https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4052.html https://www.suse.com/security/cve/CVE-2016-4053.html https://www.suse.com/security/cve/CVE-2016-4054.html https://www.suse.com/security/cve/CVE-2016-4553.html https://www.suse.com/security/cve/CVE-2016-4554.html https://www.suse.com/security/cve/CVE-2016-4555.html https://www.suse.com/security/cve/CVE-2016-4556.html https://bugzilla.suse.com/895773 https://bugzilla.suse.com/902197 https://bugzilla.suse.com/938715 https://bugzilla.suse.com/963539 https://bugzilla.suse.com/967011 https://bugzilla.suse.com/968392 https://bugzilla.suse.com/968393 https://bugzilla.suse.com/968394 https://bugzilla.suse.com/968395 https://bugzilla.suse.com/973782 https://bugzilla.suse.com/973783 https://bugzilla.suse.com/976553 https://bugzilla.suse.com/976556 https://bugzilla.suse.com/976708 https://bugzilla.suse.com/979008 https://bugzilla.suse.com/979009 https://bugzilla.suse.com/979010 https://bugzilla.suse.com/979011 https://bugzilla.suse.com/993299 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2080-1: important: Security update for php5
by opensuse-security＠opensuse.org 16 Aug '16

16 Aug '16

SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2080-1 Rating: important References: #986004 #986244 #986386 #986388 #986393 #991426 #991427 #991428 #991429 #991430 #991433 #991437 Cross-References: CVE-2015-8935 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: php5 was updated to fix the following security issues: - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php5-12696=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-php5-12696=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.89.1 php5-5.2.14-0.7.30.89.1 php5-bcmath-5.2.14-0.7.30.89.1 php5-bz2-5.2.14-0.7.30.89.1 php5-calendar-5.2.14-0.7.30.89.1 php5-ctype-5.2.14-0.7.30.89.1 php5-curl-5.2.14-0.7.30.89.1 php5-dba-5.2.14-0.7.30.89.1 php5-dbase-5.2.14-0.7.30.89.1 php5-dom-5.2.14-0.7.30.89.1 php5-exif-5.2.14-0.7.30.89.1 php5-fastcgi-5.2.14-0.7.30.89.1 php5-ftp-5.2.14-0.7.30.89.1 php5-gd-5.2.14-0.7.30.89.1 php5-gettext-5.2.14-0.7.30.89.1 php5-gmp-5.2.14-0.7.30.89.1 php5-hash-5.2.14-0.7.30.89.1 php5-iconv-5.2.14-0.7.30.89.1 php5-json-5.2.14-0.7.30.89.1 php5-ldap-5.2.14-0.7.30.89.1 php5-mbstring-5.2.14-0.7.30.89.1 php5-mcrypt-5.2.14-0.7.30.89.1 php5-mysql-5.2.14-0.7.30.89.1 php5-odbc-5.2.14-0.7.30.89.1 php5-openssl-5.2.14-0.7.30.89.1 php5-pcntl-5.2.14-0.7.30.89.1 php5-pdo-5.2.14-0.7.30.89.1 php5-pear-5.2.14-0.7.30.89.1 php5-pgsql-5.2.14-0.7.30.89.1 php5-pspell-5.2.14-0.7.30.89.1 php5-shmop-5.2.14-0.7.30.89.1 php5-snmp-5.2.14-0.7.30.89.1 php5-soap-5.2.14-0.7.30.89.1 php5-suhosin-5.2.14-0.7.30.89.1 php5-sysvmsg-5.2.14-0.7.30.89.1 php5-sysvsem-5.2.14-0.7.30.89.1 php5-sysvshm-5.2.14-0.7.30.89.1 php5-tokenizer-5.2.14-0.7.30.89.1 php5-wddx-5.2.14-0.7.30.89.1 php5-xmlreader-5.2.14-0.7.30.89.1 php5-xmlrpc-5.2.14-0.7.30.89.1 php5-xmlwriter-5.2.14-0.7.30.89.1 php5-xsl-5.2.14-0.7.30.89.1 php5-zip-5.2.14-0.7.30.89.1 php5-zlib-5.2.14-0.7.30.89.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): php5-debuginfo-5.2.14-0.7.30.89.1 php5-debugsource-5.2.14-0.7.30.89.1 References: https://www.suse.com/security/cve/CVE-2015-8935.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2016-5767.html https://www.suse.com/security/cve/CVE-2016-5769.html https://www.suse.com/security/cve/CVE-2016-5772.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://bugzilla.suse.com/986004 https://bugzilla.suse.com/986244 https://bugzilla.suse.com/986386 https://bugzilla.suse.com/986388 https://bugzilla.suse.com/986393 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991437 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2074-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 15 Aug '16

15 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2074-1 Rating: important References: #816446 #861093 #928130 #935757 #939826 #942367 #945825 #946117 #946309 #948562 #949744 #949936 #951440 #952384 #953527 #954404 #955354 #955654 #956708 #956709 #958463 #958886 #958951 #959190 #959399 #961500 #961509 #961512 #963765 #963767 #964201 #966437 #966460 #966662 #966693 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968670 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #972510 #973570 #975945 #977847 #978822 Cross-References: CVE-2013-2015 CVE-2013-7446 CVE-2015-0272 CVE-2015-3339 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4486 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 48 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The following non-security bugs were fixed: - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - Fix lpfc_send_rscn_event allocation size claims bnc#935757 - Fix ntpd clock synchronization in Xen PV domains (bnc#816446). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - SCSI: bfa: Fix to handle firmware tskim abort request response (bsc#972510). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bsc#977847). - nf_conntrack: fix bsc#758540 kabi fix (bsc#946117). - privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). - s390/cio: collect format 1 channel-path description data (bsc#966460, bsc#966662). - s390/cio: ensure consistent measurement state (bsc#966460, bsc#966662). - s390/cio: fix measurement characteristics memleak (bsc#966460, bsc#966662). - s390/cio: update measurement characteristics (bsc#966460, bsc#966662). - xfs: Fix lost direct IO write in the last block (bsc#949744). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-source-12693=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-source-12693=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.40.1 kernel-default-base-3.0.101-0.7.40.1 kernel-default-devel-3.0.101-0.7.40.1 kernel-source-3.0.101-0.7.40.1 kernel-syms-3.0.101-0.7.40.1 kernel-trace-3.0.101-0.7.40.1 kernel-trace-base-3.0.101-0.7.40.1 kernel-trace-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.40.1 kernel-ec2-base-3.0.101-0.7.40.1 kernel-ec2-devel-3.0.101-0.7.40.1 kernel-xen-3.0.101-0.7.40.1 kernel-xen-base-3.0.101-0.7.40.1 kernel-xen-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.40.1 kernel-pae-base-3.0.101-0.7.40.1 kernel-pae-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.40.1 kernel-default-debugsource-3.0.101-0.7.40.1 kernel-default-devel-debuginfo-3.0.101-0.7.40.1 kernel-trace-debuginfo-3.0.101-0.7.40.1 kernel-trace-debugsource-3.0.101-0.7.40.1 kernel-trace-devel-debuginfo-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.40.1 kernel-ec2-debugsource-3.0.101-0.7.40.1 kernel-xen-debuginfo-3.0.101-0.7.40.1 kernel-xen-debugsource-3.0.101-0.7.40.1 kernel-xen-devel-debuginfo-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.40.1 kernel-pae-debugsource-3.0.101-0.7.40.1 kernel-pae-devel-debuginfo-3.0.101-0.7.40.1 References: https://www.suse.com/security/cve/CVE-2013-2015.html https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7515.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4486.html https://bugzilla.suse.com/816446 https://bugzilla.suse.com/861093 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/946117 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/948562 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956709 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/964201 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966460 https://bugzilla.suse.com/966662 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/972510 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/977847 https://bugzilla.suse.com/978822 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2073-1: important: Security update for GraphicsMagick
by opensuse-security＠opensuse.org 15 Aug '16

15 Aug '16

openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2073-1 Rating: important References: #965853 #983309 #983455 #983521 #983523 #983533 #983752 #983794 #983799 #984142 #984145 #984150 #984166 #984372 #984375 #984379 #984394 #984400 #984408 #984436 #985442 Cross-References: CVE-2014-9805 CVE-2014-9807 CVE-2014-9809 CVE-2014-9815 CVE-2014-9817 CVE-2014-9819 CVE-2014-9820 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9839 CVE-2014-9845 CVE-2014-9846 CVE-2014-9853 CVE-2015-8894 CVE-2015-8896 CVE-2016-2317 CVE-2016-2318 CVE-2016-5240 CVE-2016-5241 CVE-2016-5688 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752) - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309) - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455) - CVE-2014-9846: Overflow in rle file (boo#983521) - CVE-2015-8894: Double free in TGA code (boo#983523) - CVE-2015-8896: Double free / integer truncation issue (boo#983533) - CVE-2014-9807: Double free in pdb coder (boo#983794) - CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799) - CVE-2014-9819: Heap overflow in palm files (boo#984142) - CVE-2014-9835: Heap overflow in wpf file (boo#984145) - CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375) - CVE-2014-9820: heap overflow in xpm files (boo#984150) - CVE-2014-9837: Additional PNM sanity checks (boo#984166) - CVE-2014-9815: Crash on corrupted wpg file (boo#984372) - CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379) - CVE-2014-9845: Crash due to corrupted dib file (boo#984394) - CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400) - CVE-2014-9853: Memory leak in rle file handling (boo#984408) - CVE-2014-9834: Heap overflow in pict file (boo#984436) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442) - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-984=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): GraphicsMagick-1.3.21-11.1 GraphicsMagick-debuginfo-1.3.21-11.1 GraphicsMagick-debugsource-1.3.21-11.1 GraphicsMagick-devel-1.3.21-11.1 libGraphicsMagick++-Q16-11-1.3.21-11.1 libGraphicsMagick++-Q16-11-debuginfo-1.3.21-11.1 libGraphicsMagick++-devel-1.3.21-11.1 libGraphicsMagick-Q16-3-1.3.21-11.1 libGraphicsMagick-Q16-3-debuginfo-1.3.21-11.1 libGraphicsMagick3-config-1.3.21-11.1 libGraphicsMagickWand-Q16-2-1.3.21-11.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.21-11.1 perl-GraphicsMagick-1.3.21-11.1 perl-GraphicsMagick-debuginfo-1.3.21-11.1 References: https://www.suse.com/security/cve/CVE-2014-9805.html https://www.suse.com/security/cve/CVE-2014-9807.html https://www.suse.com/security/cve/CVE-2014-9809.html https://www.suse.com/security/cve/CVE-2014-9815.html https://www.suse.com/security/cve/CVE-2014-9817.html https://www.suse.com/security/cve/CVE-2014-9819.html https://www.suse.com/security/cve/CVE-2014-9820.html https://www.suse.com/security/cve/CVE-2014-9831.html https://www.suse.com/security/cve/CVE-2014-9834.html https://www.suse.com/security/cve/CVE-2014-9835.html https://www.suse.com/security/cve/CVE-2014-9837.html https://www.suse.com/security/cve/CVE-2014-9839.html https://www.suse.com/security/cve/CVE-2014-9845.html https://www.suse.com/security/cve/CVE-2014-9846.html https://www.suse.com/security/cve/CVE-2014-9853.html https://www.suse.com/security/cve/CVE-2015-8894.html https://www.suse.com/security/cve/CVE-2015-8896.html https://www.suse.com/security/cve/CVE-2016-2317.html https://www.suse.com/security/cve/CVE-2016-2318.html https://www.suse.com/security/cve/CVE-2016-5240.html https://www.suse.com/security/cve/CVE-2016-5241.html https://www.suse.com/security/cve/CVE-2016-5688.html https://bugzilla.suse.com/965853 https://bugzilla.suse.com/983309 https://bugzilla.suse.com/983455 https://bugzilla.suse.com/983521 https://bugzilla.suse.com/983523 https://bugzilla.suse.com/983533 https://bugzilla.suse.com/983752 https://bugzilla.suse.com/983794 https://bugzilla.suse.com/983799 https://bugzilla.suse.com/984142 https://bugzilla.suse.com/984145 https://bugzilla.suse.com/984150 https://bugzilla.suse.com/984166 https://bugzilla.suse.com/984372 https://bugzilla.suse.com/984375 https://bugzilla.suse.com/984379 https://bugzilla.suse.com/984394 https://bugzilla.suse.com/984400 https://bugzilla.suse.com/984408 https://bugzilla.suse.com/984436 https://bugzilla.suse.com/985442 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2061-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss
by opensuse-security＠opensuse.org 12 Aug '16

12 Aug '16

SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2061-1 Rating: important References: #983549 #983638 #983639 #983643 #983646 #983651 #983652 #983653 #983655 #984006 #985659 #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.3.0 ESR. mozilla-nss was updated to version 3.21.1, mozilla-nspr to version 4.12. These security issues were fixed in 45.3.0ESR: - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (MFSA 2016-62) - CVE-2016-2830: Favicon network connection can persist when page is closed (MFSA 2016-63) - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64) - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (MFSA 2016-65) - CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA 2016-67) - CVE-2016-5254: Use-after-free when using alt key and toplevel menus (MFSA 2016-70) - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72) - CVE-2016-5259: Use-after-free in service workers with nested sync events (MFSA 2016-73) - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76) - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77) - CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78) - CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79) - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80) - CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Security issues fixed in 45.2.0.ESR: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12690=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12690=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-45.3.0esr-48.1 MozillaFirefox-branding-SLED-45.0-20.38 MozillaFirefox-translations-45.3.0esr-48.1 firefox-fontconfig-2.11.0-4.2 libfreebl3-3.21.1-26.2 mozilla-nspr-4.12-25.2 mozilla-nspr-devel-4.12-25.2 mozilla-nss-3.21.1-26.2 mozilla-nss-devel-3.21.1-26.2 mozilla-nss-tools-3.21.1-26.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.21.1-26.2 mozilla-nspr-32bit-4.12-25.2 mozilla-nss-32bit-3.21.1-26.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-48.1 MozillaFirefox-debugsource-45.3.0esr-48.1 firefox-fontconfig-debuginfo-2.11.0-4.2 mozilla-nspr-debuginfo-4.12-25.2 mozilla-nspr-debugsource-4.12-25.2 mozilla-nss-debuginfo-3.21.1-26.2 mozilla-nss-debugsource-3.21.1-26.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): firefox-fontconfig-debugsource-2.11.0-4.2 mozilla-nspr-debuginfo-32bit-4.12-25.2 mozilla-nss-debuginfo-32bit-3.21.1-26.2 References: https://www.suse.com/security/cve/CVE-2016-2815.html https://www.suse.com/security/cve/CVE-2016-2818.html https://www.suse.com/security/cve/CVE-2016-2819.html https://www.suse.com/security/cve/CVE-2016-2821.html https://www.suse.com/security/cve/CVE-2016-2822.html https://www.suse.com/security/cve/CVE-2016-2824.html https://www.suse.com/security/cve/CVE-2016-2828.html https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2831.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/983549 https://bugzilla.suse.com/983638 https://bugzilla.suse.com/983639 https://bugzilla.suse.com/983643 https://bugzilla.suse.com/983646 https://bugzilla.suse.com/983651 https://bugzilla.suse.com/983652 https://bugzilla.suse.com/983653 https://bugzilla.suse.com/983655 https://bugzilla.suse.com/984006 https://bugzilla.suse.com/985659 https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2058-1: important: Security update for OpenJDK7
by opensuse-security＠opensuse.org 12 Aug '16

12 Aug '16

openSUSE Security Update: Security update for OpenJDK7 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2058-1 Rating: important References: #988651 #989722 #989723 #989725 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has one errata is now available. Description: Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-982=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): java-1_7_0-openjdk-1.7.0.111-24.39.1 java-1_7_0-openjdk-accessibility-1.7.0.111-24.39.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-24.39.1 java-1_7_0-openjdk-debugsource-1.7.0.111-24.39.1 java-1_7_0-openjdk-demo-1.7.0.111-24.39.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-24.39.1 java-1_7_0-openjdk-devel-1.7.0.111-24.39.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-24.39.1 java-1_7_0-openjdk-headless-1.7.0.111-24.39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-24.39.1 java-1_7_0-openjdk-src-1.7.0.111-24.39.1 - openSUSE 13.1 (noarch): java-1_7_0-openjdk-javadoc-1.7.0.111-24.39.1 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2052-1: important: Security update for java-1_7_0-openjdk
by opensuse-security＠opensuse.org 11 Aug '16

11 Aug '16

openSUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2052-1 Rating: important References: #982366 #984684 #988651 #989722 #989723 #989725 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has three fixes is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f ailing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail s with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-977=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): java-1_7_0-openjdk-1.7.0.111-34.1 java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-debugsource-1.7.0.111-34.1 java-1_7_0-openjdk-demo-1.7.0.111-34.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-devel-1.7.0.111-34.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-headless-1.7.0.111-34.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-34.1 java-1_7_0-openjdk-src-1.7.0.111-34.1 - openSUSE Leap 42.1 (noarch): java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/982366 https://bugzilla.suse.com/984684 https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2051-1: important: Security update for java-1_8_0-openjdk
by opensuse-security＠opensuse.org 11 Aug '16

11 Aug '16

openSUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2051-1 Rating: important References: #984684 #987895 #988651 #989721 #989722 #989723 #989725 #989726 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 * Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPu shClosure> - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update * Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain "GNU General Public License" header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates * Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwic eTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define "headful" jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 * Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property "enableCustomValueHandler" introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL * AArch64 port - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64 - S8148328, PR3078: aarch64: redundant lsr instructions in stub code. - S8148783, PR3078: aarch64: SEGV running SpecJBB2013 - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection - S8150082, PR3078: aarch64: optimise small array copy - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops. - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero. - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine - S8153713, PR3078: aarch64: improve short array clearing using store pair - S8153797, PR3078: aarch64: Add Arrays.fill stub code - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8155015, PR3078: Aarch64: bad assert in spill generation code - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612 - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine - S8157841, PR3078: aarch64: prefetch ignores cache line size - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted - S8158913, PR3078: aarch64: SEGV running Spark terasort - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words - S8159063, PR3078: aarch64: optimise unaligned array copy long - PR3078: Cleanup remaining differences from aarch64/jdk8u tree - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895) - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-978=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): java-1_8_0-openjdk-1.8.0.101-15.1 java-1_8_0-openjdk-accessibility-1.8.0.101-15.1 java-1_8_0-openjdk-debuginfo-1.8.0.101-15.1 java-1_8_0-openjdk-debugsource-1.8.0.101-15.1 java-1_8_0-openjdk-demo-1.8.0.101-15.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-15.1 java-1_8_0-openjdk-devel-1.8.0.101-15.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.101-15.1 java-1_8_0-openjdk-headless-1.8.0.101-15.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-15.1 java-1_8_0-openjdk-src-1.8.0.101-15.1 - openSUSE Leap 42.1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.101-15.1 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3552.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/984684 https://bugzilla.suse.com/987895 https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989721 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989726 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2050-1: important: Security update for java-1_7_0-openjdk
by opensuse-security＠opensuse.org 11 Aug '16

11 Aug '16

openSUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2050-1 Rating: important References: #988651 #989722 #989723 #989725 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has one errata is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f ailing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail s with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-976=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): java-1_7_0-openjdk-1.7.0.111-25.1 java-1_7_0-openjdk-accessibility-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-25.1 java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-debugsource-1.7.0.111-25.1 java-1_7_0-openjdk-demo-1.7.0.111-25.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-devel-1.7.0.111-25.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-headless-1.7.0.111-25.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-25.1 java-1_7_0-openjdk-src-1.7.0.111-25.1 - openSUSE 13.2 (noarch): java-1_7_0-openjdk-javadoc-1.7.0.111-25.1 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2036-1: important: Security update for libarchive
by opensuse-security＠opensuse.org 11 Aug '16

11 Aug '16

openSUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2036-1 Rating: important References: #984990 #985609 #985665 #985669 #985673 #985675 #985679 #985682 #985685 #985688 #985689 #985697 #985698 #985700 #985703 #985704 #985706 #985826 #985832 #985835 Cross-References: CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: libarchive was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8922: Null pointer access in 7z parser (bsc#985685). - CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706). - CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704). - CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679). - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2015-8930: Endless loop in ISO parser (bsc#985700). - CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689). - CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665). - CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688). - CVE-2015-8934: Out of bounds read in RAR (bsc#985673). - CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832). - CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826). - CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-969=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): bsdtar-3.1.2-13.2 bsdtar-debuginfo-3.1.2-13.2 libarchive-debugsource-3.1.2-13.2 libarchive-devel-3.1.2-13.2 libarchive13-3.1.2-13.2 libarchive13-debuginfo-3.1.2-13.2 - openSUSE Leap 42.1 (x86_64): libarchive13-32bit-3.1.2-13.2 libarchive13-debuginfo-32bit-3.1.2-13.2 References: https://www.suse.com/security/cve/CVE-2015-8918.html https://www.suse.com/security/cve/CVE-2015-8919.html https://www.suse.com/security/cve/CVE-2015-8920.html https://www.suse.com/security/cve/CVE-2015-8921.html https://www.suse.com/security/cve/CVE-2015-8922.html https://www.suse.com/security/cve/CVE-2015-8923.html https://www.suse.com/security/cve/CVE-2015-8924.html https://www.suse.com/security/cve/CVE-2015-8925.html https://www.suse.com/security/cve/CVE-2015-8926.html https://www.suse.com/security/cve/CVE-2015-8928.html https://www.suse.com/security/cve/CVE-2015-8929.html https://www.suse.com/security/cve/CVE-2015-8930.html https://www.suse.com/security/cve/CVE-2015-8931.html https://www.suse.com/security/cve/CVE-2015-8932.html https://www.suse.com/security/cve/CVE-2015-8933.html https://www.suse.com/security/cve/CVE-2015-8934.html https://www.suse.com/security/cve/CVE-2016-4300.html https://www.suse.com/security/cve/CVE-2016-4301.html https://www.suse.com/security/cve/CVE-2016-4302.html https://www.suse.com/security/cve/CVE-2016-4809.html https://bugzilla.suse.com/984990 https://bugzilla.suse.com/985609 https://bugzilla.suse.com/985665 https://bugzilla.suse.com/985669 https://bugzilla.suse.com/985673 https://bugzilla.suse.com/985675 https://bugzilla.suse.com/985679 https://bugzilla.suse.com/985682 https://bugzilla.suse.com/985685 https://bugzilla.suse.com/985688 https://bugzilla.suse.com/985689 https://bugzilla.suse.com/985697 https://bugzilla.suse.com/985698 https://bugzilla.suse.com/985700 https://bugzilla.suse.com/985703 https://bugzilla.suse.com/985704 https://bugzilla.suse.com/985706 https://bugzilla.suse.com/985826 https://bugzilla.suse.com/985832 https://bugzilla.suse.com/985835 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2028-1: important: Security update for hawk2
by opensuse-security＠opensuse.org 11 Aug '16

11 Aug '16

openSUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2028-1 Rating: important References: #984619 #987696 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) The following non-security issue was fixed: - In the Wizards UI, prevent text display issues due to internationalization with certain strings (bsc#987696) This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-971=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): hawk2-1.0.1+git.1456406635.49e230d-5.1 hawk2-debuginfo-1.0.1+git.1456406635.49e230d-5.1 hawk2-debugsource-1.0.1+git.1456406635.49e230d-5.1 References: https://bugzilla.suse.com/984619 https://bugzilla.suse.com/987696 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2026-1: important: Security update for MozillaFirefox, mozilla-nss
by opensuse-security＠opensuse.org 10 Aug '16

10 Aug '16

openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2026-1 Rating: important References: #984126 #984403 #984637 #986541 #991809 Cross-References: CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation (e10s) is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The media parser has been redeveloped using the Rust programming language - better Canvas performance with speedy Skia support - Now requires NSS 3.24 The following security issues were fixed: (boo#991809) - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards - CVE-2016-2830: Favicon network connection can persist when page is closed - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 - CVE-2016-5251: Location bar spoofing via data URLs with malformed/invalid mediatypes - CVE-2016-5252: Stack underflow during 2D graphics rendering - CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library - CVE-2016-5254: Use-after-free when using alt key and toplevel menus - CVE-2016-5255: Crash in incremental garbage collection in JavaScript - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown - CVE-2016-5259: Use-after-free in service workers with nested sync events - CVE-2016-5260: Form input type change from password to text can store plain text password in session restore file - CVE-2016-5261: Integer overflow in WebSockets during data buffering - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback - CVE-2016-5263: Type confusion in display transformation - CVE-2016-5264: Use-after-free when applying SVG effects - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file - CVE-2016-5266: Information disclosure and local file manipulation through drag and drop - CVE-2016-5268: Spoofing attack through text injection into internal error pages - CVE-2016-5250: Information disclosure through Resource Timing API during page navigation The following non-security changes are included: - The AppData description and screenshots were updated. - Fix Firefox crash on startup on i586 (boo#986541) - The Selenium WebDriver may have caused Firefox to crash at startup - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - Fix running on 48bit va aarch64 (boo#984126) - fix XUL dialog button order under KDE session (boo#984403) Mozilla NSS was updated to 3.24 as a dependency. Changes in mozilla-nss: - NSS softoken updated with latest NIST guidance - NSS softoken updated to allow NSS to run in FIPS Level 1 (no password) - Various added and deprecated functions - Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. - Protect against the Cachebleed attack. - Disable support for DTLS compression. - Improve support for TLS 1.3. This includes support for DTLS 1.3. (experimental) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-960=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): MozillaFirefox-48.0-119.1 MozillaFirefox-branding-upstream-48.0-119.1 MozillaFirefox-buildsymbols-48.0-119.1 MozillaFirefox-debuginfo-48.0-119.1 MozillaFirefox-debugsource-48.0-119.1 MozillaFirefox-devel-48.0-119.1 MozillaFirefox-translations-common-48.0-119.1 MozillaFirefox-translations-other-48.0-119.1 libfreebl3-3.24-83.1 libfreebl3-debuginfo-3.24-83.1 libsoftokn3-3.24-83.1 libsoftokn3-debuginfo-3.24-83.1 mozilla-nss-3.24-83.1 mozilla-nss-certs-3.24-83.1 mozilla-nss-certs-debuginfo-3.24-83.1 mozilla-nss-debuginfo-3.24-83.1 mozilla-nss-debugsource-3.24-83.1 mozilla-nss-devel-3.24-83.1 mozilla-nss-sysinit-3.24-83.1 mozilla-nss-sysinit-debuginfo-3.24-83.1 mozilla-nss-tools-3.24-83.1 mozilla-nss-tools-debuginfo-3.24-83.1 - openSUSE 13.1 (x86_64): libfreebl3-32bit-3.24-83.1 libfreebl3-debuginfo-32bit-3.24-83.1 libsoftokn3-32bit-3.24-83.1 libsoftokn3-debuginfo-32bit-3.24-83.1 mozilla-nss-32bit-3.24-83.1 mozilla-nss-certs-32bit-3.24-83.1 mozilla-nss-certs-debuginfo-32bit-3.24-83.1 mozilla-nss-debuginfo-32bit-3.24-83.1 mozilla-nss-sysinit-32bit-3.24-83.1 mozilla-nss-sysinit-debuginfo-32bit-3.24-83.1 References: https://www.suse.com/security/cve/CVE-2016-0718.html https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5250.html https://www.suse.com/security/cve/CVE-2016-5251.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5255.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5260.html https://www.suse.com/security/cve/CVE-2016-5261.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-5266.html https://www.suse.com/security/cve/CVE-2016-5268.html https://bugzilla.suse.com/984126 https://bugzilla.suse.com/984403 https://bugzilla.suse.com/984637 https://bugzilla.suse.com/986541 https://bugzilla.suse.com/991809 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2025-1: important: Important security fixes for Typo3
by opensuse-security＠opensuse.org 10 Aug '16

10 Aug '16

openSUSE Security Update: Important security fixes for Typo3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2025-1 Rating: important References: Cross-References: CVE-2013-4701 CVE-2013-7073 CVE-2014-3941 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Important security fixes for vulnerabilities in typo3 which can be used for Cross-Site Scripting or Denial of Service attacks or for authentication bypassing. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-959=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): typo3-cms-4_5-4.5.40-2.7.1 typo3-cms-4_7-4.7.20-3.3.1 References: https://www.suse.com/security/cve/CVE-2013-4701.html https://www.suse.com/security/cve/CVE-2013-7073.html https://www.suse.com/security/cve/CVE-2014-3941.html -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2018-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2018-1 Rating: important References: #909589 #954847 #971030 #974620 #979915 #982544 #983721 #984755 #986362 #986572 #988498 Cross-References: CVE-2016-4470 CVE-2016-4997 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-12685=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-12685=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-12685=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-12685=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-80.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-80.1 kernel-default-base-3.0.101-80.1 kernel-default-devel-3.0.101-80.1 kernel-source-3.0.101-80.1 kernel-syms-3.0.101-80.1 kernel-trace-3.0.101-80.1 kernel-trace-base-3.0.101-80.1 kernel-trace-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-80.1 kernel-ec2-base-3.0.101-80.1 kernel-ec2-devel-3.0.101-80.1 kernel-xen-3.0.101-80.1 kernel-xen-base-3.0.101-80.1 kernel-xen-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-ppc64-3.0.101-80.1 kernel-ppc64-base-3.0.101-80.1 kernel-ppc64-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-80.1 kernel-pae-base-3.0.101-80.1 kernel-pae-devel-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-80.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-80.1 kernel-default-debugsource-3.0.101-80.1 kernel-trace-debuginfo-3.0.101-80.1 kernel-trace-debugsource-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-80.1 kernel-trace-devel-debuginfo-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-80.1 kernel-ec2-debugsource-3.0.101-80.1 kernel-xen-debuginfo-3.0.101-80.1 kernel-xen-debugsource-3.0.101-80.1 kernel-xen-devel-debuginfo-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-ppc64-debuginfo-3.0.101-80.1 kernel-ppc64-debugsource-3.0.101-80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-80.1 kernel-pae-debugsource-3.0.101-80.1 kernel-pae-devel-debuginfo-3.0.101-80.1 References: https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/909589 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/971030 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/979915 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/988498 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2014-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2014-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.44-52_18 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1177=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1177=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_44-52_18-default-6-2.2 kgraft-patch-3_12_44-52_18-xen-6-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_44-52_18-default-6-2.2 kgraft-patch-3_12_44-52_18-xen-6-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2013-1: important: Security update for php53
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2013-1 Rating: important References: #986004 #986244 #986386 #986388 #986393 Cross-References: CVE-2015-8935 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12683=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12683=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12683=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-74.1 php53-imap-5.3.17-74.1 php53-posix-5.3.17-74.1 php53-readline-5.3.17-74.1 php53-sockets-5.3.17-74.1 php53-sqlite-5.3.17-74.1 php53-tidy-5.3.17-74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-74.1 php53-5.3.17-74.1 php53-bcmath-5.3.17-74.1 php53-bz2-5.3.17-74.1 php53-calendar-5.3.17-74.1 php53-ctype-5.3.17-74.1 php53-curl-5.3.17-74.1 php53-dba-5.3.17-74.1 php53-dom-5.3.17-74.1 php53-exif-5.3.17-74.1 php53-fastcgi-5.3.17-74.1 php53-fileinfo-5.3.17-74.1 php53-ftp-5.3.17-74.1 php53-gd-5.3.17-74.1 php53-gettext-5.3.17-74.1 php53-gmp-5.3.17-74.1 php53-iconv-5.3.17-74.1 php53-intl-5.3.17-74.1 php53-json-5.3.17-74.1 php53-ldap-5.3.17-74.1 php53-mbstring-5.3.17-74.1 php53-mcrypt-5.3.17-74.1 php53-mysql-5.3.17-74.1 php53-odbc-5.3.17-74.1 php53-openssl-5.3.17-74.1 php53-pcntl-5.3.17-74.1 php53-pdo-5.3.17-74.1 php53-pear-5.3.17-74.1 php53-pgsql-5.3.17-74.1 php53-pspell-5.3.17-74.1 php53-shmop-5.3.17-74.1 php53-snmp-5.3.17-74.1 php53-soap-5.3.17-74.1 php53-suhosin-5.3.17-74.1 php53-sysvmsg-5.3.17-74.1 php53-sysvsem-5.3.17-74.1 php53-sysvshm-5.3.17-74.1 php53-tokenizer-5.3.17-74.1 php53-wddx-5.3.17-74.1 php53-xmlreader-5.3.17-74.1 php53-xmlrpc-5.3.17-74.1 php53-xmlwriter-5.3.17-74.1 php53-xsl-5.3.17-74.1 php53-zip-5.3.17-74.1 php53-zlib-5.3.17-74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-74.1 php53-debugsource-5.3.17-74.1 References: https://www.suse.com/security/cve/CVE-2015-8935.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2016-5767.html https://www.suse.com/security/cve/CVE-2016-5769.html https://www.suse.com/security/cve/CVE-2016-5772.html https://bugzilla.suse.com/986004 https://bugzilla.suse.com/986244 https://bugzilla.suse.com/986386 https://bugzilla.suse.com/986388 https://bugzilla.suse.com/986393 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2012-1: important: Security update for java-1_8_0-openjdk
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2012-1 Rating: important References: #984684 #987895 #988651 #989721 #989722 #989723 #989725 #989726 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 * Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPu shClosure> - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update * Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain "GNU General Public License" header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates * Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwic eTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define "headful" jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 * Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property "enableCustomValueHandler" introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL * AArch64 port - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64 - S8148328, PR3078: aarch64: redundant lsr instructions in stub code. - S8148783, PR3078: aarch64: SEGV running SpecJBB2013 - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection - S8150082, PR3078: aarch64: optimise small array copy - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops. - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero. - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine - S8153713, PR3078: aarch64: improve short array clearing using store pair - S8153797, PR3078: aarch64: Add Arrays.fill stub code - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8155015, PR3078: Aarch64: bad assert in spill generation code - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612 - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine - S8157841, PR3078: aarch64: prefetch ignores cache line size - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted - S8158913, PR3078: aarch64: SEGV running Spark terasort - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words - S8159063, PR3078: aarch64: optimise unaligned array copy long - PR3078: Cleanup remaining differences from aarch64/jdk8u tree - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895) - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1187=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1187=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.101-14.3 java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3 java-1_8_0-openjdk-debugsource-1.8.0.101-14.3 java-1_8_0-openjdk-demo-1.8.0.101-14.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-14.3 java-1_8_0-openjdk-devel-1.8.0.101-14.3 java-1_8_0-openjdk-headless-1.8.0.101-14.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.101-14.3 java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3 java-1_8_0-openjdk-debugsource-1.8.0.101-14.3 java-1_8_0-openjdk-headless-1.8.0.101-14.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3552.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/984684 https://bugzilla.suse.com/987895 https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989721 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989726 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2011-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2011-1 Rating: important References: #979074 #980856 #980883 #984764 Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-2053 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1178=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-2-2.2 kgraft-patch-3_12_59-60_45-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2010-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2010-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1174=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_39-default-4-2.2 kgraft-patch-3_12_51-52_39-xen-4-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_39-default-4-2.2 kgraft-patch-3_12_51-52_39-xen-4-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2009-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2009-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1182=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-4-2.1 kgraft-patch-3_12_51-60_25-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2007-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2007-1 Rating: important References: #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1181=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-3-2.1 kgraft-patch-3_12_53-60_30-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2006-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2006-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1173=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-2-2.2 kgraft-patch-3_12_55-52_42-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-2-2.2 kgraft-patch-3_12_55-52_42-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2005-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2005-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.48-52_27 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1176=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1176=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_48-52_27-default-5-2.2 kgraft-patch-3_12_48-52_27-xen-5-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_48-52_27-default-5-2.2 kgraft-patch-3_12_48-52_27-xen-5-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2003-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2003-1 Rating: important References: #979074 #980856 #980883 #984764 Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-2053 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1180=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-2-2.1 kgraft-patch-3_12_59-60_41-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2002-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2002-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1190=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1190=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_34-default-5-2.2 kgraft-patch-3_12_51-52_34-xen-5-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_34-default-5-2.2 kgraft-patch-3_12_51-52_34-xen-5-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2001-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2001-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #980856 #980883 #984764 Cross-References: CVE-2013-7446 CVE-2015-8816 CVE-2016-0758 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1172=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-2-2.3 kgraft-patch-3_12_55-52_45-xen-2-2.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-2-2.3 kgraft-patch-3_12_55-52_45-xen-2-2.3 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2000-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2000-1 Rating: important References: #971793 #979074 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1179=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-2-2.2 kgraft-patch-3_12_57-60_35-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1999-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1999-1 Rating: important References: #984764 Cross-References: CVE-2016-4470 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1171=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-2-2.2 kgraft-patch-3_12_60-52_49-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-2-2.2 kgraft-patch-3_12_60-52_49-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2016-4470.html https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1998-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1998-1 Rating: important References: #984764 Cross-References: CVE-2016-4470 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1170=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1170=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-2-2.2 kgraft-patch-3_12_60-52_54-xen-2-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-2-2.2 kgraft-patch-3_12_60-52_54-xen-2-2.2 References: https://www.suse.com/security/cve/CVE-2016-4470.html https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1997-1: important: Security update for java-1_7_0-openjdk
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1997-1 Rating: important References: #982366 #984684 #988651 #989722 #989723 #989725 #989727 #989728 #989729 #989730 #989731 #989732 #989733 #989734 Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has three fixes is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f ailing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail s with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1186=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1186=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.111-33.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-debugsource-1.7.0.111-33.1 java-1_7_0-openjdk-demo-1.7.0.111-33.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-devel-1.7.0.111-33.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-headless-1.7.0.111-33.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.111-33.1 java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1 java-1_7_0-openjdk-debugsource-1.7.0.111-33.1 java-1_7_0-openjdk-headless-1.7.0.111-33.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1 References: https://www.suse.com/security/cve/CVE-2016-3458.html https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3498.html https://www.suse.com/security/cve/CVE-2016-3500.html https://www.suse.com/security/cve/CVE-2016-3503.html https://www.suse.com/security/cve/CVE-2016-3508.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3550.html https://www.suse.com/security/cve/CVE-2016-3598.html https://www.suse.com/security/cve/CVE-2016-3606.html https://www.suse.com/security/cve/CVE-2016-3610.html https://bugzilla.suse.com/982366 https://bugzilla.suse.com/984684 https://bugzilla.suse.com/988651 https://bugzilla.suse.com/989722 https://bugzilla.suse.com/989723 https://bugzilla.suse.com/989725 https://bugzilla.suse.com/989727 https://bugzilla.suse.com/989728 https://bugzilla.suse.com/989729 https://bugzilla.suse.com/989730 https://bugzilla.suse.com/989731 https://bugzilla.suse.com/989732 https://bugzilla.suse.com/989733 https://bugzilla.suse.com/989734 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1996-1: important: Security update for squid3
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1996-1 Rating: important References: #895773 #902197 #938715 #963539 #967011 #968392 #968393 #968394 #968395 #973782 #973783 #976553 #976556 #976708 #979008 #979009 #979010 #979011 Cross-References: CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12682=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12682=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): squid3-debuginfo-3.1.23-8.16.27.1 References: https://www.suse.com/security/cve/CVE-2011-3205.html https://www.suse.com/security/cve/CVE-2011-4096.html https://www.suse.com/security/cve/CVE-2012-5643.html https://www.suse.com/security/cve/CVE-2013-0188.html https://www.suse.com/security/cve/CVE-2013-4115.html https://www.suse.com/security/cve/CVE-2014-0128.html https://www.suse.com/security/cve/CVE-2014-6270.html https://www.suse.com/security/cve/CVE-2014-7141.html https://www.suse.com/security/cve/CVE-2014-7142.html https://www.suse.com/security/cve/CVE-2015-5400.html https://www.suse.com/security/cve/CVE-2016-2390.html https://www.suse.com/security/cve/CVE-2016-2569.html https://www.suse.com/security/cve/CVE-2016-2570.html https://www.suse.com/security/cve/CVE-2016-2571.html https://www.suse.com/security/cve/CVE-2016-2572.html https://www.suse.com/security/cve/CVE-2016-3947.html https://www.suse.com/security/cve/CVE-2016-3948.html https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4052.html https://www.suse.com/security/cve/CVE-2016-4053.html https://www.suse.com/security/cve/CVE-2016-4054.html https://www.suse.com/security/cve/CVE-2016-4553.html https://www.suse.com/security/cve/CVE-2016-4554.html https://www.suse.com/security/cve/CVE-2016-4555.html https://www.suse.com/security/cve/CVE-2016-4556.html https://bugzilla.suse.com/895773 https://bugzilla.suse.com/902197 https://bugzilla.suse.com/938715 https://bugzilla.suse.com/963539 https://bugzilla.suse.com/967011 https://bugzilla.suse.com/968392 https://bugzilla.suse.com/968393 https://bugzilla.suse.com/968394 https://bugzilla.suse.com/968395 https://bugzilla.suse.com/973782 https://bugzilla.suse.com/973783 https://bugzilla.suse.com/976553 https://bugzilla.suse.com/976556 https://bugzilla.suse.com/976708 https://bugzilla.suse.com/979008 https://bugzilla.suse.com/979009 https://bugzilla.suse.com/979010 https://bugzilla.suse.com/979011 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1995-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1995-1 Rating: important References: #955837 #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1175=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1175=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_31-default-5-2.2 kgraft-patch-3_12_51-52_31-xen-5-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_31-default-5-2.2 kgraft-patch-3_12_51-52_31-xen-5-2.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/955837 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1994-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1
by opensuse-security＠opensuse.org 09 Aug '16

09 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1994-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_20 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-5-2.1 kgraft-patch-3_12_51-60_20-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1985-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 08 Aug '16

08 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1985-1 Rating: important References: #676471 #866130 #909589 #936530 #944309 #950998 #953369 #954847 #956491 #957986 #960857 #961518 #963762 #966245 #967914 #968500 #969149 #969391 #970114 #971030 #971126 #971360 #971446 #971944 #971947 #971989 #973378 #974620 #974646 #974787 #975358 #976739 #976868 #978401 #978821 #978822 #979213 #979274 #979347 #979419 #979548 #979595 #979867 #979879 #979915 #980246 #980371 #980725 #980788 #980931 #981231 #981267 #982532 #982544 #982691 #983143 #983213 #983721 #984107 #984755 #986362 #986572 #988498 Cross-References: CVE-2015-7833 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2187 CVE-2016-3134 CVE-2016-3707 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: oxygen: add Xonar DGX support (bsc#982691). - Assign correct ->can_queue value in hv_storvsc (bnc#969391) - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.p atch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFS: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - NFSv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - NVMe: Unify controller probe and resume (bsc#979347). - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - hid-elo: kill not flush the work (bnc#982532). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipvs: count pre-established TCP states as active (bsc#970114). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-linux-kernel-12681=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-12681=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-57.1 kernel-rt-base-3.0.101.rt130-57.1 kernel-rt-devel-3.0.101.rt130-57.1 kernel-rt_trace-3.0.101.rt130-57.1 kernel-rt_trace-base-3.0.101.rt130-57.1 kernel-rt_trace-devel-3.0.101.rt130-57.1 kernel-source-rt-3.0.101.rt130-57.1 kernel-syms-rt-3.0.101.rt130-57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-57.1 kernel-rt-debugsource-3.0.101.rt130-57.1 kernel-rt_debug-debuginfo-3.0.101.rt130-57.1 kernel-rt_debug-debugsource-3.0.101.rt130-57.1 kernel-rt_trace-debuginfo-3.0.101.rt130-57.1 kernel-rt_trace-debugsource-3.0.101.rt130-57.1 References: https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3707.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/676471 https://bugzilla.suse.com/866130 https://bugzilla.suse.com/909589 https://bugzilla.suse.com/936530 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/953369 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/961518 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/967914 https://bugzilla.suse.com/968500 https://bugzilla.suse.com/969149 https://bugzilla.suse.com/969391 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/971030 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971446 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/974787 https://bugzilla.suse.com/975358 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979274 https://bugzilla.suse.com/979347 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979915 https://bugzilla.suse.com/980246 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/980788 https://bugzilla.suse.com/980931 https://bugzilla.suse.com/981231 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/982532 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982691 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/984107 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/988498 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1983-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 07 Aug '16

07 Aug '16

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1983-1 Rating: important References: #992305 #992309 #992310 #992311 #992313 #992314 #992315 #992319 #992320 Cross-References: CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: Chromium was updated to 52.0.2743.116 to fix the following security issues: (boo#992305) - CVE-2016-5141: Address bar spoofing (boo#992314) - CVE-2016-5142: Use-after-free in Blink (boo#992313) - CVE-2016-5139: Heap overflow in pdfium (boo#992311) - CVE-2016-5140: Heap overflow in pdfium (boo#992310) - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320) - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319) - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315) - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives (boo#992309) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2016-950=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-52.0.2743.116-92.1 chromium-52.0.2743.116-92.1 chromium-desktop-gnome-52.0.2743.116-92.1 chromium-desktop-kde-52.0.2743.116-92.1 chromium-ffmpegsumo-52.0.2743.116-92.1 References: https://www.suse.com/security/cve/CVE-2016-5139.html https://www.suse.com/security/cve/CVE-2016-5140.html https://www.suse.com/security/cve/CVE-2016-5141.html https://www.suse.com/security/cve/CVE-2016-5142.html https://www.suse.com/security/cve/CVE-2016-5143.html https://www.suse.com/security/cve/CVE-2016-5144.html https://www.suse.com/security/cve/CVE-2016-5145.html https://www.suse.com/security/cve/CVE-2016-5146.html https://bugzilla.suse.com/992305 https://bugzilla.suse.com/992309 https://bugzilla.suse.com/992310 https://bugzilla.suse.com/992311 https://bugzilla.suse.com/992313 https://bugzilla.suse.com/992314 https://bugzilla.suse.com/992315 https://bugzilla.suse.com/992319 https://bugzilla.suse.com/992320 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1982-1: important: Security update for Chromium
by opensuse-security＠opensuse.org 07 Aug '16

07 Aug '16

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1982-1 Rating: important References: #992305 #992309 #992310 #992311 #992313 #992314 #992315 #992319 #992320 Cross-References: CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: Chromium was updated to 52.0.2743.116 to fix the following security issues: (boo#992305) - CVE-2016-5141: Address bar spoofing (boo#992314) - CVE-2016-5142: Use-after-free in Blink (boo#992313) - CVE-2016-5139: Heap overflow in pdfium (boo#992311) - CVE-2016-5140: Heap overflow in pdfium (boo#992310) - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320) - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319) - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315) - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives (boo#992309) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-950=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-950=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (x86_64): chromedriver-52.0.2743.116-64.1 chromium-52.0.2743.116-64.1 chromium-desktop-gnome-52.0.2743.116-64.1 chromium-desktop-kde-52.0.2743.116-64.1 chromium-ffmpegsumo-52.0.2743.116-64.1 - openSUSE 13.2 (i586 x86_64): chromedriver-52.0.2743.116-114.1 chromium-52.0.2743.116-114.1 chromium-desktop-gnome-52.0.2743.116-114.1 chromium-desktop-kde-52.0.2743.116-114.1 chromium-ffmpegsumo-52.0.2743.116-114.1 References: https://www.suse.com/security/cve/CVE-2016-5139.html https://www.suse.com/security/cve/CVE-2016-5140.html https://www.suse.com/security/cve/CVE-2016-5141.html https://www.suse.com/security/cve/CVE-2016-5142.html https://www.suse.com/security/cve/CVE-2016-5143.html https://www.suse.com/security/cve/CVE-2016-5144.html https://www.suse.com/security/cve/CVE-2016-5145.html https://www.suse.com/security/cve/CVE-2016-5146.html https://bugzilla.suse.com/992305 https://bugzilla.suse.com/992309 https://bugzilla.suse.com/992310 https://bugzilla.suse.com/992311 https://bugzilla.suse.com/992313 https://bugzilla.suse.com/992314 https://bugzilla.suse.com/992315 https://bugzilla.suse.com/992319 https://bugzilla.suse.com/992320 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:1964-1: important: Security update for MozillaFirefox, mozilla-nss
by opensuse-security＠opensuse.org 04 Aug '16

04 Aug '16

openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1964-1 Rating: important References: #984126 #984403 #984637 #986541 #991809 Cross-References: CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation (e10s) is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The media parser has been redeveloped using the Rust programming language - better Canvas performance with speedy Skia support - Now requires NSS 3.24 The following security issues were fixed: (boo#991809) - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards - CVE-2016-2830: Favicon network connection can persist when page is closed - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 - CVE-2016-5251: Location bar spoofing via data URLs with malformed/invalid mediatypes - CVE-2016-5252: Stack underflow during 2D graphics rendering - CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library - CVE-2016-5254: Use-after-free when using alt key and toplevel menus - CVE-2016-5255: Crash in incremental garbage collection in JavaScript - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown - CVE-2016-5259: Use-after-free in service workers with nested sync events - CVE-2016-5260: Form input type change from password to text can store plain text password in session restore file - CVE-2016-5261: Integer overflow in WebSockets during data buffering - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback - CVE-2016-5263: Type confusion in display transformation - CVE-2016-5264: Use-after-free when applying SVG effects - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file - CVE-2016-5266: Information disclosure and local file manipulation through drag and drop - CVE-2016-5268: Spoofing attack through text injection into internal error pages - CVE-2016-5250: Information disclosure through Resource Timing API during page navigation The following non-security changes are included: - The AppData description and screenshots were updated. - Fix Firefox crash on startup on i586 (boo#986541) - The Selenium WebDriver may have caused Firefox to crash at startup - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - Fix running on 48bit va aarch64 (boo#984126) - fix XUL dialog button order under KDE session (boo#984403) Mozilla NSS was updated to 3.24 as a dependency. Changes in mozilla-nss: - NSS softoken updated with latest NIST guidance - NSS softoken updated to allow NSS to run in FIPS Level 1 (no password) - Various added and deprecated functions - Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. - Protect against the Cachebleed attack. - Disable support for DTLS compression. - Improve support for TLS 1.3. This includes support for DTLS 1.3. (experimental) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-937=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-937=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): MozillaFirefox-48.0-27.1 MozillaFirefox-branding-upstream-48.0-27.1 MozillaFirefox-buildsymbols-48.0-27.1 MozillaFirefox-debuginfo-48.0-27.1 MozillaFirefox-debugsource-48.0-27.1 MozillaFirefox-devel-48.0-27.1 MozillaFirefox-translations-common-48.0-27.1 MozillaFirefox-translations-other-48.0-27.1 libfreebl3-3.24-21.1 libfreebl3-debuginfo-3.24-21.1 libsoftokn3-3.24-21.1 libsoftokn3-debuginfo-3.24-21.1 mozilla-nss-3.24-21.1 mozilla-nss-certs-3.24-21.1 mozilla-nss-certs-debuginfo-3.24-21.1 mozilla-nss-debuginfo-3.24-21.1 mozilla-nss-debugsource-3.24-21.1 mozilla-nss-devel-3.24-21.1 mozilla-nss-sysinit-3.24-21.1 mozilla-nss-sysinit-debuginfo-3.24-21.1 mozilla-nss-tools-3.24-21.1 mozilla-nss-tools-debuginfo-3.24-21.1 - openSUSE Leap 42.1 (x86_64): libfreebl3-32bit-3.24-21.1 libfreebl3-debuginfo-32bit-3.24-21.1 libsoftokn3-32bit-3.24-21.1 libsoftokn3-debuginfo-32bit-3.24-21.1 mozilla-nss-32bit-3.24-21.1 mozilla-nss-certs-32bit-3.24-21.1 mozilla-nss-certs-debuginfo-32bit-3.24-21.1 mozilla-nss-debuginfo-32bit-3.24-21.1 mozilla-nss-sysinit-32bit-3.24-21.1 mozilla-nss-sysinit-debuginfo-32bit-3.24-21.1 - openSUSE 13.2 (i586 x86_64): MozillaFirefox-48.0-74.1 MozillaFirefox-branding-upstream-48.0-74.1 MozillaFirefox-buildsymbols-48.0-74.1 MozillaFirefox-debuginfo-48.0-74.1 MozillaFirefox-debugsource-48.0-74.1 MozillaFirefox-devel-48.0-74.1 MozillaFirefox-translations-common-48.0-74.1 MozillaFirefox-translations-other-48.0-74.1 libfreebl3-3.24-37.1 libfreebl3-debuginfo-3.24-37.1 libsoftokn3-3.24-37.1 libsoftokn3-debuginfo-3.24-37.1 mozilla-nss-3.24-37.1 mozilla-nss-certs-3.24-37.1 mozilla-nss-certs-debuginfo-3.24-37.1 mozilla-nss-debuginfo-3.24-37.1 mozilla-nss-debugsource-3.24-37.1 mozilla-nss-devel-3.24-37.1 mozilla-nss-sysinit-3.24-37.1 mozilla-nss-sysinit-debuginfo-3.24-37.1 mozilla-nss-tools-3.24-37.1 mozilla-nss-tools-debuginfo-3.24-37.1 - openSUSE 13.2 (x86_64): libfreebl3-32bit-3.24-37.1 libfreebl3-debuginfo-32bit-3.24-37.1 libsoftokn3-32bit-3.24-37.1 libsoftokn3-debuginfo-32bit-3.24-37.1 mozilla-nss-32bit-3.24-37.1 mozilla-nss-certs-32bit-3.24-37.1 mozilla-nss-certs-debuginfo-32bit-3.24-37.1 mozilla-nss-debuginfo-32bit-3.24-37.1 mozilla-nss-sysinit-32bit-3.24-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.24-37.1 References: https://www.suse.com/security/cve/CVE-2016-0718.html https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5250.html https://www.suse.com/security/cve/CVE-2016-5251.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5255.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5260.html https://www.suse.com/security/cve/CVE-2016-5261.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-5266.html https://www.suse.com/security/cve/CVE-2016-5268.html https://bugzilla.suse.com/984126 https://bugzilla.suse.com/984403 https://bugzilla.suse.com/984637 https://bugzilla.suse.com/986541 https://bugzilla.suse.com/991809 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1961-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1
by opensuse-security＠opensuse.org 04 Aug '16

04 Aug '16

SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1961-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11.1 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1157=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-5-14.2 kgraft-patch-3_12_49-11-xen-5-14.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1946-1: important: Security update for hawk2
by opensuse-security＠opensuse.org 03 Aug '16

03 Aug '16

SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1946-1 Rating: important References: #984619 #987696 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) The following non-security issue was fixed: - In the Wizards UI, prevent text display issues due to internationalization with certain strings (bsc#987696) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): hawk2-1.0.1+git.1456406635.49e230d-12.1 hawk2-debuginfo-1.0.1+git.1456406635.49e230d-12.1 hawk2-debugsource-1.0.1+git.1456406635.49e230d-12.1 References: https://bugzilla.suse.com/984619 https://bugzilla.suse.com/987696 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1939-1: important: Security update for bsdtar
by opensuse-security＠opensuse.org 02 Aug '16

02 Aug '16

SUSE Security Update: Security update for bsdtar ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1939-1 Rating: important References: #920870 #984990 #985609 #985669 #985675 #985682 #985698 Cross-References: CVE-2015-2304 CVE-2015-8918 CVE-2015-8920 CVE-2015-8921 CVE-2015-8924 CVE-2015-8929 CVE-2016-4809 Affected Products: SUSE Studio Onsite 1.3 SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-bsdtar-12672=1 - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bsdtar-12672=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bsdtar-12672=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bsdtar-12672=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bsdtar-12672=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bsdtar-12672=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bsdtar-12672=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bsdtar-12672=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bsdtar-12672=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bsdtar-12672=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libarchive-devel-2.5.5-9.1 - SUSE OpenStack Cloud 5 (x86_64): libarchive2-2.5.5-9.1 - SUSE Manager Proxy 2.1 (x86_64): libarchive2-2.5.5-9.1 - SUSE Manager 2.1 (s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libarchive-devel-2.5.5-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libarchive2-2.5.5-9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bsdtar-debuginfo-2.5.5-9.1 bsdtar-debugsource-2.5.5-9.1 References: https://www.suse.com/security/cve/CVE-2015-2304.html https://www.suse.com/security/cve/CVE-2015-8918.html https://www.suse.com/security/cve/CVE-2015-8920.html https://www.suse.com/security/cve/CVE-2015-8921.html https://www.suse.com/security/cve/CVE-2015-8924.html https://www.suse.com/security/cve/CVE-2015-8929.html https://www.suse.com/security/cve/CVE-2016-4809.html https://bugzilla.suse.com/920870 https://bugzilla.suse.com/984990 https://bugzilla.suse.com/985609 https://bugzilla.suse.com/985669 https://bugzilla.suse.com/985675 https://bugzilla.suse.com/985682 https://bugzilla.suse.com/985698 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:1937-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 02 Aug '16

02 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1937-1 Rating: important References: #662458 #676471 #897662 #928547 #944309 #945345 #947337 #950998 #951844 #953048 #953233 #954847 #956491 #957805 #957986 #957990 #958390 #958463 #960857 #962742 #962846 #963762 #964727 #965087 #966245 #967640 #968667 #969016 #970114 #970506 #970604 #970609 #970948 #971049 #971770 #971947 #972124 #972933 #973378 #973499 #973570 #974165 #974308 #974620 #974646 #974692 #975533 #975772 #975788 #976739 #976821 #976868 #977417 #977582 #977685 #978401 #978469 #978527 #978822 #979169 #979213 #979347 #979419 #979485 #979489 #979521 #979548 #979867 #979879 #979922 #980246 #980348 #980371 #980706 #981038 #981143 #981344 #982282 #982354 #982544 #982698 #983143 #983213 #983318 #983394 #983721 #983904 #983977 #984148 #984456 #984755 #985232 #985978 #986362 #986569 #986572 #986811 #988215 #988498 #988552 Cross-References: CVE-2014-9717 CVE-2014-9904 CVE-2015-7833 CVE-2015-8539 CVE-2015-8551 CVE-2015-8552 CVE-2015-8845 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2847 CVE-2016-3672 CVE-2016-3707 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-4997 CVE-2016-5244 CVE-2016-5828 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP1 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 76 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.61 to receive various security and bugfixes. Main feature additions: - Improved support for Clustered File System (CephFS, fate#318586). The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - Add wait_event_cmd() (bsc#953048). - Btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - Btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - Btrfs: do not return EBUSY on concurrent subvolume mounts (bsc#951844). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#977685). - Btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - Btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - CacheFiles: Fix incorrect test for in-memory object collision (bsc#971049). - CacheFiles: Handle object being killed before being set up (bsc#971049). - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521). - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521). - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521). - EDAC/sb_edac: Fix computation of channel address (bsc#979521). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - FS-Cache: Add missing initialization of ret in cachefiles_write_page() (bsc#971049). - FS-Cache: Count culled objects and objects rejected due to lack of space (bsc#971049). - FS-Cache: Fix cancellation of in-progress operation (bsc#971049). - FS-Cache: Handle a new operation submitted against a killed object (bsc#971049). - FS-Cache: Move fscache_report_unexpected_submission() to make it more available (bsc#971049). - FS-Cache: Out of line fscache_operation_init() (bsc#971049). - FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations too (bsc#971049). - FS-Cache: Put an aborted initialised op so that it is accounted correctly (bsc#971049). - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049). - FS-Cache: Synchronise object death state change vs operation submission (bsc#971049). - FS-Cache: The operation cancellation method needs calling in more places (bsc#971049). - FS-Cache: Timeout for releasepage() (bsc#971049). - FS-Cache: When submitting an op, cancel it if the target object is dying (bsc#971049). - FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - Fix kabi issue (bsc#971049). - Input: i8042 - lower log level for "no controller" message (bsc#945345). - KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - NVMe: Unify controller probe and resume (bsc#979347). - NVMe: init nvme queue before enabling irq (bsc#662458). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Revert "scsi: fix soft lockup in scsi_remove_target() on module removal" (bsc#970609). - SCSI: Increase REPORT_LUNS timeout (bsc#982282). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570). - Use mainline variant of hyperv KVP IP failover patch (bnc#978527) - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417). - Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - base: make module_create_drivers_dir race-free (bnc#983977). - block: do not check request size in blk_cloned_rq_check_limits() (bsc#972124). - cachefiles: perform test on s_blocksize when opening cache file (bsc#971049). - cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552). - ceph fscache: Introduce a routine for uncaching single no data page from fscache. - ceph fscache: Uncaching no data page from fscache in readpage(). - ceph: Asynchronous IO support. - ceph: Avoid to propagate the invalid page point. - ceph: Clean up if error occurred in finish_read(). - ceph: EIO all operations after forced umount. - ceph: Implement writev/pwritev for sync operation. - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: add acl for cephfs. - ceph: add acl, noacl options for cephfs mount. - ceph: add get_name() NFS export callback. - ceph: add get_parent() NFS export callback. - ceph: add imported caps when handling cap export message. - ceph: add inline data to pagecache. - ceph: add missing init_acl() for mkdir() and atomic_open(). - ceph: add open export target session helper. - ceph: add request to i_unsafe_dirops when getting unsafe reply. - ceph: additional debugfs output. - ceph: always re-send cap flushes when MDS recovers. - ceph: avoid block operation when !TASK_RUNNING (ceph_get_caps). - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_close_sessions). - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_sync). - ceph: avoid releasing caps that are being used. - ceph: avoid sending unnessesary FLUSHSNAP message. - ceph: avoid useless ceph_get_dentry_parent_inode() in ceph_rename(). - ceph: cast PAGE_SIZE to size_t in ceph_sync_write(). - ceph: ceph_frag_contains_value can be boolean. - ceph: ceph_get_parent() can be static. - ceph: check OSD caps before read/write. - ceph: check buffer size in ceph_vxattrcb_layout(). - ceph: check caps in filemap_fault and page_mkwrite. - ceph: check directory's completeness before emitting directory entry. - ceph: check inode caps in ceph_d_revalidate. - ceph: check unsupported fallocate mode. - ceph: check zero length in ceph_sync_read(). - ceph: checking for IS_ERR instead of NULL. - ceph: cleanup unsafe requests when reconnecting is denied. - ceph: cleanup use of ceph_msg_get. - ceph: clear directory's completeness when creating file. - ceph: convert inline data to normal data before data write. - ceph: do not assume r_old_dentry[_dir] always set together. - ceph: do not chain inode updates to parent fsync. - ceph: do not grabs open file reference for aborted request. - ceph: do not include ceph.{file,dir}.layout vxattr in listxattr(). - ceph: do not include used caps in cap_wanted. - ceph: do not invalidate page cache when inode is no longer used. - ceph: do not mark dirty caps when there is no auth cap. - ceph: do not pre-allocate space for cap release messages. - ceph: do not set r_old_dentry_dir on link(). - ceph: do not trim auth cap when there are cap snaps. - ceph: do not zero i_wrbuffer_ref when reconnecting is denied. - ceph: drop cap releases in requests composed before cap reconnect. - ceph: drop extra open file reference in ceph_atomic_open(). - ceph: drop unconnected inodes. - ceph: exclude setfilelock requests when calculating oldest tid. - ceph: export ceph_session_state_name function. - ceph: fetch inline data when getting Fcr cap refs. - ceph: fix __dcache_readdir(). - ceph: fix a comment typo. - ceph: fix append mode write. - ceph: fix atomic_open snapdir. - ceph: fix bool assignments. - ceph: fix cache revoke race. - ceph: fix ceph_dir_llseek(). - ceph: fix ceph_fh_to_parent(). - ceph: fix ceph_removexattr(). - ceph: fix ceph_set_acl(). - ceph: fix ceph_writepages_start(). - ceph: fix dcache/nocache mount option. - ceph: fix dentry leaks. - ceph: fix directory fsync. - ceph: fix divide-by-zero in __validate_layout(). - ceph: fix double page_unlock() in page_mkwrite(). - ceph: fix dout() compile warnings in ceph_filemap_fault(). - ceph: fix file lock interruption. - ceph: fix flush tid comparision. - ceph: fix flushing caps. - ceph: fix llistxattr on symlink. - ceph: fix message length computation. - ceph: fix mksnap crash. - ceph: fix null pointer dereference in send_mds_reconnect(). - ceph: fix pr_fmt() redefinition. - ceph: fix queuing inode to mdsdir's snaprealm. - ceph: fix reading inline data when i_size greater than PAGE_SIZE. - ceph: fix request time stamp encoding. - ceph: fix reset_readdir(). - ceph: fix setting empty extended attribute. - ceph: fix sizeof(struct tYpO *) typo. - ceph: fix snap context leak in error path. - ceph: fix trim caps. - ceph: fix uninline data function. - ceph: flush cap release queue when trimming session caps. - ceph: flush inline version. - ceph: forbid mandatory file lock. - ceph: fscache: Update object store limit after file writing. - ceph: fscache: Wait for completion of object initialization. - ceph: fscache: add an interface to synchronize object store limit. - ceph: get inode size for each append write. - ceph: handle -ESTALE reply. - ceph: handle SESSION_FORCE_RO message. - ceph: handle cap export race in try_flush_caps(). - ceph: handle cap import atomically. - ceph: handle frag mismatch between readdir request and reply. - ceph: handle race between cap reconnect and cap release. - ceph: handle session flush message. - ceph: hold on to exclusive caps on complete directories. - ceph: implement readv/preadv for sync operation. - ceph: improve readahead for file holes. - ceph: improve reference tracking for snaprealm. - ceph: include time stamp in every MDS request. - ceph: include time stamp in replayed MDS requests. - ceph: initial CEPH_FEATURE_FS_FILE_LAYOUT_V2 support. - ceph: initialize inode before instantiating dentry. - ceph: introduce a new inode flag indicating if cached dentries are ordered. - ceph: introduce ceph_fill_fragtree(). - ceph: introduce global empty snap context. - ceph: invalidate dirty pages after forced umount. - ceph: keep i_snap_realm while there are writers. - ceph: kstrdup() memory handling. - ceph: let MDS adjust readdir 'frag'. - ceph: make ceph_forget_all_cached_acls() static inline. - ceph: make fsync() wait unsafe requests that created/modified inode. - ceph: make sure syncfs flushes all cap snaps. - ceph: make sure write caps are registered with auth MDS. - ceph: match wait_for_completion_timeout return type. - ceph: message versioning fixes. - ceph: move ceph_find_inode() outside the s_mutex. - ceph: move spinlocking into ceph_encode_locks_to_buffer and ceph_count_locks. - ceph: no need to get parent inode in ceph_open. - ceph: parse inline data in MClientReply and MClientCaps. - ceph: pre-allocate ceph_cap struct for ceph_add_cap(). - ceph: pre-allocate data structure that tracks caps flushing. - ceph: preallocate buffer for readdir reply. - ceph: print inode number for LOOKUPINO request. - ceph: properly apply umask when ACL is enabled. - ceph: properly handle XATTR_CREATE and XATTR_REPLACE. - ceph: properly mark empty directory as complete. - ceph: properly release page upon error. - ceph: properly zero data pages for file holes. - ceph: provide seperate {inode,file}_operations for snapdir. - ceph: queue cap release in __ceph_remove_cap(). - ceph: queue vmtruncate if necessary when handing cap grant/revoke. - ceph: ratelimit warn messages for MDS closes session. - ceph: re-send AIO write request when getting -EOLDSNAP error. - ceph: re-send flushing caps (which are revoked) in reconnect stage. - ceph: re-send requests when MDS enters reconnecting stage. - ceph: refactor readpage_nounlock() to make the logic clearer. - ceph: remember subtree root dirfrag's auth MDS. - ceph: remove exported caps when handling cap import message. - ceph: remove outdated frag information. - ceph: remove redundant code for max file size verification. - ceph: remove redundant declaration. - ceph: remove redundant memset(0). - ceph: remove redundant test of head->safe and silence static analysis warnings. - ceph: remove the useless judgement. - ceph: remove unused functions in ceph_frag.h. - ceph: remove unused stringification macros. - ceph: remove useless ACL check. - ceph: remove xattr when null value is given to setxattr(). - ceph: rename snapshot support. - ceph: replace comma with a semicolon. - ceph: request xattrs if xattr_version is zero. - ceph: reserve caps for file layout/lock MDS requests. - ceph: reset r_resend_mds after receiving -ESTALE. - ceph: return error for traceless reply race. - ceph: rework dcache readdir. - ceph: send TID of the oldest pending caps flush to MDS. - ceph: send client metadata to MDS. - ceph: set caps count after composing cap reconnect message. - ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference. - ceph: set mds_wanted when MDS reply changes a cap to auth cap. - ceph: show nocephx_require_signatures and notcp_nodelay options. - ceph: show non-default options only. - ceph: simplify ceph_fh_to_dentry(). - ceph: simplify two mount_timeout sites. - ceph: skip invalid dentry during dcache readdir. - ceph: support inline data feature. - ceph: switch some GFP_NOFS memory allocation to GFP_KERNEL. - ceph: sync read inline data. - ceph: take snap_rwsem when accessing snap realm's cached_context. - ceph: tolerate bad i_size for symlink inode (bsc#985232). - ceph: track pending caps flushing accurately. - ceph: track pending caps flushing globally. - ceph: trim unused inodes before reconnecting to recovering MDS. - ceph: trivial comment fix. - ceph: update i_max_size even if inode version does not change. - ceph: update inode fields according to issued caps. - ceph: use %zu for len in ceph_fill_inline_data(). - ceph: use ceph_seq_cmp() to compare migrate_seq. - ceph: use empty snap context for uninline_data and get_pool_perm. - ceph: use fl->fl_file as owner identifier of flock and posix lock. - ceph: use fl->fl_type to decide flock operation. - ceph: use fpos_cmp() to compare dentry positions. - ceph: use getattr request to fetch inline data. - ceph: use i_size_{read,write} to get/set i_size. - ceph: use msecs_to_jiffies for time conversion. - ceph: use pagelist to present MDS request data. - ceph: use truncate_pagecache() instead of truncate_inode_pages(). - ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure. - client: include kernel version in client metadata. - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - crush: add chooseleaf_stable tunable. - crush: decode and initialize chooseleaf_stable. - crush: ensure bucket id is valid before indexing buckets array. - crush: ensure take bucket value is valid. - crush: fix crash from invalid 'take' argument. - crush: sync up with userspace. - crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode (bsc#958390). - crypto: testmgr - mark authenticated ctr(aes) also as FIPS able (bsc#958390). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screen_info struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - fs/ceph/debugfs.c: replace seq_printf by seq_puts. - fs/ceph: replace pr_warning by pr_warn. - hid-elo: kill not flush the work (bnc#982354). - hv: util: Pass the channel information during the init call (bnc#978527). - hv: utils: Invoke the poll function after handshake (bnc#978527). - hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read(). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes (bnc#979922, LTC#141736). - kabi/severities: Allow changes in zpci_* symbols (bsc#974692) - kabi/severities: Whitelist libceph and rbd (bsc#964727). - kabi/severities: Whitelist libceph and rbd. - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846). - kgraft/gfs2: Do not block livepatching in the log daemon for too long. - kgraft/xen: Do not block livepatching in the XEN blkif kthread. - libceph: Avoid holding the zero page on ceph_msgr_slab_init errors. - libceph: Fix ceph_tcp_sendpage()'s more boolean usage. - libceph: MOSDOpReply v7 encoding. - libceph: Remove spurious kunmap() of the zero page. - libceph: a couple tweaks for wait loops. - libceph: add nocephx_sign_messages option. - libceph: advertise support for TUNABLES5. - libceph: advertise support for keepalive2. - libceph: allow setting osd_req_op's flags. - libceph: check data_len in ->alloc_msg(). - libceph: clear messenger auth_retry flag if we fault. - libceph: clear msg->con in ceph_msg_release() only. - libceph: do not access invalid memory in keepalive2 path. - libceph: do not spam dmesg with stray reply warnings. - libceph: drop authorizer check from cephx msg signing routines. - libceph: evaluate osd_req_op_data() arguments only once. - libceph: fix authorizer invalidation, take 2. - libceph: fix ceph_msg_revoke(). - libceph: fix wrong name "Ceph filesystem for Linux". - libceph: handle writefull for OSD op extent init (bsc#980706). - libceph: introduce ceph_x_authorizer_cleanup(). - libceph: invalidate AUTH in addition to a service ticket. - libceph: kill off ceph_x_ticket_handler::validity. - libceph: move ceph_file_layout helpers to ceph_fs.h. - libceph: msg signing callouts do not need con argument. - libceph: nuke time_sub(). - libceph: properly release STAT request's raw_data_in. - libceph: remove con argument in handle_reply(). - libceph: remove outdated comment. - libceph: remove the unused macro AES_KEY_SIZE. - libceph: rename con_work() to ceph_con_workfn(). - libceph: set 'exists' flag for newly up osd. - libceph: stop duplicating client fields in messenger. - libceph: store timeouts in jiffies, verify user input. - libceph: treat sockaddr_storage with uninitialized family as blank. - libceph: use keepalive2 to verify the mon session is alive. - libceph: use list_for_each_entry_safe. - libceph: use list_next_entry instead of list_entry_next. - libceph: use local variable cursor instead of msg->cursor. - libceph: use the right footer size when skipping a message. - libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846). - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE. - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048). - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048). - md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048). - md/raid5: change ->>inactive_blocked to a bit-flag (bsc#953048). - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripe_head management. - md/raid5: consider updating reshape_position at start of reshape (bsc#953048). - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048). - md/raid5: do not let shrink_slab shrink too far (bsc#953048). - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix init_stripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048). - md/raid5: fix newly-broken locking in get_active_stripe. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore released_stripes check (bsc#953048). - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048). - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048). - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048). - md/raid5: need_this_block: tidy/fix last condition (bsc#953048). - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048). - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048). - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list. - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048). - md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048). - md/raid5: separate large if clause out of fetch_block() (bsc#953048). - md/raid5: separate out the easy conditions in need_this_block (bsc#953048). - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048). - md/raid5: strengthen check on reshape_position at run (bsc#953048). - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md/raid5: use bio_list for the list of bios to return (bsc#953048). - md: be careful when testing resync_max against curr_resync_completed (bsc#953048). - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048). - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048). - mds: check cap ID when handling cap export message. - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mmc: sdhci: Allow for irq being shared (bnc#977582). - mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (bsc#967640). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - net: fix wrong mac_len calculation for vlans (bsc#968667). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: do not poll the CQ from the kthread (bsc#975788, bsc#965087). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel (bsc@976821). - powerpc/book3s64: Remove __end_handlers marker (bsc#976821). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: Retry R5_ReadNoMerge flag when hit a read error. - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: batch adjacent full stripe write (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - raid5: check_reshape() shouldn't call mddev_suspend (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: get_active_stripe avoids device_lock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: make_request does less prepare wait. - raid5: relieve lock contention in get_active_stripe(). - raid5: relieve lock contention in get_active_stripe(). - raid5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - raid5: speedup sync_request processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flex_array for scribble data (bsc#953048). - rbd: bump queue_max_segments. - rbd: delete an unnecessary check before rbd_dev_destroy(). - rbd: do not free rbd_dev outside of the release callback. - rbd: do not put snap_context twice in rbd_queue_workfn(). - rbd: drop null test before destroy functions. - rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394). - rbd: plug rbd_dev->header.object_prefix memory leak. - rbd: rbd_wq comment is obsolete. - rbd: remove duplicate calls to rbd_dev_mapping_clear(). - rbd: report unsupported features to syslog (bsc#979169). - rbd: return -ENOMEM instead of pool id if rbd_dev_create() fails. - rbd: set device_type::release instead of device::release. - rbd: set max_sectors explicitly. - rbd: store rbd_options in rbd_device. - rbd: terminate rbd_opts_tokens with Opt_err. - rbd: timeout watch teardown on unmap with mount_timeout. - rbd: use writefull op for object size writes. - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c. - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/pci: add extra padding to function measurement block (bnc#974692, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#974692, LTC#139445). - s390/pci: extract software counters from fmb (bnc#974692, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#974692, LTC#139444). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#974692, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#974692, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#974692, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#974692, LTC#139442). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138). - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sb_edac: Fix support for systems with two home agents per socket (bsc#979521). - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521). - sb_edac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - scsi-bnx2fc-handle_scsi_retry_delay - scsi-bnx2fc-soft_lockup_when_rmmod - scsi: Avoid crashing if device uses DIX but adapter does not support it (bsc#969016). - sd: get disk reference in sd_check_events() (bnc#897662). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - vgaarb: Add more context to error messages (bsc#976868). - wait: introduce wait_event_exclusive_cmd (bsc#953048). - x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521). - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: standardize mmap_rnd() usage (bnc#974308). - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2016-1133=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): kernel-compute-3.12.61-60.18.1 kernel-compute-base-3.12.61-60.18.1 kernel-compute-base-debuginfo-3.12.61-60.18.1 kernel-compute-debuginfo-3.12.61-60.18.1 kernel-compute-debugsource-3.12.61-60.18.1 kernel-compute-devel-3.12.61-60.18.1 kernel-compute_debug-debuginfo-3.12.61-60.18.1 kernel-compute_debug-debugsource-3.12.61-60.18.1 kernel-compute_debug-devel-3.12.61-60.18.1 kernel-compute_debug-devel-debuginfo-3.12.61-60.18.1 kernel-rt-3.12.61-60.18.1 kernel-rt-base-3.12.61-60.18.1 kernel-rt-base-debuginfo-3.12.61-60.18.1 kernel-rt-debuginfo-3.12.61-60.18.1 kernel-rt-debugsource-3.12.61-60.18.1 kernel-rt-devel-3.12.61-60.18.1 kernel-rt_debug-debuginfo-3.12.61-60.18.1 kernel-rt_debug-debugsource-3.12.61-60.18.1 kernel-rt_debug-devel-3.12.61-60.18.1 kernel-rt_debug-devel-debuginfo-3.12.61-60.18.1 kernel-syms-rt-3.12.61-60.18.1 - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch): kernel-devel-rt-3.12.61-60.18.1 kernel-source-rt-3.12.61-60.18.1 References: https://www.suse.com/security/cve/CVE-2014-9717.html https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-3707.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/662458 https://bugzilla.suse.com/676471 https://bugzilla.suse.com/897662 https://bugzilla.suse.com/928547 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/945345 https://bugzilla.suse.com/947337 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953048 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957805 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958390 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/962742 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/964727 https://bugzilla.suse.com/965087 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/967640 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/969016 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/970604 https://bugzilla.suse.com/970609 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/971049 https://bugzilla.suse.com/971770 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/972124 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973499 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/974692 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975788 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976821 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/977582 https://bugzilla.suse.com/977685 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978527 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979169 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979347 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979489 https://bugzilla.suse.com/979521 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979922 https://bugzilla.suse.com/980246 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980706 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983394 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984456 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/988215 https://bugzilla.suse.com/988498 https://bugzilla.suse.com/988552 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0