openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
February 2017
- 1 participants
- 49 discussions
[security-announce] SUSE-SU-2017:0582-1: important: Security update for xen
by opensuse-security@opensuse.org 01 Mar '17
by opensuse-security@opensuse.org 01 Mar '17
01 Mar '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0582-1
Rating: important
References: #1000195 #1002496 #1013657 #1013668 #1014490
#1014507 #1015169 #1016340 #1022627 #1022871
#1023004 #1024183 #1024186 #1024307 #1024834
#1025188 #907805
Cross-References: CVE-2014-8106 CVE-2016-10155 CVE-2016-9101
CVE-2016-9776 CVE-2016-9907 CVE-2016-9911
CVE-2016-9921 CVE-2016-9922 CVE-2017-2615
CVE-2017-2620 CVE-2017-5579 CVE-2017-5856
CVE-2017-5898 CVE-2017-5973
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________
An update that solves 14 vulnerabilities and has three
fixes is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2017-5973: A infinite loop while doing control transfer in
xhci_kick_epctx allowed privileged user inside the guest to crash the
host process resulting in DoS (bsc#1025188)
- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was
vulnerable to a memory leakage issue allowing a privileged user to cause
a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)
- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo failed to check the memory region, allowing for
an out-of-bounds write that allows for privilege escalation (bsc#1024834)
- CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation
support was vulnerable to a memory leakage issue allowing a privileged
user to leak host memory resulting in DoS (bsc#1024186)
- CVE-2017-5898: The CCID Card device emulator support was vulnerable to
an integer overflow flaw allowing a privileged user to crash the Qemu
process on the host resulting in DoS (bsc#1024307)
- CVE-2017-2615: An error in the bitblt copy operation could have allowed
a malicious guest administrator to cause an out of bounds memory access,
possibly leading to information disclosure or privilege escalation
(bsc#1023004)
- CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator
allowed local guest users to execute arbitrary code via vectors related
to blit regions (bsc#907805).
- A malicious guest could have, by frequently rebooting over extended
periods of time, run the host system out of memory, resulting in a
Denial of Service (DoS) (bsc#1022871)
- CVE-2017-5579: The 16550A UART serial device emulation support was
vulnerable to a memory leakage issue allowing a privileged user to cause
a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)
- CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a
memory leakage flaw when destroying the USB redirector in
'usbredir_handle_destroy'. A guest user/process could have used this
issue to leak host memory, resulting in DoS for a host (bsc#1014490)
- CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory
leakage issue while processing packet data in 'ehci_init_transfer'. A
guest user/process could have used this issue to leak host memory,
resulting in DoS for the host (bsc#1014507)
- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1015169)
- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1015169)
- CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS
administrators to cause a denial of service (memory consumption and QEMU
process crash) by repeatedly unplugging an i8255x (PRO100) NIC device
(bsc#1013668)
- CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support
was vulnerable to an infinite loop issue while receiving packets in
'mcf_fec_receive'. A privileged user/process inside guest could have
used this issue to crash the Qemu process on the host leading to DoS
(bsc#1013657)
These non-security issues were fixed:
- bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3
- bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 12:
zypper in -t patch SUSE-SLE-SAP-12-2017-299=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-299=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server for SAP 12 (x86_64):
xen-4.4.4_14-22.33.1
xen-debugsource-4.4.4_14-22.33.1
xen-doc-html-4.4.4_14-22.33.1
xen-kmp-default-4.4.4_14_k3.12.61_52.66-22.33.1
xen-kmp-default-debuginfo-4.4.4_14_k3.12.61_52.66-22.33.1
xen-libs-32bit-4.4.4_14-22.33.1
xen-libs-4.4.4_14-22.33.1
xen-libs-debuginfo-32bit-4.4.4_14-22.33.1
xen-libs-debuginfo-4.4.4_14-22.33.1
xen-tools-4.4.4_14-22.33.1
xen-tools-debuginfo-4.4.4_14-22.33.1
xen-tools-domU-4.4.4_14-22.33.1
xen-tools-domU-debuginfo-4.4.4_14-22.33.1
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
xen-4.4.4_14-22.33.1
xen-debugsource-4.4.4_14-22.33.1
xen-doc-html-4.4.4_14-22.33.1
xen-kmp-default-4.4.4_14_k3.12.61_52.66-22.33.1
xen-kmp-default-debuginfo-4.4.4_14_k3.12.61_52.66-22.33.1
xen-libs-32bit-4.4.4_14-22.33.1
xen-libs-4.4.4_14-22.33.1
xen-libs-debuginfo-32bit-4.4.4_14-22.33.1
xen-libs-debuginfo-4.4.4_14-22.33.1
xen-tools-4.4.4_14-22.33.1
xen-tools-debuginfo-4.4.4_14-22.33.1
xen-tools-domU-4.4.4_14-22.33.1
xen-tools-domU-debuginfo-4.4.4_14-22.33.1
References:
https://www.suse.com/security/cve/CVE-2014-8106.html
https://www.suse.com/security/cve/CVE-2016-10155.html
https://www.suse.com/security/cve/CVE-2016-9101.html
https://www.suse.com/security/cve/CVE-2016-9776.html
https://www.suse.com/security/cve/CVE-2016-9907.html
https://www.suse.com/security/cve/CVE-2016-9911.html
https://www.suse.com/security/cve/CVE-2016-9921.html
https://www.suse.com/security/cve/CVE-2016-9922.html
https://www.suse.com/security/cve/CVE-2017-2615.html
https://www.suse.com/security/cve/CVE-2017-2620.html
https://www.suse.com/security/cve/CVE-2017-5579.html
https://www.suse.com/security/cve/CVE-2017-5856.html
https://www.suse.com/security/cve/CVE-2017-5898.html
https://www.suse.com/security/cve/CVE-2017-5973.html
https://bugzilla.suse.com/1000195
https://bugzilla.suse.com/1002496
https://bugzilla.suse.com/1013657
https://bugzilla.suse.com/1013668
https://bugzilla.suse.com/1014490
https://bugzilla.suse.com/1014507
https://bugzilla.suse.com/1015169
https://bugzilla.suse.com/1016340
https://bugzilla.suse.com/1022627
https://bugzilla.suse.com/1022871
https://bugzilla.suse.com/1023004
https://bugzilla.suse.com/1024183
https://bugzilla.suse.com/1024186
https://bugzilla.suse.com/1024307
https://bugzilla.suse.com/1024834
https://bugzilla.suse.com/1025188
https://bugzilla.suse.com/907805
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0575-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 01 Mar '17
by opensuse-security@opensuse.org 01 Mar '17
01 Mar '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0575-1
Rating: important
References: #1000092 #1000619 #1003077 #1005918 #1006469
#1006472 #1007729 #1008742 #1009546 #1009674
#1009718 #1009911 #1010612 #1010690 #1010933
#1011176 #1011602 #1011660 #1011913 #1012382
#1012422 #1012829 #1012910 #1013000 #1013001
#1013273 #1013540 #1013792 #1013994 #1014120
#1014410 #1015038 #1015367 #1015840 #1016250
#1016403 #1016517 #1016884 #1016979 #1017164
#1017170 #1017410 #1018100 #1018316 #1018358
#1018446 #1018813 #1018913 #1019061 #1019148
#1019168 #1019260 #1019351 #1019594 #1019630
#1019631 #1019784 #1019851 #1020048 #1020214
#1020488 #1020602 #1020685 #1020817 #1020945
#1020975 #1021082 #1021248 #1021251 #1021258
#1021260 #1021294 #1021455 #1021474 #1022304
#1022429 #1022476 #1022547 #1022559 #1022971
#1023101 #1023175 #1023762 #1023884 #1023888
#1024081 #1024234 #1024508 #1024938 #1025235
#921494 #959709 #964944 #969476 #969477 #969479
#971975 #974215 #981709 #982783 #985561 #987192
#987576 #989056 #991273 #998106
Cross-References: CVE-2015-8709 CVE-2016-7117 CVE-2016-9806
CVE-2017-2583 CVE-2017-2584 CVE-2017-5551
CVE-2017-5576 CVE-2017-5577 CVE-2017-5897
CVE-2017-5970 CVE-2017-5986
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise High Availability 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 95 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
function in net/socket.c in the Linux kernel allowed remote attackers to
execute arbitrary code via vectors involving a recvmmsg system call that
was mishandled during error processing (bnc#1003077).
- CVE-2017-5576: Integer overflow in the vc4_get_bcl function in
drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux
kernel allowed local users to cause a denial of service or possibly have
unspecified
other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call
(bnc#1021294).
- CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c
in the VideoCore DRM driver in the Linux kernel did not set an errno
value upon certain overflow detections, which allowed local users to
cause a denial of service (incorrect pointer dereference and OOPS) via
inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294).
- CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the
Linux kernel preserved the setgid bit during a setxattr call involving a
tmpfs filesystem, which allowed local users to gain group privileges by
leveraging the existence of a setgid program with restrictions on
execute permissions. (bnc#1021258).
- CVE-2017-2583: The load_segment_descriptor implementation in
arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a "MOV
SS, NULL selector" instruction, which allowed guest OS users to cause a
denial of service (guest OS crash) or gain guest OS privileges via a
crafted application (bnc#1020602).
- CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory or cause a
denial of service (use-after-free) via a crafted application that
leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt
(bnc#1019851).
- CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and
gid mappings, which allowed local users to gain privileges by
establishing a user namespace, waiting for a root process to enter that
namespace with an unsafe uid or gid, and then using the ptrace system
call. NOTE: the vendor states "there is no kernel bug here"
(bnc#1010933).
- CVE-2016-9806: Race condition in the netlink_dump function in
net/netlink/af_netlink.c in the Linux kernel allowed local users to
cause a denial of service (double free) or possibly have unspecified
other impact via a crafted application that made sendmsg system calls,
leading to a free
operation associated with a new dump that started earlier than
anticipated (bnc#1013540).
- CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which
allowed remote attackers to trigger an out-of-bounds access, leading to
a denial-of-service attack (bnc#1023762).
- CVE-2017-5970: Fixed a possible denial-of-service that could have been
triggered by sending bad IP options on a socket (bsc#1024938).
- CVE-2017-5986: an application could have triggered a BUG_ON() in
sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was
waiting
on it to queue more data, and meanwhile another thread peeled off the
association being used by the first thread (bsc#1025235).
The following non-security bugs were fixed:
- 8250: fintek: rename IRQ_MODE macro (boo#1009546).
- acpi: nfit, libnvdimm: fix / harden ars_status output length handling
(bsc#1023175).
- acpi: nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).
- acpi: nfit: validate ars_status output buffer size (bsc#1023175).
- arm64: numa: fix incorrect log for memory-less node (bsc#1019631).
- asoc: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).
- asoc: rt5670: add HS ground control (bsc#1016250).
- bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).
- bcache: partition support: add 16 minors per bcacheN device
(bsc#1019784).
- blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).
- blk-mq: Always schedule hctx->next_cpu (bsc#1020817).
- blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).
- blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).
- blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).
- blk-mq: improve warning for running a queue on the wrong CPU
(bsc#1020817).
- block: Change extern inline to static inline (bsc#1023175).
- bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).
- bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
- brcmfmac: Change error print on wlan0 existence (bsc#1000092).
- btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).
- btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in
btrfs_ioctl (bsc#1018100).
- btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
(bsc#1018100).
- btrfs: fix inode leak on failure to setup whiteout inode in rename
(bsc#1020975).
- btrfs: fix lockdep warning about log_mutex (bsc#1021455).
- btrfs: fix lockdep warning on deadlock against an inode's log mutex
(bsc#1021455).
- btrfs: fix number of transaction units for renames with whiteout
(bsc#1020975).
- btrfs: increment ctx->pos for every emitted or skipped dirent in readdir
(bsc#981709).
- btrfs: incremental send, fix invalid paths for rename operations
(bsc#1018316).
- btrfs: incremental send, fix premature rmdir operations (bsc#1018316).
- btrfs: pin log earlier when renaming (bsc#1020975).
- btrfs: pin logs earlier when doing a rename exchange operation
(bsc#1020975).
- btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
(bsc#981709).
- btrfs: send, add missing error check for calls to path_loop()
(bsc#1018316).
- btrfs: send, avoid incorrect leaf accesses when sending utimes
operations (bsc#1018316).
- btrfs: send, fix failure to move directories with the same name around
(bsc#1018316).
- btrfs: send, fix invalid leaf accesses due to incorrect utimes
operations (bsc#1018316).
- btrfs: send, fix warning due to late freeing of orphan_dir_info
structures (bsc#1018316).
- btrfs: test_check_exists: Fix infinite loop when searching for free
space entries (bsc#987192).
- btrfs: unpin log if rename operation fails (bsc#1020975).
- btrfs: unpin logs if rename exchange operation fails (bsc#1020975).
- ceph: fix bad endianness handling in parse_reply_info_extra
(bsc#1020488).
- clk: xgene: Add PMD clock (bsc#1019351).
- clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).
- clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).
- config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)
- config: enable Ceph kernel client modules for ppc64le
- config: enable Ceph kernel client modules for s390x
- crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).
- crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).
- crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).
- crypto: qat - fix bar discovery for c62x (bsc#1021251).
- crypto: qat - zero esram only for DH85x devices (bsc#1021248).
- crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913).
- crypto: xts - consolidate sanity check for keys (bsc#1018913).
- crypto: xts - fix compile errors (bsc#1018913).
- cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).
- dax: fix deadlock with DAX 4k holes (bsc#1012829).
- dax: fix device-dax region base (bsc#1023175).
- device-dax: check devm_nsio_enable() return value (bsc#1023175).
- device-dax: fail all private mapping attempts (bsc#1023175).
- device-dax: fix percpu_ref_exit ordering (bsc#1023175).
- driver core: fix race between creating/querying glue dir and its cleanup
(bnc#1008742).
- drivers: hv: Introduce a policy for controlling channel affinity.
- drivers: hv: balloon: Add logging for dynamic memory operations.
- drivers: hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not
set.
- drivers: hv: balloon: Fix info request to show max page count.
- drivers: hv: balloon: Use available memory value in pressure report.
- drivers: hv: balloon: account for gaps in hot add regions.
- drivers: hv: balloon: keep track of where ha_region starts.
- drivers: hv: balloon: replace ha_region_mutex with spinlock.
- drivers: hv: cleanup vmbus_open() for wrap around mappings.
- drivers: hv: do not leak memory in vmbus_establish_gpadl().
- drivers: hv: get rid of id in struct vmbus_channel.
- drivers: hv: get rid of redundant messagecount in create_gpadl_header().
- drivers: hv: get rid of timeout in vmbus_open().
- drivers: hv: make VMBus bus ids persistent.
- drivers: hv: ring_buffer: count on wrap around mappings in
get_next_pkt_raw() (v2).
- drivers: hv: ring_buffer: use wrap around mappings in hv_copy{from,
to}_ringbuffer().
- drivers: hv: ring_buffer: wrap around mappings for ring buffers.
- drivers: hv: utils: Check VSS daemon is listening before a hot backup.
- drivers: hv: utils: Continue to poll VSS channel after handling requests.
- drivers: hv: utils: Fix the mapping between host version and protocol to
use.
- drivers: hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout.
- drivers: hv: vmbus: Base host signaling strictly on the ring state.
- drivers: hv: vmbus: Enable explicit signaling policy for NIC channels.
- drivers: hv: vmbus: Implement a mechanism to tag the channel for low
latency.
- drivers: hv: vmbus: Make mmio resource local.
- drivers: hv: vmbus: On the read path cleanup the logic to interrupt the
host.
- drivers: hv: vmbus: On write cleanup the logic to interrupt the host.
- drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg().
- drivers: hv: vmbus: finally fix hv_need_to_signal_on_read().
- drivers: hv: vmbus: fix the race when querying and updating the percpu
list.
- drivers: hv: vmbus: suppress some "hv_vmbus: Unknown GUID" warnings.
- drivers: hv: vss: Improve log messages.
- drivers: hv: vss: Operation timeouts should match host expectation.
- drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).
- drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).
- drivers: net: xgene: Add change_mtu function (bsc#1019351).
- drivers: net: xgene: Add flow control configuration (bsc#1019351).
- drivers: net: xgene: Add flow control initialization (bsc#1019351).
- drivers: net: xgene: Add helper function (bsc#1019351).
- drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).
- drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).
- drivers: net: xgene: Fix MSS programming (bsc#1019351).
- drivers: net: xgene: fix build after change_mtu function change
(bsc#1019351).
- drivers: net: xgene: fix: Coalescing values for v2 hardware
(bsc#1019351).
- drivers: net: xgene: fix: Disable coalescing on v1 hardware
(bsc#1019351).
- drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).
- drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).
- drivers: net: xgene: uninitialized variable in
xgene_enet_free_pagepool() (bsc#1019351).
- drm: Delete previous two fixes for i915 (bsc#1019061). These upstream
fixes brought some regressions, so better to revert for now.
- drm: Disable
patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The
patch seems leading to the instability on Wyse box (bsc#1015367).
- drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).
- drm: Use u64 for intermediate dotclock calculations (bnc#1006472).
- drm: i915: Do not init hpd polling for vlv and chv from
runtime_suspend() (bsc#1014120).
- drm: i915: Fix PCODE polling during CDCLK change notification
(bsc#1015367).
- drm: i915: Fix watermarks for VLV/CHV (bsc#1011176).
- drm: i915: Force VDD off on the new power seqeuencer before starting to
use it (bsc#1009674).
- drm: i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).
- drm: i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).
- drm: i915: Prevent PPS stealing from a normal DP port on VLV/CHV
(bsc#1019061).
- drm: i915: Prevent enabling hpd polling in late suspend (bsc#1014120).
- drm: i915: Restore PPS HW state from the encoder resume hook
(bsc#1019061).
- drm: i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).
- drm: vc4: Fix an integer overflow in temporary allocation layout
(bsc#1021294).
- drm: vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).
- drm: virtio-gpu: get the fb from the plane state for atomic updates
(bsc#1023101).
- edac: xgene: Fix spelling mistake in error messages (bsc#1019351).
- efi: libstub: Move Graphics Output Protocol handling to generic code
(bnc#974215).
- fbcon: Fix vc attr at deinit (bsc#1000619).
- fs: nfs: avoid including "mountproto=" with no protocol in /proc/mounts
(bsc#1019260).
- gpio: xgene: make explicitly non-modular (bsc#1019351).
- hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels().
- hv: change clockevents unbind tactics.
- hv: do not reset hv_context.tsc_page on crash.
- hv_netvsc: Add handler for physical link speed change.
- hv_netvsc: Add query for initial physical link speed.
- hv_netvsc: Implement batching of receive completions.
- hv_netvsc: Revert "make inline functions static".
- hv_netvsc: Revert "report vmbus name in ethtool".
- hv_netvsc: add ethtool statistics for tx packet issues.
- hv_netvsc: count multicast packets received.
- hv_netvsc: dev hold/put reference to VF.
- hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf().
- hv_netvsc: fix comments.
- hv_netvsc: fix rtnl locking in callback.
- hv_netvsc: improve VF device matching.
- hv_netvsc: init completion during alloc.
- hv_netvsc: make RSS hash key static.
- hv_netvsc: make device_remove void.
- hv_netvsc: make inline functions static.
- hv_netvsc: make netvsc_destroy_buf void.
- hv_netvsc: make variable local.
- hv_netvsc: rearrange start_xmit.
- hv_netvsc: refactor completion function.
- hv_netvsc: remove VF in flight counters.
- hv_netvsc: remove excessive logging on MTU change.
- hv_netvsc: report vmbus name in ethtool.
- hv_netvsc: simplify callback event code.
- hv_netvsc: style cleanups.
- hv_netvsc: use ARRAY_SIZE() for NDIS versions.
- hv_netvsc: use RCU to protect vf_netdev.
- hv_netvsc: use consume_skb.
- hv_netvsc: use kcalloc.
- hyperv: Fix spelling of HV_UNKOWN.
- i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while
holding the punit semaphore (bsc#1011913).
- i2c: designware: Implement support for SMBus block read and write
(bsc#1019351).
- i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).
- i2c: xgene: Fix missing code of DTB support (bsc#1019351).
- i40e: Be much more verbose about what we can and cannot offload
(bsc#985561).
- ibmveth: calculate gso_segs for large packets (bsc#1019148).
- ibmveth: check return of skb_linearize in ibmveth_start_xmit
(bsc#1019148).
- ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
- ibmveth: set correct gso_size and gso_type (bsc#1019148).
- igb: Workaround for igb i210 firmware issue (bsc#1009911).
- igb: add i211 to i210 PHY workaround (bsc#1009911).
- input: i8042: Trust firmware a bit more when probing on X86
(bsc#1011660).
- intel_idle: Add KBL support (bsc#1016884).
- ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897, bsc#1023762).
- ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).
- iwlwifi: Expose the default fallback ucode API to module info
(boo#1021082, boo#1023884).
- kgraft: iscsi-target: Do not block kGraft in iscsi_np kthread
(bsc#1010612).
- kgraft: xen: Do not block kGraft in xenbus kthread (bsc#1017410).
- libnvdimm: pfn: fix align attribute (bsc#1023175).
- mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).
- md linear: fix a race between linear_add() and linear_congested()
(bsc#1018446).
- md-cluster: convert the completion to wait queue.
- md-cluster: protect md_find_rdev_nr_rcu with rcu lock.
- md: ensure md devices are freed before module is unloaded (bsc#1022304).
- md: fix refcount problem on mddev when stopping array (bsc#1022304).
- misc: genwqe: ensure zero initialization.
- mm: do not loop on GFP_REPEAT high order requests if there is no reclaim
progress (bnc#1013000).
- mm: memcg: do not retry precharge charges (bnc#1022559).
- mm: page_alloc: fix check for NULL preferred_zone (bnc#971975 VM
performance -- page allocator).
- mm: page_alloc: fix fast-path race with cpuset update or removal
(bnc#971975 VM performance -- page allocator).
- mm: page_alloc: fix premature OOM when racing with cpuset mems update
(bnc#971975 VM performance -- page allocator).
- mm: page_alloc: keep pcp count and list contents in sync if struct page
is corrupted (bnc#971975 VM performance -- page allocator).
- mm: page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM
performance -- page allocator).
- mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for
sdhci-arasan4.9a (bsc#1019351).
- mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).
- mwifiex: fix IBSS data path issue (bsc#1018813).
- mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).
- net: af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,
LTC#150566).
- net: ethernet: apm: xgene: use phydev from struct net_device
(bsc#1019351).
- net: ethtool: Initialize buffer when querying device channel settings
(bsc#969479).
- net: hyperv: avoid uninitialized variable.
- net: implement netif_cond_dbg macro (bsc#1019168).
- net: remove useless memset's in drivers get_stats64 (bsc#1019351).
- net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).
- net: xgene: fix backward compatibility fix (bsc#1019351).
- net: xgene: fix error handling during reset (bsc#1019351).
- net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).
- netvsc: Remove mistaken udp.h inclusion.
- netvsc: add rcu_read locking to netvsc callback.
- netvsc: fix checksum on UDP IPV6.
- netvsc: reduce maximum GSO size.
- nfit: fail DSMs that return non-zero status by default (bsc#1023175).
- nfsv4: Cap the transport reconnection timer at 1/2 lease period
(bsc#1014410).
- nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
- nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).
- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).
- ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()
(bnc#921494).
- pci: Add devm_request_pci_bus_resources() (bsc#1019351).
- pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).
- pci: hv: Allocate physically contiguous hypercall params buffer.
- pci: hv: Fix hv_pci_remove() for hot-remove.
- pci: hv: Handle hv_pci_generic_compl() error case.
- pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg().
- pci: hv: Make unnecessarily global IRQ masking functions static.
- pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device.
- pci: hv: Use list_move_tail() instead of list_del() + list_add_tail().
- pci: hv: Use pci_function_description in struct definitions.
- pci: hv: Use the correct buffer size in new_pcichild_device().
- pci: hv: Use zero-length array in struct pci_packet.
- pci: include header file (bsc#964944).
- pci: xgene: Add local struct device pointers (bsc#1019351).
- pci: xgene: Add register accessors (bsc#1019351).
- pci: xgene: Free bridge resource list on failure (bsc#1019351).
- pci: xgene: Make explicitly non-modular (bsc#1019351).
- pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).
- pci: xgene: Remove unused platform data (bsc#1019351).
- pci: xgene: Request host bridge window resources (bsc#1019351).
- perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).
- phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode"
(bsc#1019351).
- power: reset: xgene-reboot: Unmap region obtained by of_iomap
(bsc#1019351).
- powerpc: fadump: Fix the race in crash_fadump() (bsc#1022971).
- qeth: check not more than 16 SBALEs on the completion queue
(bnc#1009718, LTC#148203).
- raid1: Fix a regression observed during the rebuilding of degraded
MDRAID VDs (bsc#1020048).
- raid1: ignore discard error (bsc#1017164).
- reiserfs: fix race in prealloc discard (bsc#987576).
- rpm: kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
- rpm: kernel-binary.spec.in: Fix installation of /etc/uefi/certs
(bsc#1019594)
- rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).
- rtc: cmos: Do not enable interrupts in the middle of the interrupt
handler (bsc#1022429).
- rtc: cmos: Restore alarm after resume (bsc#1022429).
- rtc: cmos: avoid unused function warning (bsc#1022429).
- s390: Fix invalid domain response handling (bnc#1009718).
- s390: cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).
- s390: sysinfo: show partition extended name and UUID if available
(bnc#1009718, LTC#150160).
- s390: time: LPAR offset handling (bnc#1009718, LTC#146920).
- s390: time: move PTFF definitions (bnc#1009718, LTC#146920).
- sched: Allow hotplug notifiers to be setup early (bnc#1022476).
- sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).
- sched: core, x86/topology: Fix NUMA in package topology bug
(bnc#1022476).
- sched: core: Fix incorrect utilization accounting when switching to fair
class (bnc#1022476).
- sched: core: Fix set_user_nice() (bnc#1022476).
- sched: cputime: Add steal time support to full dynticks CPU time
accounting (bnc#1022476).
- sched: cputime: Fix prev steal time accouting during CPU hotplug
(bnc#1022476).
- sched: deadline: Always calculate end of period on sched_yield()
(bnc#1022476).
- sched: deadline: Fix a bug in dl_overflow() (bnc#1022476).
- sched: deadline: Fix lock pinning warning during CPU hotplug
(bnc#1022476).
- sched: deadline: Fix wrap-around in DL heap (bnc#1022476).
- sched: fair: Avoid using decay_load_missed() with a negative value
(bnc#1022476).
- sched: fair: Fix fixed point arithmetic width for shares and effective
load (bnc#1022476).
- sched: fair: Fix load_above_capacity fixed point arithmetic width
(bnc#1022476).
- sched: fair: Fix min_vruntime tracking (bnc#1022476).
- sched: fair: Fix the wrong throttled clock time for cfs_rq_clock_task()
(bnc#1022476).
- sched: fair: Improve PELT stuff some more (bnc#1022476).
- sched: rt, sched/dl: Do not push if task's scheduling class was changed
(bnc#1022476).
- sched: rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).
- sched: rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).
- scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).
- scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).
- scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).
- scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels.
- scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986, bsc#1025235).
- sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).
- serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update
config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly,
too. Also, the corresponding entry got removed from supported.conf.
- serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).
- serial: Update metadata for serial fixes (bsc#1013001)
- ses: Fix SAS device detection in enclosure (bsc#1016403).
- sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
- sfc: refactor debug-or-warnings printks (bsc#1019168).
- sunrpc: Fix reconnection timeouts (bsc#1014410).
- sunrpc: Limit the reconnect backoff timer to the max RPC message timeout
(bsc#1014410).
- supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail
(bsc#1018813)
- supported.conf: delete xilinx/ll_temac (bsc#1011602)
- target: add XCOPY target/segment desc sense codes (bsc#991273).
- target: bounds check XCOPY segment descriptor list (bsc#991273).
- target: bounds check XCOPY total descriptor list length (bsc#991273).
- target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
- target: check for XCOPY parameter truncation (bsc#991273).
- target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense
(bsc#991273).
- target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
- target: support XCOPY requests without parameters (bsc#991273).
- target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
- target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
- tools: hv: Enable network manager for bonding scripts on RHEL.
- tools: hv: fix a compile warning in snprintf.
- tools: hv: kvp: configurable external scripts path.
- tools: hv: kvp: ensure kvp device fd is closed on exec.
- tools: hv: remove unnecessary header files and netlink related code.
- tools: hv: remove unnecessary link flag.
- tty: n_hdlc, fix lockdep false positive (bnc#1015840).
- uvcvideo: uvc_scan_fallback() for webcams with broken chain
(bsc#1021474).
- vmbus: make sysfs names consistent with PCI.
- x86: MCE: Dump MCE to dmesg if no consumers (bsc#1013994).
- x86: hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic.
- xfs: don't allow di_size with high bit set (bsc#1024234).
- xfs: exclude never-released buffers from buftarg I/O accounting
(bsc#1024508).
- xfs: fix broken multi-fsb buffer logging (bsc#1024081).
- xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).
- xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
- xfs: track and serialize in-flight async buffers against unmount
(bsc#1024508).
- xfs: track and serialize in-flight async buffers against unmount - kABI
(bsc#1024508).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-300=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-300=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-300=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-300=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2017-300=1
- SUSE Linux Enterprise High Availability 12-SP2:
zypper in -t patch SUSE-SLE-HA-12-SP2-2017-300=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-300=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-300=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
kernel-default-debuginfo-4.4.49-92.11.1
kernel-default-debugsource-4.4.49-92.11.1
kernel-default-extra-4.4.49-92.11.1
kernel-default-extra-debuginfo-4.4.49-92.11.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.4.49-92.11.1
kernel-obs-build-debugsource-4.4.49-92.11.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):
kernel-docs-4.4.49-92.11.3
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
kernel-default-4.4.49-92.11.1
kernel-default-base-4.4.49-92.11.1
kernel-default-base-debuginfo-4.4.49-92.11.1
kernel-default-debuginfo-4.4.49-92.11.1
kernel-default-debugsource-4.4.49-92.11.1
kernel-default-devel-4.4.49-92.11.1
kernel-syms-4.4.49-92.11.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
kernel-devel-4.4.49-92.11.1
kernel-macros-4.4.49-92.11.1
kernel-source-4.4.49-92.11.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
kernel-default-4.4.49-92.11.1
kernel-default-base-4.4.49-92.11.1
kernel-default-base-debuginfo-4.4.49-92.11.1
kernel-default-debuginfo-4.4.49-92.11.1
kernel-default-debugsource-4.4.49-92.11.1
kernel-default-devel-4.4.49-92.11.1
kernel-syms-4.4.49-92.11.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
kernel-devel-4.4.49-92.11.1
kernel-macros-4.4.49-92.11.1
kernel-source-4.4.49-92.11.1
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_49-92_11-default-1-6.1
- SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.49-92.11.1
cluster-md-kmp-default-debuginfo-4.4.49-92.11.1
cluster-network-kmp-default-4.4.49-92.11.1
cluster-network-kmp-default-debuginfo-4.4.49-92.11.1
dlm-kmp-default-4.4.49-92.11.1
dlm-kmp-default-debuginfo-4.4.49-92.11.1
gfs2-kmp-default-4.4.49-92.11.1
gfs2-kmp-default-debuginfo-4.4.49-92.11.1
kernel-default-debuginfo-4.4.49-92.11.1
kernel-default-debugsource-4.4.49-92.11.1
ocfs2-kmp-default-4.4.49-92.11.1
ocfs2-kmp-default-debuginfo-4.4.49-92.11.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
kernel-default-4.4.49-92.11.1
kernel-default-debuginfo-4.4.49-92.11.1
kernel-default-debugsource-4.4.49-92.11.1
kernel-default-devel-4.4.49-92.11.1
kernel-default-extra-4.4.49-92.11.1
kernel-default-extra-debuginfo-4.4.49-92.11.1
kernel-syms-4.4.49-92.11.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
kernel-devel-4.4.49-92.11.1
kernel-macros-4.4.49-92.11.1
kernel-source-4.4.49-92.11.1
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
kernel-default-4.4.49-92.11.1
kernel-default-debuginfo-4.4.49-92.11.1
kernel-default-debugsource-4.4.49-92.11.1
References:
https://www.suse.com/security/cve/CVE-2015-8709.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-9806.html
https://www.suse.com/security/cve/CVE-2017-2583.html
https://www.suse.com/security/cve/CVE-2017-2584.html
https://www.suse.com/security/cve/CVE-2017-5551.html
https://www.suse.com/security/cve/CVE-2017-5576.html
https://www.suse.com/security/cve/CVE-2017-5577.html
https://www.suse.com/security/cve/CVE-2017-5897.html
https://www.suse.com/security/cve/CVE-2017-5970.html
https://www.suse.com/security/cve/CVE-2017-5986.html
https://bugzilla.suse.com/1000092
https://bugzilla.suse.com/1000619
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1005918
https://bugzilla.suse.com/1006469
https://bugzilla.suse.com/1006472
https://bugzilla.suse.com/1007729
https://bugzilla.suse.com/1008742
https://bugzilla.suse.com/1009546
https://bugzilla.suse.com/1009674
https://bugzilla.suse.com/1009718
https://bugzilla.suse.com/1009911
https://bugzilla.suse.com/1010612
https://bugzilla.suse.com/1010690
https://bugzilla.suse.com/1010933
https://bugzilla.suse.com/1011176
https://bugzilla.suse.com/1011602
https://bugzilla.suse.com/1011660
https://bugzilla.suse.com/1011913
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1012910
https://bugzilla.suse.com/1013000
https://bugzilla.suse.com/1013001
https://bugzilla.suse.com/1013273
https://bugzilla.suse.com/1013540
https://bugzilla.suse.com/1013792
https://bugzilla.suse.com/1013994
https://bugzilla.suse.com/1014120
https://bugzilla.suse.com/1014410
https://bugzilla.suse.com/1015038
https://bugzilla.suse.com/1015367
https://bugzilla.suse.com/1015840
https://bugzilla.suse.com/1016250
https://bugzilla.suse.com/1016403
https://bugzilla.suse.com/1016517
https://bugzilla.suse.com/1016884
https://bugzilla.suse.com/1016979
https://bugzilla.suse.com/1017164
https://bugzilla.suse.com/1017170
https://bugzilla.suse.com/1017410
https://bugzilla.suse.com/1018100
https://bugzilla.suse.com/1018316
https://bugzilla.suse.com/1018358
https://bugzilla.suse.com/1018446
https://bugzilla.suse.com/1018813
https://bugzilla.suse.com/1018913
https://bugzilla.suse.com/1019061
https://bugzilla.suse.com/1019148
https://bugzilla.suse.com/1019168
https://bugzilla.suse.com/1019260
https://bugzilla.suse.com/1019351
https://bugzilla.suse.com/1019594
https://bugzilla.suse.com/1019630
https://bugzilla.suse.com/1019631
https://bugzilla.suse.com/1019784
https://bugzilla.suse.com/1019851
https://bugzilla.suse.com/1020048
https://bugzilla.suse.com/1020214
https://bugzilla.suse.com/1020488
https://bugzilla.suse.com/1020602
https://bugzilla.suse.com/1020685
https://bugzilla.suse.com/1020817
https://bugzilla.suse.com/1020945
https://bugzilla.suse.com/1020975
https://bugzilla.suse.com/1021082
https://bugzilla.suse.com/1021248
https://bugzilla.suse.com/1021251
https://bugzilla.suse.com/1021258
https://bugzilla.suse.com/1021260
https://bugzilla.suse.com/1021294
https://bugzilla.suse.com/1021455
https://bugzilla.suse.com/1021474
https://bugzilla.suse.com/1022304
https://bugzilla.suse.com/1022429
https://bugzilla.suse.com/1022476
https://bugzilla.suse.com/1022547
https://bugzilla.suse.com/1022559
https://bugzilla.suse.com/1022971
https://bugzilla.suse.com/1023101
https://bugzilla.suse.com/1023175
https://bugzilla.suse.com/1023762
https://bugzilla.suse.com/1023884
https://bugzilla.suse.com/1023888
https://bugzilla.suse.com/1024081
https://bugzilla.suse.com/1024234
https://bugzilla.suse.com/1024508
https://bugzilla.suse.com/1024938
https://bugzilla.suse.com/1025235
https://bugzilla.suse.com/921494
https://bugzilla.suse.com/959709
https://bugzilla.suse.com/964944
https://bugzilla.suse.com/969476
https://bugzilla.suse.com/969477
https://bugzilla.suse.com/969479
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/974215
https://bugzilla.suse.com/981709
https://bugzilla.suse.com/982783
https://bugzilla.suse.com/985561
https://bugzilla.suse.com/987192
https://bugzilla.suse.com/987576
https://bugzilla.suse.com/989056
https://bugzilla.suse.com/991273
https://bugzilla.suse.com/998106
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0571-1: important: Security update for xen
by opensuse-security@opensuse.org 27 Feb '17
by opensuse-security@opensuse.org 27 Feb '17
27 Feb '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0571-1
Rating: important
References: #1000195 #1002496 #1005028 #1012651 #1014298
#1014300 #1015169 #1016340 #1022871 #1023004
#1024834
Cross-References: CVE-2016-9921 CVE-2016-9922 CVE-2017-2615
CVE-2017-2620
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves four vulnerabilities and has 7 fixes
is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo failed to check the memory region, allowing for
an out-of-bounds write that allows for privilege escalation
(bsc#1024834).
- CVE-2017-2615: An error in the bitblt copy operation could have allowed
a malicious guest administrator to cause an out of bounds memory access,
possibly leading to information disclosure or privilege escalation
(bsc#1023004).
- A malicious guest could have, by frequently rebooting over extended
periods of time, run the host system out of memory, resulting in a
Denial of Service (DoS) (bsc#1022871)
- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1015169
These non-security issues were fixed:
- bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3
- bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd
- bsc#1005028: Fixed building Xen RPMs from Sources
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-296=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-296=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-296=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64):
xen-debugsource-4.7.1_06-31.1
xen-devel-4.7.1_06-31.1
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
xen-4.7.1_06-31.1
xen-debugsource-4.7.1_06-31.1
xen-doc-html-4.7.1_06-31.1
xen-libs-32bit-4.7.1_06-31.1
xen-libs-4.7.1_06-31.1
xen-libs-debuginfo-32bit-4.7.1_06-31.1
xen-libs-debuginfo-4.7.1_06-31.1
xen-tools-4.7.1_06-31.1
xen-tools-debuginfo-4.7.1_06-31.1
xen-tools-domU-4.7.1_06-31.1
xen-tools-domU-debuginfo-4.7.1_06-31.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
xen-4.7.1_06-31.1
xen-debugsource-4.7.1_06-31.1
xen-libs-32bit-4.7.1_06-31.1
xen-libs-4.7.1_06-31.1
xen-libs-debuginfo-32bit-4.7.1_06-31.1
xen-libs-debuginfo-4.7.1_06-31.1
References:
https://www.suse.com/security/cve/CVE-2016-9921.html
https://www.suse.com/security/cve/CVE-2016-9922.html
https://www.suse.com/security/cve/CVE-2017-2615.html
https://www.suse.com/security/cve/CVE-2017-2620.html
https://bugzilla.suse.com/1000195
https://bugzilla.suse.com/1002496
https://bugzilla.suse.com/1005028
https://bugzilla.suse.com/1012651
https://bugzilla.suse.com/1014298
https://bugzilla.suse.com/1014300
https://bugzilla.suse.com/1015169
https://bugzilla.suse.com/1016340
https://bugzilla.suse.com/1022871
https://bugzilla.suse.com/1023004
https://bugzilla.suse.com/1024834
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0570-1: important: Security update for xen
by opensuse-security@opensuse.org 27 Feb '17
by opensuse-security@opensuse.org 27 Feb '17
27 Feb '17
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0570-1
Rating: important
References: #1000195 #1002496 #1013657 #1013668 #1014490
#1014507 #1015169 #1016340 #1022627 #1022871
#1023004 #1024183 #1024186 #1024307 #1024834
#1025188
Cross-References: CVE-2016-10155 CVE-2016-9101 CVE-2016-9776
CVE-2016-9907 CVE-2016-9911 CVE-2016-9921
CVE-2016-9922 CVE-2017-2615 CVE-2017-2620
CVE-2017-5579 CVE-2017-5856 CVE-2017-5898
CVE-2017-5973
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 13 vulnerabilities and has three
fixes is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2017-5973: A infinite loop while doing control transfer in
xhci_kick_epctx allowed privileged user inside the guest to crash the
host process resulting in DoS (bsc#1025188).
- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was
vulnerable to a memory leakage issue allowing a privileged user to cause
a DoS and/or potentially crash the Qemu process on the host
(bsc#1024183).
- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo failed to check the memory region, allowing for
an out-of-bounds write that allows for privilege escalation (bsc#1024834)
- CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation
support was vulnerable to a memory leakage issue allowing a privileged
user to leak host memory resulting in DoS (bsc#1024186).
- CVE-2017-5898: The CCID Card device emulator support was vulnerable to
an integer overflow flaw allowing a privileged user to crash the Qemu
process on the host resulting in DoS (bsc#1024307).
- CVE-2017-2615: An error in the bitblt copy operation could have allowed
a malicious guest administrator to cause an out of bounds memory access,
possibly leading to information disclosure or privilege escalation
(bsc#1023004)
- A malicious guest could have, by frequently rebooting over extended
periods of time, run the host system out of memory, resulting in a
Denial of Service (DoS) (bsc#1022871)
- CVE-2017-5579: The 16550A UART serial device emulation support was
vulnerable to a memory leakage issue allowing a privileged user to cause
a DoS and/or potentially crash the Qemu process on the host
(bsc#1022627).
- CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a
memory leakage flaw when destroying the USB redirector in
'usbredir_handle_destroy'. A guest user/process could have used this
issue to leak host memory, resulting in DoS for a host (bsc#1014490)
- CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory
leakage issue while processing packet data in 'ehci_init_transfer'. A
guest user/process could have used this issue to leak host memory,
resulting in DoS for the host (bsc#1014507)
- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1015169)
- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1015169)
- CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS
administrators to cause a denial of service (memory consumption and QEMU
process crash) by repeatedly unplugging an i8255x (PRO100) NIC device
(bsc#1013668).
- CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support
was vulnerable to an infinite loop issue while receiving packets in
'mcf_fec_receive'. A privileged user/process inside guest could have
used this issue to crash the Qemu process on the host leading to DoS
(bsc#1013657)
These non-security issues were fixed:
- bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3
- bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-297=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-297=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-297=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64):
xen-debugsource-4.5.5_06-22.11.2
xen-devel-4.5.5_06-22.11.2
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
xen-4.5.5_06-22.11.2
xen-debugsource-4.5.5_06-22.11.2
xen-doc-html-4.5.5_06-22.11.2
xen-kmp-default-4.5.5_06_k3.12.69_60.64.32-22.11.2
xen-kmp-default-debuginfo-4.5.5_06_k3.12.69_60.64.32-22.11.2
xen-libs-32bit-4.5.5_06-22.11.2
xen-libs-4.5.5_06-22.11.2
xen-libs-debuginfo-32bit-4.5.5_06-22.11.2
xen-libs-debuginfo-4.5.5_06-22.11.2
xen-tools-4.5.5_06-22.11.2
xen-tools-debuginfo-4.5.5_06-22.11.2
xen-tools-domU-4.5.5_06-22.11.2
xen-tools-domU-debuginfo-4.5.5_06-22.11.2
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
xen-4.5.5_06-22.11.2
xen-debugsource-4.5.5_06-22.11.2
xen-kmp-default-4.5.5_06_k3.12.69_60.64.32-22.11.2
xen-kmp-default-debuginfo-4.5.5_06_k3.12.69_60.64.32-22.11.2
xen-libs-32bit-4.5.5_06-22.11.2
xen-libs-4.5.5_06-22.11.2
xen-libs-debuginfo-32bit-4.5.5_06-22.11.2
xen-libs-debuginfo-4.5.5_06-22.11.2
References:
https://www.suse.com/security/cve/CVE-2016-10155.html
https://www.suse.com/security/cve/CVE-2016-9101.html
https://www.suse.com/security/cve/CVE-2016-9776.html
https://www.suse.com/security/cve/CVE-2016-9907.html
https://www.suse.com/security/cve/CVE-2016-9911.html
https://www.suse.com/security/cve/CVE-2016-9921.html
https://www.suse.com/security/cve/CVE-2016-9922.html
https://www.suse.com/security/cve/CVE-2017-2615.html
https://www.suse.com/security/cve/CVE-2017-2620.html
https://www.suse.com/security/cve/CVE-2017-5579.html
https://www.suse.com/security/cve/CVE-2017-5856.html
https://www.suse.com/security/cve/CVE-2017-5898.html
https://www.suse.com/security/cve/CVE-2017-5973.html
https://bugzilla.suse.com/1000195
https://bugzilla.suse.com/1002496
https://bugzilla.suse.com/1013657
https://bugzilla.suse.com/1013668
https://bugzilla.suse.com/1014490
https://bugzilla.suse.com/1014507
https://bugzilla.suse.com/1015169
https://bugzilla.suse.com/1016340
https://bugzilla.suse.com/1022627
https://bugzilla.suse.com/1022871
https://bugzilla.suse.com/1023004
https://bugzilla.suse.com/1024183
https://bugzilla.suse.com/1024186
https://bugzilla.suse.com/1024307
https://bugzilla.suse.com/1024834
https://bugzilla.suse.com/1025188
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0568-1: important: Security update for php53
by opensuse-security@opensuse.org 27 Feb '17
by opensuse-security@opensuse.org 27 Feb '17
27 Feb '17
SUSE Security Update: Security update for php53
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0568-1
Rating: important
References: #1019550 #1022219 #1022255 #1022257 #1022260
#1022263 #1022264 #1022265
Cross-References: CVE-2016-10158 CVE-2016-10159 CVE-2016-10160
CVE-2016-10161 CVE-2016-10166 CVE-2016-10167
CVE-2016-10168 CVE-2016-7478
Affected Products:
SUSE OpenStack Cloud 5
SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for php53 fixes the following security issues:
- CVE-2016-7478: When unserializing untrusted input data, PHP could end up
in an infinite loop, causing denial of service (bsc#1019550)
- CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c
in PHP allowed remote attackers to cause a denial of service
(application crash) via crafted EXIF data that triggers an attempt to
divide the minimum representable negative integer by -1. (bsc#1022219)
- CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in
ext/phar/phar.c in PHP allowed remote attackers to cause a denial
of service (memory consumption or application crash) via a truncated
manifest entry in a PHAR archive. (bsc#1022255)
- CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in
ext/phar/phar.c in PHP allowed remote attackers to cause a denial
of service (memory corruption) or possibly execute arbitrary code via a
crafted PHAR archive with an alias mismatch. (bsc#1022257)
- CVE-2016-10161: The object_common1 function in
ext/standard/var_unserializer.c in PHP allowed remote attackers to cause
a denial of service (buffer over-read and application crash) via crafted
serialized data that is mishandled in a finish_nested_data call.
(bsc#1022260)
- CVE-2016-10166: A potential unsigned underflow in gd interpolation
functions could lead to memory corruption in the PHP gd module
(bsc#1022263)
- CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx()
could lead to php out of memory even on small files. (bsc#1022264)
- CVE-2016-10168: A signed integer overflow in the gd module could lead to
memory corruption (bsc#1022265)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-php53-12997=1
- SUSE Manager Proxy 2.1:
zypper in -t patch slemap21-php53-12997=1
- SUSE Manager 2.1:
zypper in -t patch sleman21-php53-12997=1
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-php53-12997=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-php53-12997=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-php53-12997=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-php53-12997=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-php53-12997=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-php53-12997=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
apache2-mod_php53-5.3.17-101.1
php53-5.3.17-101.1
php53-bcmath-5.3.17-101.1
php53-bz2-5.3.17-101.1
php53-calendar-5.3.17-101.1
php53-ctype-5.3.17-101.1
php53-curl-5.3.17-101.1
php53-dba-5.3.17-101.1
php53-dom-5.3.17-101.1
php53-exif-5.3.17-101.1
php53-fastcgi-5.3.17-101.1
php53-fileinfo-5.3.17-101.1
php53-ftp-5.3.17-101.1
php53-gd-5.3.17-101.1
php53-gettext-5.3.17-101.1
php53-gmp-5.3.17-101.1
php53-iconv-5.3.17-101.1
php53-intl-5.3.17-101.1
php53-json-5.3.17-101.1
php53-ldap-5.3.17-101.1
php53-mbstring-5.3.17-101.1
php53-mcrypt-5.3.17-101.1
php53-mysql-5.3.17-101.1
php53-odbc-5.3.17-101.1
php53-openssl-5.3.17-101.1
php53-pcntl-5.3.17-101.1
php53-pdo-5.3.17-101.1
php53-pear-5.3.17-101.1
php53-pgsql-5.3.17-101.1
php53-pspell-5.3.17-101.1
php53-shmop-5.3.17-101.1
php53-snmp-5.3.17-101.1
php53-soap-5.3.17-101.1
php53-suhosin-5.3.17-101.1
php53-sysvmsg-5.3.17-101.1
php53-sysvsem-5.3.17-101.1
php53-sysvshm-5.3.17-101.1
php53-tokenizer-5.3.17-101.1
php53-wddx-5.3.17-101.1
php53-xmlreader-5.3.17-101.1
php53-xmlrpc-5.3.17-101.1
php53-xmlwriter-5.3.17-101.1
php53-xsl-5.3.17-101.1
php53-zip-5.3.17-101.1
php53-zlib-5.3.17-101.1
- SUSE Manager Proxy 2.1 (x86_64):
apache2-mod_php53-5.3.17-101.1
php53-5.3.17-101.1
php53-bcmath-5.3.17-101.1
php53-bz2-5.3.17-101.1
php53-calendar-5.3.17-101.1
php53-ctype-5.3.17-101.1
php53-curl-5.3.17-101.1
php53-dba-5.3.17-101.1
php53-dom-5.3.17-101.1
php53-exif-5.3.17-101.1
php53-fastcgi-5.3.17-101.1
php53-fileinfo-5.3.17-101.1
php53-ftp-5.3.17-101.1
php53-gd-5.3.17-101.1
php53-gettext-5.3.17-101.1
php53-gmp-5.3.17-101.1
php53-iconv-5.3.17-101.1
php53-intl-5.3.17-101.1
php53-json-5.3.17-101.1
php53-ldap-5.3.17-101.1
php53-mbstring-5.3.17-101.1
php53-mcrypt-5.3.17-101.1
php53-mysql-5.3.17-101.1
php53-odbc-5.3.17-101.1
php53-openssl-5.3.17-101.1
php53-pcntl-5.3.17-101.1
php53-pdo-5.3.17-101.1
php53-pear-5.3.17-101.1
php53-pgsql-5.3.17-101.1
php53-pspell-5.3.17-101.1
php53-shmop-5.3.17-101.1
php53-snmp-5.3.17-101.1
php53-soap-5.3.17-101.1
php53-suhosin-5.3.17-101.1
php53-sysvmsg-5.3.17-101.1
php53-sysvsem-5.3.17-101.1
php53-sysvshm-5.3.17-101.1
php53-tokenizer-5.3.17-101.1
php53-wddx-5.3.17-101.1
php53-xmlreader-5.3.17-101.1
php53-xmlrpc-5.3.17-101.1
php53-xmlwriter-5.3.17-101.1
php53-xsl-5.3.17-101.1
php53-zip-5.3.17-101.1
php53-zlib-5.3.17-101.1
- SUSE Manager 2.1 (s390x x86_64):
apache2-mod_php53-5.3.17-101.1
php53-5.3.17-101.1
php53-bcmath-5.3.17-101.1
php53-bz2-5.3.17-101.1
php53-calendar-5.3.17-101.1
php53-ctype-5.3.17-101.1
php53-curl-5.3.17-101.1
php53-dba-5.3.17-101.1
php53-dom-5.3.17-101.1
php53-exif-5.3.17-101.1
php53-fastcgi-5.3.17-101.1
php53-fileinfo-5.3.17-101.1
php53-ftp-5.3.17-101.1
php53-gd-5.3.17-101.1
php53-gettext-5.3.17-101.1
php53-gmp-5.3.17-101.1
php53-iconv-5.3.17-101.1
php53-intl-5.3.17-101.1
php53-json-5.3.17-101.1
php53-ldap-5.3.17-101.1
php53-mbstring-5.3.17-101.1
php53-mcrypt-5.3.17-101.1
php53-mysql-5.3.17-101.1
php53-odbc-5.3.17-101.1
php53-openssl-5.3.17-101.1
php53-pcntl-5.3.17-101.1
php53-pdo-5.3.17-101.1
php53-pear-5.3.17-101.1
php53-pgsql-5.3.17-101.1
php53-pspell-5.3.17-101.1
php53-shmop-5.3.17-101.1
php53-snmp-5.3.17-101.1
php53-soap-5.3.17-101.1
php53-suhosin-5.3.17-101.1
php53-sysvmsg-5.3.17-101.1
php53-sysvsem-5.3.17-101.1
php53-sysvshm-5.3.17-101.1
php53-tokenizer-5.3.17-101.1
php53-wddx-5.3.17-101.1
php53-xmlreader-5.3.17-101.1
php53-xmlrpc-5.3.17-101.1
php53-xmlwriter-5.3.17-101.1
php53-xsl-5.3.17-101.1
php53-zip-5.3.17-101.1
php53-zlib-5.3.17-101.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
php53-devel-5.3.17-101.1
php53-imap-5.3.17-101.1
php53-posix-5.3.17-101.1
php53-readline-5.3.17-101.1
php53-sockets-5.3.17-101.1
php53-sqlite-5.3.17-101.1
php53-tidy-5.3.17-101.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
apache2-mod_php53-5.3.17-101.1
php53-5.3.17-101.1
php53-bcmath-5.3.17-101.1
php53-bz2-5.3.17-101.1
php53-calendar-5.3.17-101.1
php53-ctype-5.3.17-101.1
php53-curl-5.3.17-101.1
php53-dba-5.3.17-101.1
php53-dom-5.3.17-101.1
php53-exif-5.3.17-101.1
php53-fastcgi-5.3.17-101.1
php53-fileinfo-5.3.17-101.1
php53-ftp-5.3.17-101.1
php53-gd-5.3.17-101.1
php53-gettext-5.3.17-101.1
php53-gmp-5.3.17-101.1
php53-iconv-5.3.17-101.1
php53-intl-5.3.17-101.1
php53-json-5.3.17-101.1
php53-ldap-5.3.17-101.1
php53-mbstring-5.3.17-101.1
php53-mcrypt-5.3.17-101.1
php53-mysql-5.3.17-101.1
php53-odbc-5.3.17-101.1
php53-openssl-5.3.17-101.1
php53-pcntl-5.3.17-101.1
php53-pdo-5.3.17-101.1
php53-pear-5.3.17-101.1
php53-pgsql-5.3.17-101.1
php53-pspell-5.3.17-101.1
php53-shmop-5.3.17-101.1
php53-snmp-5.3.17-101.1
php53-soap-5.3.17-101.1
php53-suhosin-5.3.17-101.1
php53-sysvmsg-5.3.17-101.1
php53-sysvsem-5.3.17-101.1
php53-sysvshm-5.3.17-101.1
php53-tokenizer-5.3.17-101.1
php53-wddx-5.3.17-101.1
php53-xmlreader-5.3.17-101.1
php53-xmlrpc-5.3.17-101.1
php53-xmlwriter-5.3.17-101.1
php53-xsl-5.3.17-101.1
php53-zip-5.3.17-101.1
php53-zlib-5.3.17-101.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
apache2-mod_php53-5.3.17-101.1
php53-5.3.17-101.1
php53-bcmath-5.3.17-101.1
php53-bz2-5.3.17-101.1
php53-calendar-5.3.17-101.1
php53-ctype-5.3.17-101.1
php53-curl-5.3.17-101.1
php53-dba-5.3.17-101.1
php53-dom-5.3.17-101.1
php53-exif-5.3.17-101.1
php53-fastcgi-5.3.17-101.1
php53-fileinfo-5.3.17-101.1
php53-ftp-5.3.17-101.1
php53-gd-5.3.17-101.1
php53-gettext-5.3.17-101.1
php53-gmp-5.3.17-101.1
php53-iconv-5.3.17-101.1
php53-intl-5.3.17-101.1
php53-json-5.3.17-101.1
php53-ldap-5.3.17-101.1
php53-mbstring-5.3.17-101.1
php53-mcrypt-5.3.17-101.1
php53-mysql-5.3.17-101.1
php53-odbc-5.3.17-101.1
php53-openssl-5.3.17-101.1
php53-pcntl-5.3.17-101.1
php53-pdo-5.3.17-101.1
php53-pear-5.3.17-101.1
php53-pgsql-5.3.17-101.1
php53-pspell-5.3.17-101.1
php53-shmop-5.3.17-101.1
php53-snmp-5.3.17-101.1
php53-soap-5.3.17-101.1
php53-suhosin-5.3.17-101.1
php53-sysvmsg-5.3.17-101.1
php53-sysvsem-5.3.17-101.1
php53-sysvshm-5.3.17-101.1
php53-tokenizer-5.3.17-101.1
php53-wddx-5.3.17-101.1
php53-xmlreader-5.3.17-101.1
php53-xmlrpc-5.3.17-101.1
php53-xmlwriter-5.3.17-101.1
php53-xsl-5.3.17-101.1
php53-zip-5.3.17-101.1
php53-zlib-5.3.17-101.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
apache2-mod_php53-5.3.17-101.1
php53-5.3.17-101.1
php53-bcmath-5.3.17-101.1
php53-bz2-5.3.17-101.1
php53-calendar-5.3.17-101.1
php53-ctype-5.3.17-101.1
php53-curl-5.3.17-101.1
php53-dba-5.3.17-101.1
php53-dom-5.3.17-101.1
php53-exif-5.3.17-101.1
php53-fastcgi-5.3.17-101.1
php53-fileinfo-5.3.17-101.1
php53-ftp-5.3.17-101.1
php53-gd-5.3.17-101.1
php53-gettext-5.3.17-101.1
php53-gmp-5.3.17-101.1
php53-iconv-5.3.17-101.1
php53-intl-5.3.17-101.1
php53-json-5.3.17-101.1
php53-ldap-5.3.17-101.1
php53-mbstring-5.3.17-101.1
php53-mcrypt-5.3.17-101.1
php53-mysql-5.3.17-101.1
php53-odbc-5.3.17-101.1
php53-openssl-5.3.17-101.1
php53-pcntl-5.3.17-101.1
php53-pdo-5.3.17-101.1
php53-pear-5.3.17-101.1
php53-pgsql-5.3.17-101.1
php53-pspell-5.3.17-101.1
php53-shmop-5.3.17-101.1
php53-snmp-5.3.17-101.1
php53-soap-5.3.17-101.1
php53-suhosin-5.3.17-101.1
php53-sysvmsg-5.3.17-101.1
php53-sysvsem-5.3.17-101.1
php53-sysvshm-5.3.17-101.1
php53-tokenizer-5.3.17-101.1
php53-wddx-5.3.17-101.1
php53-xmlreader-5.3.17-101.1
php53-xmlrpc-5.3.17-101.1
php53-xmlwriter-5.3.17-101.1
php53-xsl-5.3.17-101.1
php53-zip-5.3.17-101.1
php53-zlib-5.3.17-101.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
php53-debuginfo-5.3.17-101.1
php53-debugsource-5.3.17-101.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
php53-debuginfo-5.3.17-101.1
php53-debugsource-5.3.17-101.1
References:
https://www.suse.com/security/cve/CVE-2016-10158.html
https://www.suse.com/security/cve/CVE-2016-10159.html
https://www.suse.com/security/cve/CVE-2016-10160.html
https://www.suse.com/security/cve/CVE-2016-10161.html
https://www.suse.com/security/cve/CVE-2016-10166.html
https://www.suse.com/security/cve/CVE-2016-10167.html
https://www.suse.com/security/cve/CVE-2016-10168.html
https://www.suse.com/security/cve/CVE-2016-7478.html
https://bugzilla.suse.com/1019550
https://bugzilla.suse.com/1022219
https://bugzilla.suse.com/1022255
https://bugzilla.suse.com/1022257
https://bugzilla.suse.com/1022260
https://bugzilla.suse.com/1022263
https://bugzilla.suse.com/1022264
https://bugzilla.suse.com/1022265
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:0565-1: important: Security update of chromium
by opensuse-security@opensuse.org 27 Feb '17
by opensuse-security@opensuse.org 27 Feb '17
27 Feb '17
openSUSE Security Update: Security update of chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:0565-1
Rating: important
References: #1022049
Cross-References: CVE-2017-5006 CVE-2017-5007 CVE-2017-5008
CVE-2017-5009 CVE-2017-5010 CVE-2017-5011
CVE-2017-5012 CVE-2017-5013 CVE-2017-5014
CVE-2017-5015 CVE-2017-5016 CVE-2017-5017
CVE-2017-5018 CVE-2017-5019 CVE-2017-5020
CVE-2017-5021 CVE-2017-5022 CVE-2017-5023
CVE-2017-5024 CVE-2017-5025 CVE-2017-5026
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes 21 vulnerabilities is now available.
Description:
Google chromium was updated to 56.0.2924.87:
* Various small fixes
* Disabled option to enable/disable plugins in the chrome://plugins
- Changed the build requirement of libavformat to library version
57.41.100, as included in ffmpeg 3.1.1, as only this version properly
supports the public AVStream API 'codecpar'.
It also contains the version update to 56.0.2924.76 (bsc#1022049):
- CVE-2017-5007: Universal XSS in Blink
- CVE-2017-5006: Universal XSS in Blink
- CVE-2017-5008: Universal XSS in Blink
- CVE-2017-5010: Universal XSS in Blink
- CVE-2017-5011: Unauthorised file access in Devtools
- CVE-2017-5009: Out of bounds memory access in WebRTC
- CVE-2017-5012: Heap overflow in V8
- CVE-2017-5013: Address spoofing in Omnibox
- CVE-2017-5014: Heap overflow in Skia
- CVE-2017-5015: Address spoofing in Omnibox
- CVE-2017-5019: Use after free in Renderer
- CVE-2017-5016: UI spoofing in Blink
- CVE-2017-5017: Uninitialised memory access in webm video
- CVE-2017-5018: Universal XSS in chrome://apps
- CVE-2017-5020: Universal XSS in chrome://downloads
- CVE-2017-5021: Use after free in Extensions
- CVE-2017-5022: Bypass of Content Security Policy in Blink
- CVE-2017-5023: Type confusion in metrics
- CVE-2017-5024: Heap overflow in FFmpeg
- CVE-2017-5025: Heap overflow in FFmpeg
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- Enable VAAPI hardware accelerated video decoding.
- Chromium 55.0.2883.87:
* various fixes for crashes and specific wesites
* update Google pinned certificates
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2017-272=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
chromedriver-56.0.2924.87-5.1
chromium-56.0.2924.87-5.1
References:
https://www.suse.com/security/cve/CVE-2017-5006.html
https://www.suse.com/security/cve/CVE-2017-5007.html
https://www.suse.com/security/cve/CVE-2017-5008.html
https://www.suse.com/security/cve/CVE-2017-5009.html
https://www.suse.com/security/cve/CVE-2017-5010.html
https://www.suse.com/security/cve/CVE-2017-5011.html
https://www.suse.com/security/cve/CVE-2017-5012.html
https://www.suse.com/security/cve/CVE-2017-5013.html
https://www.suse.com/security/cve/CVE-2017-5014.html
https://www.suse.com/security/cve/CVE-2017-5015.html
https://www.suse.com/security/cve/CVE-2017-5016.html
https://www.suse.com/security/cve/CVE-2017-5017.html
https://www.suse.com/security/cve/CVE-2017-5018.html
https://www.suse.com/security/cve/CVE-2017-5019.html
https://www.suse.com/security/cve/CVE-2017-5020.html
https://www.suse.com/security/cve/CVE-2017-5021.html
https://www.suse.com/security/cve/CVE-2017-5022.html
https://www.suse.com/security/cve/CVE-2017-5023.html
https://www.suse.com/security/cve/CVE-2017-5024.html
https://www.suse.com/security/cve/CVE-2017-5025.html
https://www.suse.com/security/cve/CVE-2017-5026.html
https://bugzilla.suse.com/1022049
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:0563-1: important: Security update for Chromium
by opensuse-security@opensuse.org 27 Feb '17
by opensuse-security@opensuse.org 27 Feb '17
27 Feb '17
openSUSE Security Update: Security update for Chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:0563-1
Rating: important
References: #1013236
Cross-References: CVE-2016-5203 CVE-2016-5204 CVE-2016-5205
CVE-2016-5206 CVE-2016-5207 CVE-2016-5208
CVE-2016-5209 CVE-2016-5210 CVE-2016-5211
CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
CVE-2016-5215 CVE-2016-5216 CVE-2016-5217
CVE-2016-5218 CVE-2016-5219 CVE-2016-5220
CVE-2016-5221 CVE-2016-5222 CVE-2016-5223
CVE-2016-5224 CVE-2016-5225 CVE-2016-5226
CVE-2016-9650 CVE-2016-9651 CVE-2016-9652
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes 27 vulnerabilities is now available.
Description:
This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:
- CVE-2016-9651: Private property access in V8
- CVE-2016-5208: Universal XSS in Blink
- CVE-2016-5207: Universal XSS in Blink
- CVE-2016-5206: Same-origin bypass in PDFium
- CVE-2016-5205: Universal XSS in Blink
- CVE-2016-5204: Universal XSS in Blink
- CVE-2016-5209: Out of bounds write in Blink
- CVE-2016-5203: Use after free in PDFium
- CVE-2016-5210: Out of bounds write in PDFium
- CVE-2016-5212: Local file disclosure in DevTools
- CVE-2016-5211: Use after free in PDFium
- CVE-2016-5213: Use after free in V8
- CVE-2016-5214: File download protection bypass
- CVE-2016-5216: Use after free in PDFium
- CVE-2016-5215: Use after free in Webaudio
- CVE-2016-5217: Use of unvalidated data in PDFium
- CVE-2016-5218: Address spoofing in Omnibox
- CVE-2016-5219: Use after free in V8
- CVE-2016-5221: Integer overflow in ANGLE
- CVE-2016-5220: Local file access in PDFium
- CVE-2016-5222: Address spoofing in Omnibox
- CVE-2016-9650: CSP Referrer disclosure
- CVE-2016-5223: Integer overflow in PDFium
- CVE-2016-5226: Limited XSS in Blink
- CVE-2016-5225: CSP bypass in Blink
- CVE-2016-5224: Same-origin bypass in SVG
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
The default bookmarks override was removed.
The following packaging changes are included:
- Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.
- Chromium now requires harfbuzz >= 1.3.0
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2016-1496=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
chromedriver-55.0.2883.75-2.1
chromium-55.0.2883.75-2.1
References:
https://www.suse.com/security/cve/CVE-2016-5203.html
https://www.suse.com/security/cve/CVE-2016-5204.html
https://www.suse.com/security/cve/CVE-2016-5205.html
https://www.suse.com/security/cve/CVE-2016-5206.html
https://www.suse.com/security/cve/CVE-2016-5207.html
https://www.suse.com/security/cve/CVE-2016-5208.html
https://www.suse.com/security/cve/CVE-2016-5209.html
https://www.suse.com/security/cve/CVE-2016-5210.html
https://www.suse.com/security/cve/CVE-2016-5211.html
https://www.suse.com/security/cve/CVE-2016-5212.html
https://www.suse.com/security/cve/CVE-2016-5213.html
https://www.suse.com/security/cve/CVE-2016-5214.html
https://www.suse.com/security/cve/CVE-2016-5215.html
https://www.suse.com/security/cve/CVE-2016-5216.html
https://www.suse.com/security/cve/CVE-2016-5217.html
https://www.suse.com/security/cve/CVE-2016-5218.html
https://www.suse.com/security/cve/CVE-2016-5219.html
https://www.suse.com/security/cve/CVE-2016-5220.html
https://www.suse.com/security/cve/CVE-2016-5221.html
https://www.suse.com/security/cve/CVE-2016-5222.html
https://www.suse.com/security/cve/CVE-2016-5223.html
https://www.suse.com/security/cve/CVE-2016-5224.html
https://www.suse.com/security/cve/CVE-2016-5225.html
https://www.suse.com/security/cve/CVE-2016-5226.html
https://www.suse.com/security/cve/CVE-2016-9650.html
https://www.suse.com/security/cve/CVE-2016-9651.html
https://www.suse.com/security/cve/CVE-2016-9652.html
https://bugzilla.suse.com/1013236
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0556-1: important: Security update for php5
by opensuse-security@opensuse.org 23 Feb '17
by opensuse-security@opensuse.org 23 Feb '17
23 Feb '17
SUSE Security Update: Security update for php5
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0556-1
Rating: important
References: #1019550 #1022219 #1022255 #1022257 #1022260
#1022263 #1022264 #1022265
Cross-References: CVE-2016-10158 CVE-2016-10159 CVE-2016-10160
CVE-2016-10161 CVE-2016-10166 CVE-2016-10167
CVE-2016-10168 CVE-2016-7478
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for php5 fixes the following issues:
- CVE-2016-7478: When unserializing untrusted input data, PHP could end up
in an infinite loop, causing denial of service (bsc#1019550)
- CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c
in PHP allowed remote attackers to cause a denial of service
(application crash) via crafted EXIF data that triggers an attempt to
divide the minimum representable negative integer by -1. (bsc#1022219)
- CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in
ext/phar/phar.c in PHP allowed remote attackers to cause a denial
of service (memory consumption or application crash) via a truncated
manifest entry in a PHAR archive. (bsc#1022255)
- CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in
ext/phar/phar.c in PHP allowed remote attackers to cause a denial
of service (memory corruption) or possibly execute arbitrary code via a
crafted PHAR archive with an alias mismatch. (bsc#1022257)
- CVE-2016-10161: The object_common1 function in
ext/standard/var_unserializer.c in PHP allowed remote attackers to cause
a denial of service (buffer over-read and application crash) via crafted
serialized data that is mishandled in a finish_nested_data call.
(bsc#1022260)
- CVE-2016-10166: A potential unsigned underflow in gd interpolation
functions could lead to memory corruption in the PHP gd module
(bsc#1022263)
- CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx()
could lead to php out of memory even on small files. (bsc#1022264)
- CVE-2016-10168: A signed integer overflow in the gd module could lead to
memory corruption (bsc#1022265)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-293=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-293=1
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-293=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
php5-debuginfo-5.5.14-96.1
php5-debugsource-5.5.14-96.1
php5-devel-5.5.14-96.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
php5-debuginfo-5.5.14-96.1
php5-debugsource-5.5.14-96.1
php5-devel-5.5.14-96.1
- SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):
apache2-mod_php5-5.5.14-96.1
apache2-mod_php5-debuginfo-5.5.14-96.1
php5-5.5.14-96.1
php5-bcmath-5.5.14-96.1
php5-bcmath-debuginfo-5.5.14-96.1
php5-bz2-5.5.14-96.1
php5-bz2-debuginfo-5.5.14-96.1
php5-calendar-5.5.14-96.1
php5-calendar-debuginfo-5.5.14-96.1
php5-ctype-5.5.14-96.1
php5-ctype-debuginfo-5.5.14-96.1
php5-curl-5.5.14-96.1
php5-curl-debuginfo-5.5.14-96.1
php5-dba-5.5.14-96.1
php5-dba-debuginfo-5.5.14-96.1
php5-debuginfo-5.5.14-96.1
php5-debugsource-5.5.14-96.1
php5-dom-5.5.14-96.1
php5-dom-debuginfo-5.5.14-96.1
php5-enchant-5.5.14-96.1
php5-enchant-debuginfo-5.5.14-96.1
php5-exif-5.5.14-96.1
php5-exif-debuginfo-5.5.14-96.1
php5-fastcgi-5.5.14-96.1
php5-fastcgi-debuginfo-5.5.14-96.1
php5-fileinfo-5.5.14-96.1
php5-fileinfo-debuginfo-5.5.14-96.1
php5-fpm-5.5.14-96.1
php5-fpm-debuginfo-5.5.14-96.1
php5-ftp-5.5.14-96.1
php5-ftp-debuginfo-5.5.14-96.1
php5-gd-5.5.14-96.1
php5-gd-debuginfo-5.5.14-96.1
php5-gettext-5.5.14-96.1
php5-gettext-debuginfo-5.5.14-96.1
php5-gmp-5.5.14-96.1
php5-gmp-debuginfo-5.5.14-96.1
php5-iconv-5.5.14-96.1
php5-iconv-debuginfo-5.5.14-96.1
php5-imap-5.5.14-96.1
php5-imap-debuginfo-5.5.14-96.1
php5-intl-5.5.14-96.1
php5-intl-debuginfo-5.5.14-96.1
php5-json-5.5.14-96.1
php5-json-debuginfo-5.5.14-96.1
php5-ldap-5.5.14-96.1
php5-ldap-debuginfo-5.5.14-96.1
php5-mbstring-5.5.14-96.1
php5-mbstring-debuginfo-5.5.14-96.1
php5-mcrypt-5.5.14-96.1
php5-mcrypt-debuginfo-5.5.14-96.1
php5-mysql-5.5.14-96.1
php5-mysql-debuginfo-5.5.14-96.1
php5-odbc-5.5.14-96.1
php5-odbc-debuginfo-5.5.14-96.1
php5-opcache-5.5.14-96.1
php5-opcache-debuginfo-5.5.14-96.1
php5-openssl-5.5.14-96.1
php5-openssl-debuginfo-5.5.14-96.1
php5-pcntl-5.5.14-96.1
php5-pcntl-debuginfo-5.5.14-96.1
php5-pdo-5.5.14-96.1
php5-pdo-debuginfo-5.5.14-96.1
php5-pgsql-5.5.14-96.1
php5-pgsql-debuginfo-5.5.14-96.1
php5-phar-5.5.14-96.1
php5-phar-debuginfo-5.5.14-96.1
php5-posix-5.5.14-96.1
php5-posix-debuginfo-5.5.14-96.1
php5-pspell-5.5.14-96.1
php5-pspell-debuginfo-5.5.14-96.1
php5-shmop-5.5.14-96.1
php5-shmop-debuginfo-5.5.14-96.1
php5-snmp-5.5.14-96.1
php5-snmp-debuginfo-5.5.14-96.1
php5-soap-5.5.14-96.1
php5-soap-debuginfo-5.5.14-96.1
php5-sockets-5.5.14-96.1
php5-sockets-debuginfo-5.5.14-96.1
php5-sqlite-5.5.14-96.1
php5-sqlite-debuginfo-5.5.14-96.1
php5-suhosin-5.5.14-96.1
php5-suhosin-debuginfo-5.5.14-96.1
php5-sysvmsg-5.5.14-96.1
php5-sysvmsg-debuginfo-5.5.14-96.1
php5-sysvsem-5.5.14-96.1
php5-sysvsem-debuginfo-5.5.14-96.1
php5-sysvshm-5.5.14-96.1
php5-sysvshm-debuginfo-5.5.14-96.1
php5-tokenizer-5.5.14-96.1
php5-tokenizer-debuginfo-5.5.14-96.1
php5-wddx-5.5.14-96.1
php5-wddx-debuginfo-5.5.14-96.1
php5-xmlreader-5.5.14-96.1
php5-xmlreader-debuginfo-5.5.14-96.1
php5-xmlrpc-5.5.14-96.1
php5-xmlrpc-debuginfo-5.5.14-96.1
php5-xmlwriter-5.5.14-96.1
php5-xmlwriter-debuginfo-5.5.14-96.1
php5-xsl-5.5.14-96.1
php5-xsl-debuginfo-5.5.14-96.1
php5-zip-5.5.14-96.1
php5-zip-debuginfo-5.5.14-96.1
php5-zlib-5.5.14-96.1
php5-zlib-debuginfo-5.5.14-96.1
- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
php5-pear-5.5.14-96.1
References:
https://www.suse.com/security/cve/CVE-2016-10158.html
https://www.suse.com/security/cve/CVE-2016-10159.html
https://www.suse.com/security/cve/CVE-2016-10160.html
https://www.suse.com/security/cve/CVE-2016-10161.html
https://www.suse.com/security/cve/CVE-2016-10166.html
https://www.suse.com/security/cve/CVE-2016-10167.html
https://www.suse.com/security/cve/CVE-2016-10168.html
https://www.suse.com/security/cve/CVE-2016-7478.html
https://bugzilla.suse.com/1019550
https://bugzilla.suse.com/1022219
https://bugzilla.suse.com/1022255
https://bugzilla.suse.com/1022257
https://bugzilla.suse.com/1022260
https://bugzilla.suse.com/1022263
https://bugzilla.suse.com/1022264
https://bugzilla.suse.com/1022265
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0555-1: important: Security update for util-linux
by opensuse-security@opensuse.org 23 Feb '17
by opensuse-security@opensuse.org 23 Feb '17
23 Feb '17
SUSE Security Update: Security update for util-linux
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0555-1
Rating: important
References: #1008965 #1012504 #1012632 #1019332 #1020077
#1023041
Cross-References: CVE-2017-2616
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
now available.
Description:
This update for util-linux fixes the following issues:
This security issue was fixed:
- CVE-2017-2616: In su with PAM support it was possible for local users to
send SIGKILL to selected other processes with root privileges
(bsc#1023041).
This non-security issues were fixed:
- lscpu: Implement WSL detection and work around crash (bsc#1019332)
- fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts
(bsc#1020077)
- Fix regressions in safe loop re-use patch set for libmount (bsc#1012504)
- Disable ro checks for mtab (bsc#1012632)
- Ensure that the option "users,exec,dev,suid" work as expected on NFS
mounts (bsc#1008965)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2017-291=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-291=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-291=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-291=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
libuuid-devel-2.25-40.1
util-linux-debuginfo-2.25-40.1
util-linux-debugsource-2.25-40.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
libblkid-devel-2.25-40.1
libmount-devel-2.25-40.1
libsmartcols-devel-2.25-40.1
libuuid-devel-2.25-40.1
util-linux-debuginfo-2.25-40.1
util-linux-debugsource-2.25-40.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
libblkid1-2.25-40.1
libblkid1-debuginfo-2.25-40.1
libmount1-2.25-40.1
libmount1-debuginfo-2.25-40.1
libsmartcols1-2.25-40.1
libsmartcols1-debuginfo-2.25-40.1
libuuid1-2.25-40.1
libuuid1-debuginfo-2.25-40.1
python-libmount-2.25-40.2
python-libmount-debuginfo-2.25-40.2
python-libmount-debugsource-2.25-40.2
util-linux-2.25-40.1
util-linux-debuginfo-2.25-40.1
util-linux-debugsource-2.25-40.1
util-linux-systemd-2.25-40.1
util-linux-systemd-debuginfo-2.25-40.1
util-linux-systemd-debugsource-2.25-40.1
uuidd-2.25-40.1
uuidd-debuginfo-2.25-40.1
- SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
libblkid1-32bit-2.25-40.1
libblkid1-debuginfo-32bit-2.25-40.1
libmount1-32bit-2.25-40.1
libmount1-debuginfo-32bit-2.25-40.1
libuuid1-32bit-2.25-40.1
libuuid1-debuginfo-32bit-2.25-40.1
- SUSE Linux Enterprise Server 12-SP1 (noarch):
util-linux-lang-2.25-40.1
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
util-linux-lang-2.25-40.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
libblkid1-2.25-40.1
libblkid1-32bit-2.25-40.1
libblkid1-debuginfo-2.25-40.1
libblkid1-debuginfo-32bit-2.25-40.1
libmount1-2.25-40.1
libmount1-32bit-2.25-40.1
libmount1-debuginfo-2.25-40.1
libmount1-debuginfo-32bit-2.25-40.1
libsmartcols1-2.25-40.1
libsmartcols1-debuginfo-2.25-40.1
libuuid-devel-2.25-40.1
libuuid1-2.25-40.1
libuuid1-32bit-2.25-40.1
libuuid1-debuginfo-2.25-40.1
libuuid1-debuginfo-32bit-2.25-40.1
python-libmount-2.25-40.2
python-libmount-debuginfo-2.25-40.2
python-libmount-debugsource-2.25-40.2
util-linux-2.25-40.1
util-linux-debuginfo-2.25-40.1
util-linux-debugsource-2.25-40.1
util-linux-systemd-2.25-40.1
util-linux-systemd-debuginfo-2.25-40.1
util-linux-systemd-debugsource-2.25-40.1
uuidd-2.25-40.1
uuidd-debuginfo-2.25-40.1
References:
https://www.suse.com/security/cve/CVE-2017-2616.html
https://bugzilla.suse.com/1008965
https://bugzilla.suse.com/1012504
https://bugzilla.suse.com/1012632
https://bugzilla.suse.com/1019332
https://bugzilla.suse.com/1020077
https://bugzilla.suse.com/1023041
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:0554-1: important: Security update for util-linux
by opensuse-security@opensuse.org 23 Feb '17
by opensuse-security@opensuse.org 23 Feb '17
23 Feb '17
SUSE Security Update: Security update for util-linux
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0554-1
Rating: important
References: #1008965 #1012504 #1012632 #1019332 #1020077
#1020985 #1023041
Cross-References: CVE-2017-2616
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update for util-linux fixes the following issues:
This security issue was fixed:
- CVE-2017-2616: In su with PAM support it was possible for local users to
send SIGKILL to selected other processes with root privileges
(bsc#1023041).
This non-security issues were fixed:
- lscpu: Implement WSL detection and work around crash (bsc#1019332)
- fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts
(bsc#1020077)
- Fix regressions in safe loop re-use patch set for libmount (bsc#1012504)
- Disable ro checks for mtab (bsc#1012632)
- Ensure that the option "users,exec,dev,suid" work as expected on NFS
mounts (bsc#1008965)
- Fix empty slave detection to prevent 100% CPU load in some cases
(bsc#1020985)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-292=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-292=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-292=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-292=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-292=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
libuuid-devel-2.28-44.3.1
util-linux-debuginfo-2.28-44.3.1
util-linux-debugsource-2.28-44.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
libblkid-devel-2.28-44.3.1
libmount-devel-2.28-44.3.1
libsmartcols-devel-2.28-44.3.1
libuuid-devel-2.28-44.3.1
util-linux-debuginfo-2.28-44.3.1
util-linux-debugsource-2.28-44.3.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
libblkid1-2.28-44.3.1
libblkid1-debuginfo-2.28-44.3.1
libfdisk1-2.28-44.3.1
libfdisk1-debuginfo-2.28-44.3.1
libmount1-2.28-44.3.1
libmount1-debuginfo-2.28-44.3.1
libsmartcols1-2.28-44.3.1
libsmartcols1-debuginfo-2.28-44.3.1
libuuid1-2.28-44.3.1
libuuid1-debuginfo-2.28-44.3.1
python-libmount-2.28-44.3.3
python-libmount-debuginfo-2.28-44.3.3
python-libmount-debugsource-2.28-44.3.3
util-linux-2.28-44.3.1
util-linux-debuginfo-2.28-44.3.1
util-linux-debugsource-2.28-44.3.1
util-linux-systemd-2.28-44.3.3
util-linux-systemd-debuginfo-2.28-44.3.3
util-linux-systemd-debugsource-2.28-44.3.3
uuidd-2.28-44.3.3
uuidd-debuginfo-2.28-44.3.3
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
util-linux-lang-2.28-44.3.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
libblkid1-2.28-44.3.1
libblkid1-debuginfo-2.28-44.3.1
libfdisk1-2.28-44.3.1
libfdisk1-debuginfo-2.28-44.3.1
libmount1-2.28-44.3.1
libmount1-debuginfo-2.28-44.3.1
libsmartcols1-2.28-44.3.1
libsmartcols1-debuginfo-2.28-44.3.1
libuuid1-2.28-44.3.1
libuuid1-debuginfo-2.28-44.3.1
python-libmount-2.28-44.3.3
python-libmount-debuginfo-2.28-44.3.3
python-libmount-debugsource-2.28-44.3.3
util-linux-2.28-44.3.1
util-linux-debuginfo-2.28-44.3.1
util-linux-debugsource-2.28-44.3.1
util-linux-systemd-2.28-44.3.3
util-linux-systemd-debuginfo-2.28-44.3.3
util-linux-systemd-debugsource-2.28-44.3.3
uuidd-2.28-44.3.3
uuidd-debuginfo-2.28-44.3.3
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
libblkid1-32bit-2.28-44.3.1
libblkid1-debuginfo-32bit-2.28-44.3.1
libmount1-32bit-2.28-44.3.1
libmount1-debuginfo-32bit-2.28-44.3.1
libuuid1-32bit-2.28-44.3.1
libuuid1-debuginfo-32bit-2.28-44.3.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
util-linux-lang-2.28-44.3.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libblkid1-2.28-44.3.1
libblkid1-32bit-2.28-44.3.1
libblkid1-debuginfo-2.28-44.3.1
libblkid1-debuginfo-32bit-2.28-44.3.1
libfdisk1-2.28-44.3.1
libfdisk1-debuginfo-2.28-44.3.1
libmount1-2.28-44.3.1
libmount1-32bit-2.28-44.3.1
libmount1-debuginfo-2.28-44.3.1
libmount1-debuginfo-32bit-2.28-44.3.1
libsmartcols1-2.28-44.3.1
libsmartcols1-debuginfo-2.28-44.3.1
libuuid-devel-2.28-44.3.1
libuuid1-2.28-44.3.1
libuuid1-32bit-2.28-44.3.1
libuuid1-debuginfo-2.28-44.3.1
libuuid1-debuginfo-32bit-2.28-44.3.1
python-libmount-2.28-44.3.3
python-libmount-debuginfo-2.28-44.3.3
python-libmount-debugsource-2.28-44.3.3
util-linux-2.28-44.3.1
util-linux-debuginfo-2.28-44.3.1
util-linux-debugsource-2.28-44.3.1
util-linux-systemd-2.28-44.3.3
util-linux-systemd-debuginfo-2.28-44.3.3
util-linux-systemd-debugsource-2.28-44.3.3
uuidd-2.28-44.3.3
uuidd-debuginfo-2.28-44.3.3
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
util-linux-lang-2.28-44.3.1
References:
https://www.suse.com/security/cve/CVE-2017-2616.html
https://bugzilla.suse.com/1008965
https://bugzilla.suse.com/1012504
https://bugzilla.suse.com/1012632
https://bugzilla.suse.com/1019332
https://bugzilla.suse.com/1020077
https://bugzilla.suse.com/1020985
https://bugzilla.suse.com/1023041
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0