SUSE Security Update: Security update for libtirpc, rpcbind
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1468-1
Rating: important
References: #1037559
Cross-References: CVE-2017-8779
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libtirpc and rpcbind fixes the following issues:
- CVE-2017-8779: A crafted UDP package could lead rpcbind to remote
denial-of-service. (bsc#1037559)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libtirpc-13135=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-libtirpc-13135=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-libtirpc-13135=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-libtirpc-13135=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-libtirpc-13135=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-libtirpc-13135=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libtirpc-devel-0.2.1-1.12.3
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libtirpc1-0.2.1-1.12.3
rpcbind-0.1.6+git20080930-6.27.2
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
libtirpc1-0.2.1-1.12.3
rpcbind-0.1.6+git20080930-6.27.2
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
libtirpc1-0.2.1-1.12.3
rpcbind-0.1.6+git20080930-6.27.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libtirpc-debuginfo-0.2.1-1.12.3
libtirpc-debugsource-0.2.1-1.12.3
rpcbind-debuginfo-0.1.6+git20080930-6.27.2
rpcbind-debugsource-0.1.6+git20080930-6.27.2
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
libtirpc-debuginfo-0.2.1-1.12.3
libtirpc-debugsource-0.2.1-1.12.3
rpcbind-debuginfo-0.1.6+git20080930-6.27.2
rpcbind-debugsource-0.1.6+git20080930-6.27.2
References:
https://www.suse.com/security/cve/CVE-2017-8779.htmlhttps://bugzilla.suse.com/1037559
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for sudo
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1455-1
Rating: important
References: #1015351 #1024145 #1039361 #981124
Cross-References: CVE-2017-1000367
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for sudo fixes the following issues:
CVE-2017-1000367:
- Due to incorrect assumptions in /proc/[pid]/stat parsing, a local
attacker can pretend that his tty is any file on the filesystem, thus
gaining arbitrary file write access on SELinux-enabled systems.
[bsc#1039361]
- Fix FQDN for hostname. [bsc#1024145]
- Filter netgroups, they aren't handled by SSSD. [bsc#1015351]
- Fix problems related to "krb5_ccname" option [bsc#981124]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-636=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
sudo-1.8.10p3-9.3.1
sudo-debuginfo-1.8.10p3-9.3.1
sudo-debugsource-1.8.10p3-9.3.1
sudo-devel-1.8.10p3-9.3.1
sudo-test-1.8.10p3-9.3.1
References:
https://www.suse.com/security/cve/CVE-2017-1000367.htmlhttps://bugzilla.suse.com/1015351https://bugzilla.suse.com/1024145https://bugzilla.suse.com/1039361https://bugzilla.suse.com/981124
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for sudo
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1450-1
Rating: important
References: #1015351 #1024145 #1039361 #981124
Cross-References: CVE-2017-1000367
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for sudo fixes the following issues:
CVE-2017-1000367:
- Due to incorrect assumptions in /proc/[pid]/stat parsing, a local
attacker can pretend that his tty is any file on the filesystem, thus
gaining arbitrary file write access on SELinux-enabled systems.
[bsc#1039361]
- Fix FQDN for hostname. [bsc#1024145]
- Filter netgroups, they aren't handled by SSSD. [bsc#1015351]
- Fix problems related to "krb5_ccname" option [bsc#981124]
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-889=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-889=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-889=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-889=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-889=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
sudo-debuginfo-1.8.10p3-10.5.1
sudo-debugsource-1.8.10p3-10.5.1
sudo-devel-1.8.10p3-10.5.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
sudo-1.8.10p3-10.5.1
sudo-debuginfo-1.8.10p3-10.5.1
sudo-debugsource-1.8.10p3-10.5.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
sudo-1.8.10p3-10.5.1
sudo-debuginfo-1.8.10p3-10.5.1
sudo-debugsource-1.8.10p3-10.5.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
sudo-1.8.10p3-10.5.1
sudo-debuginfo-1.8.10p3-10.5.1
sudo-debugsource-1.8.10p3-10.5.1
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
sudo-1.8.10p3-10.5.1
sudo-debuginfo-1.8.10p3-10.5.1
sudo-debugsource-1.8.10p3-10.5.1
References:
https://www.suse.com/security/cve/CVE-2017-1000367.htmlhttps://bugzilla.suse.com/1015351https://bugzilla.suse.com/1024145https://bugzilla.suse.com/1039361https://bugzilla.suse.com/981124
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for sudo
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1446-1
Rating: important
References: #1015351 #1024145 #1039361 #981124
Cross-References: CVE-2017-1000367
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for sudo fixes the following issues:
CVE-2017-1000367:
- Due to incorrect assumptions in /proc/[pid]/stat parsing, a local
attacker can pretend that his tty is any file on the filesystem, thus
gaining arbitrary file write access on SELinux-enabled systems.
[bsc#1039361]
- Fix FQDN for hostname. [bsc#1024145]
- Filter netgroups, they aren't handled by SSSD. [bsc#1015351]
- Fix problems related to "krb5_ccname" option [bsc#981124]
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-888=1
- SUSE Linux Enterprise Server for SAP 12:
zypper in -t patch SUSE-SLE-SAP-12-2017-888=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-888=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-888=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-888=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
sudo-debuginfo-1.8.10p3-2.11.1
sudo-debugsource-1.8.10p3-2.11.1
sudo-devel-1.8.10p3-2.11.1
- SUSE Linux Enterprise Server for SAP 12 (x86_64):
sudo-1.8.10p3-2.11.1
sudo-debuginfo-1.8.10p3-2.11.1
sudo-debugsource-1.8.10p3-2.11.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
sudo-1.8.10p3-2.11.1
sudo-debuginfo-1.8.10p3-2.11.1
sudo-debugsource-1.8.10p3-2.11.1
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
sudo-1.8.10p3-2.11.1
sudo-debuginfo-1.8.10p3-2.11.1
sudo-debugsource-1.8.10p3-2.11.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
sudo-1.8.10p3-2.11.1
sudo-debuginfo-1.8.10p3-2.11.1
sudo-debugsource-1.8.10p3-2.11.1
References:
https://www.suse.com/security/cve/CVE-2017-1000367.htmlhttps://bugzilla.suse.com/1015351https://bugzilla.suse.com/1024145https://bugzilla.suse.com/1039361https://bugzilla.suse.com/981124
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1445-1
Rating: important
References: #1034849
Cross-References: CVE-2017-3509 CVE-2017-3511 CVE-2017-3512
CVE-2017-3514 CVE-2017-3526 CVE-2017-3533
CVE-2017-3539 CVE-2017-3544
Affected Products:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for java-1_8_0-openjdk fixes the following issues:
- Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849
* Security fixes
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163528, CVE-2017-3511: Better library loading
- S8165626, CVE-2017-3512: Improved window framing
- S8167110, CVE-2017-3514: Windows peering issue
- S8168699: Validate special case invocations
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8170222, CVE-2017-3533: Better transfers of files
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172299: Improve class processing
* New features
- PR1969: Add AArch32 JIT port
- PR3297: Allow Shenandoah to be used on AArch64
- PR3340: jstack.stp should support AArch64
* Import of OpenJDK 8 u131 build 11
- S6474807: (smartcardio) CardTerminal.connect() throws CardException
instead of CardNotPresentException
- S6515172, PR3346: Runtime.availableProcessors() ignores Linux
taskset command
- S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java
hangs on win 64 bit with jdk8
- S7167293: FtpURLConnection connection leak on FileNotFoundException
- S8035568: [macosx] Cursor management unification
- S8079595: Resizing dialog which is JWindow parent makes JVM crash
- S8130769: The new menu can't be shown on the menubar after clicking
the "Add" button.
- S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test
fails with NullPointerException
- S8147842: IME Composition Window is displayed at incorrect location
- S8147910, PR3346: Cache initial active_processor_count
- S8150490: Update OS detection code to recognize Windows Server 2016
- S8160951: [TEST_BUG]
javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added
into :needs_jre group
- S8160958: [TEST_BUG]
java/net/SetFactoryPermission/SetFactoryPermission.java should be
added into :needs_compact2 group
- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161993, PR3346: G1 crashes if active_processor_count changes
during startup
- S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java
fails intermittently
- S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails
- S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed
with "Error while cleaning up threads after test"
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8168774: Polymorhic signature method check crashes javac
- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
- S8169589: [macosx] Activating a JDialog puts to back another dialog
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup
memory limits in container (ie Docker) environments
- S8171388: Update JNDI Thread contexts
- S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error:
The bitwise mask Frame.ICONIFIED is not setwhen the frame is in
ICONIFIED state
- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog
test fails as DummyButton on Dialog did not gain focus when clicked.
- S8173030: Temporary backout fix #8035568 from 8u131-b03
- S8173031: Temporary backout fix #8171952 from 8u131-b03
- S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss swap to
commercial header for licensee source bundle
- S8174985: NTLM authentication doesn't work with IIS if NTLM cache is
disabled
- S8176044: (tz) Support tzdata2017a
* Backports
- S6457406, PR3335: javadoc doesn't handle <a href='http://...'>
properly in producing index pages
- S8030245, PR3335: Update langtools to use try-with-resources and
multi-catch
- S8030253, PR3335: Update langtools to use strings-in-switch
- S8030262, PR3335: Update langtools to use foreach loops
- S8031113, PR3337: TEST_BUG:
java/nio/channels/AsynchronousChannelGroup/Basic.java fails
intermittently
- S8031625, PR3335: javadoc problems referencing inner class
constructors
- S8031649, PR3335: Clean up javadoc tests
- S8031670, PR3335: Remove unneeded -source options in javadoc tests
- S8032066, PR3335: Serialized form has broken links to non private
inner classes of package private
- S8034174, PR2290: Remove use of JVM_* functions from java.net code
- S8034182, PR2290: Misc. warnings in java.net code
- S8035876, PR2290: AIX build issues after '8034174: Remove use
of JVM_* functions from java.net code'
- S8038730, PR3335: Clean up the way JavadocTester is invoked, and
checks for errors.
- S8040903, PR3335: Clean up use of BUG_ID in javadoc tests
- S8040904, PR3335: Ensure javadoc tests do not overwrite results
within tests
- S8040908, PR3335: javadoc test TestDocEncoding should use
-notimestamp
- S8041150, PR3335: Avoid silly use of static methods in JavadocTester
- S8041253, PR3335: Avoid redundant synonyms of NO_TEST
- S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)
- S8061305, PR3335: Javadoc crashes when method name ends with
"Property"
- S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up
to 3072-bits
- S8075565, PR3337: Define @intermittent jtreg keyword and mark
intermittently failing jdk tests
- S8075670, PR3337: Remove intermittent keyword from some tests
- S8078334, PR3337: Mark regression tests using randomness
- S8078880, PR3337: Mark a few more intermittently failuring
security-libs
- S8133318, PR3337: Exclude intermittent failing PKCS11 tests
on Solaris SPARC 11.1 and earlier
- S8144539, PR3337: Update PKCS11 tests to run with security manager
- S8144566, PR3352: Custom HostnameVerifier disables SNI extension
- S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs
never deleted when processing invokeMethod command
- S8155049, PR3352: New tests from 8144566 fail with "No expected
Server Name Indication"
- S8173941, PR3326: SA does not work if executable is DSO
- S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks
with irreducible loops
- S8174729, PR3336, RH1420518: Race Condition in
java.lang.reflect.WeakCache
- S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test
* Bug fixes
- PR3348: Architectures unsupported by SystemTap tapsets throw a parse
error
- PR3378: Perl should be mandatory
- PR3389: javac.in and javah.in should use @PERL@ rather than a
hardcoded path
* AArch64 port
- S8168699, PR3372: Validate special case invocations [AArch64 support]
- S8170100, PR3372: AArch64: Crash in C1-compiled code accessing
References
- S8172881, PR3372: AArch64: assertion failure: the int pressure is
incorrect
- S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit
instructions
- S8177661, PR3372: Correct ad rule output register types from iRegX
to iRegXNoSp
* AArch32 port
- PR3380: Zero should not be enabled by default on arm with the
AArch32 HotSpot build
- PR3384, S8139303, S8167584: Add support for AArch32 architecture to
configure and jdk makefiles
- PR3385: aarch32 does not support -Xshare:dump
- PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
- PR3387: Installation fails on arm with AArch32 port as
INSTALL_ARCH_DIR is arm, not aarch32
- PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build
* Shenandoah
- Fix Shenandoah argument checking on 32bit builds.
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-879=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-879=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-879=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
java-1_8_0-openjdk-1.8.0.131-26.3
java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-debugsource-1.8.0.131-26.3
java-1_8_0-openjdk-demo-1.8.0.131-26.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-devel-1.8.0.131-26.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-headless-1.8.0.131-26.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
java-1_8_0-openjdk-1.8.0.131-26.3
java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-debugsource-1.8.0.131-26.3
java-1_8_0-openjdk-demo-1.8.0.131-26.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-devel-1.8.0.131-26.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-headless-1.8.0.131-26.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
java-1_8_0-openjdk-1.8.0.131-26.3
java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3
java-1_8_0-openjdk-debugsource-1.8.0.131-26.3
java-1_8_0-openjdk-headless-1.8.0.131-26.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3
References:
https://www.suse.com/security/cve/CVE-2017-3509.htmlhttps://www.suse.com/security/cve/CVE-2017-3511.htmlhttps://www.suse.com/security/cve/CVE-2017-3512.htmlhttps://www.suse.com/security/cve/CVE-2017-3514.htmlhttps://www.suse.com/security/cve/CVE-2017-3526.htmlhttps://www.suse.com/security/cve/CVE-2017-3533.htmlhttps://www.suse.com/security/cve/CVE-2017-3539.htmlhttps://www.suse.com/security/cve/CVE-2017-3544.htmlhttps://bugzilla.suse.com/1034849
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for java-1_6_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1444-1
Rating: important
References: #1027038 #1038505
Cross-References: CVE-2016-2183 CVE-2016-9840 CVE-2016-9841
CVE-2016-9842 CVE-2016-9843 CVE-2017-1289
CVE-2017-3509 CVE-2017-3514 CVE-2017-3533
CVE-2017-3539 CVE-2017-3544
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for java-1_6_0-ibm fixes the following issues:
- CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c
- CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c
- CVE-2016-9842: zlib: Undefined left shift of negative number
- CVE-2016-9843: zlib: Big-endian out-of-bounds pointer
- CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when
processing XML data
- CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated
connections
- CVE-2017-3539: OpenJDK: MD5 allowed for jar verification
- CVE-2017-3533: OpenJDK: newline injection in the FTP client
- CVE-2017-3544: OpenJDK: newline injection in the SMTP client
- Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-java-1_6_0-ibm-13130=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-java-1_6_0-ibm-13130=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
java-1_6_0-ibm-1.6.0_sr16.45-84.1
java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1
java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1
java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
java-1_6_0-ibm-1.6.0_sr16.45-84.1
java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1
java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1
java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1
java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1
java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1
References:
https://www.suse.com/security/cve/CVE-2016-2183.htmlhttps://www.suse.com/security/cve/CVE-2016-9840.htmlhttps://www.suse.com/security/cve/CVE-2016-9841.htmlhttps://www.suse.com/security/cve/CVE-2016-9842.htmlhttps://www.suse.com/security/cve/CVE-2016-9843.htmlhttps://www.suse.com/security/cve/CVE-2017-1289.htmlhttps://www.suse.com/security/cve/CVE-2017-3509.htmlhttps://www.suse.com/security/cve/CVE-2017-3514.htmlhttps://www.suse.com/security/cve/CVE-2017-3533.htmlhttps://www.suse.com/security/cve/CVE-2017-3539.htmlhttps://www.suse.com/security/cve/CVE-2017-3544.htmlhttps://bugzilla.suse.com/1027038https://bugzilla.suse.com/1038505
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1429-1
Rating: important
References: #1034849
Cross-References: CVE-2017-3289 CVE-2017-3509 CVE-2017-3511
CVE-2017-3512 CVE-2017-3514 CVE-2017-3526
CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)
* Security fixes
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163528, CVE-2017-3511: Better library loading
- S8165626, CVE-2017-3512: Improved window framing
- S8167110, CVE-2017-3514: Windows peering issue
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8170222, CVE-2017-3533: Better transfers of files
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172299: Improve class processing
* New features
- PR3347: jstack.stp should support AArch64
* Import of OpenJDK 7 u141 build 0
- S4717864: setFont() does not update Fonts of Menus already on screen
- S6474807: (smartcardio) CardTerminal.connect() throws CardException
instead of CardNotPresentException
- S6518907: cleanup IA64 specific code in Hotspot
- S6869327: Add new C2 flag to keep safepoints in counted loops.
- S7112912: Message "Error occurred during initialization of VM" on
boxes with lots of RAM
- S7124213: [macosx] pack() does ignore size of a component; doesn't
on the other platforms
- S7124219: [macosx] Unable to draw images to fullscreen
- S7124552: [macosx] NullPointerException in getBufferStrategy()
- S7148275: [macosx] setIconImages() not working correctly (distorted
icon when minimized)
- S7154841: [macosx] Popups appear behind taskbar
- S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java
hangs on win 64 bit with jdk8
- S7160627: [macosx] TextArea has wrong initial size
- S7167293: FtpURLConnection connection leak on FileNotFoundException
- S7168851: [macosx] Netbeans crashes in
CImage.nativeCreateNSImageFromArray
- S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile
error
- S8005255: [macosx] Cleanup warnings in sun.lwawt
- S8006088: Incompatible heap size flags accepted by VM
- S8007295: Reduce number of warnings in awt classes
- S8010722: assert: failed: heap size is too big for compressed
oops
- S8011059: [macosx] Support automatic @2x images loading on Mac OS X
- S8014058: Regression tests for 8006088
- S8014489:
tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags jtreg
tests invoke wrong class
- S8016302: Change type of the number of GC workers to unsigned int (2)
- S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not
compile.
- S8024669: Native OOME when allocating after changes to maximum heap
supporting Coops sizing on sparcv9
- S8024926: [macosx] AquaIcon HiDPI support
- S8025974: l10n for policytool
- S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible
- S8028212: Custom cursor HiDPI support
- S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck
optimization.
- S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered
in high resolution on Retina
- S8033534: [macosx] Get MultiResolution image from native system
- S8033786: White flashing when opening Dialogs and Menus using Nimbus
with dark background
- S8035568: [macosx] Cursor management unification
- S8041734: JFrame in full screen mode leaves empty workspace after
close
- S8059803: Update use of GetVersionEx to get correct Windows version
in hs_err files
- S8066504: GetVersionEx in
java.base/windows/native/libjava/java_props_md.c might not get
correct Windows version 0
- S8079595: Resizing dialog which is JWindow parent makes JVM crash
- S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to
parent frame on focus
- S8130769: The new menu can't be shown on the menubar after clicking
the "Add" button.
- S8133357: 8u65 l10n resource file translation update
- S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test
fails with NullPointerException
- S8147842: IME Composition Window is displayed at incorrect location
- S8147910: Cache initial active_processor_count
- S8150490: Update OS detection code to recognize Windows Server 2016
- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161993: G1 crashes if active_processor_count changes during startup
- S8162603: Unrecognized VM option 'UseCountedLoopSafepoints'
- S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java
fails intermittently
- S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed
with "Error while cleaning up threads after test"
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
- S8169589: [macosx] Activating a JDialog puts to back another dialog
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8171388: Update JNDI Thread contexts
- S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error:
The bitwise mask Frame.ICONIFIED is not setwhen the frame is in
ICONIFIED state
- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog
test fails as DummyButton on Dialog did not gain focus when clicked.
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss swap to
commercial header for licensee source bundle
- S8175087: [bsd] Fix build after "8024900: PPC64: Enable new build on
AIX (jdk part)"
- S8175163: [bsd] Fix build after "8005629: javac warnings compiling
java.awt.EventDispatchThread..."
- S8176044: (tz) Support tzdata2017a
* Import of OpenJDK 7 u141 build 1
- S8043723: max_heap_for_compressed_oops() declared with size_t, but
defined with uintx
* Import of OpenJDK 7 u141 build 2
- S8011123: serialVersionUID of
java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82
* Backports
- S6515172, PR3362: Runtime.availableProcessors() ignores Linux
taskset command
- S8022284, PR3209: Hide internal data structure in PhaseCFG
- S8023003, PR3209: Cleanup the public interface to PhaseCFG
- S8023691, PR3209: Create interface for nodes in class Block
- S8023988, PR3209: Move local scheduling of nodes to the CFG creation
and code motion phase (PhaseCFG)
- S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)
- S8157306, PR3209: Random infrequent null pointer exceptions in javac
- S8173783, PR3329: IllegalArgumentException: jdk.tls.namedGroups
- S8173941, PR3330: SA does not work if executable is DSO
- S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache
* Bug fixes
- PR3349: Architectures unsupported by SystemTap tapsets throw a parse
error
- PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh
- PR3379: Perl should be mandatory
- PR3390: javac.in and javah.in should use @PERL@ rather than a
hardcoded path
* CACAO
- PR2732: Raise javadoc memory limits for CACAO again!
* AArch64 port
- S8177661, PR3367: Correct ad rule output register types from iRegX
to iRegXNoSp
- Get ecj.jar path from gcj, use the gcc variant that provides Java to
build C code to make sure jni.h is available.
- S8167104, CVE-2017-3289: Additional class construction
- S6253144: Long narrowing conversion should describe the
- S6328537: Improve javadocs for Socket class by adding
- S6978886: javadoc shows stacktrace after print error
- S6995421: Eliminate the static dependency to
- S7027045: (doc) java/awt/Window.java has several typos in
- S7054969: Null-check-in-finally pattern in java/security
- S7072353: JNDI libraries do not build with javac -Xlint:all
- S7092447: Clarify the default locale used in each locale
- S7103570: AtomicIntegerFieldUpdater does not work when
- S7187144: JavaDoc for ScriptEngineFactory.getProgram()
- S8000418: javadoc should used a standard "generated by
- S8000666: javadoc should write directly to Writer instead of
- S8000970: break out auxiliary classes that will prevent
- S8001669: javadoc internal DocletAbortException should set
- S8011402: Move blacklisting certificate logic from hard code
- S8011547: Update XML Signature implementation to Apache
- S8012288: XML DSig API allows wrong tag names and extra
- S8017325: Cleanup of the javadoc <code> tag in
- S8017326: Cleanup of the javadoc <code> tag in
- S8019772: Fix doclint issues in javax.crypto and
- S8020688: Broken links in documentation at
- S8021108: Clean up doclint warnings and errors in java.text
- S8022120: JCK test
api/javax_xml/crypto/dsig/TransformService/index_ParamMethods
- S8025409: Fix javadoc comments errors and warning reported by
- S8026021: more fix of javadoc errors and warnings reported by
- S8037099: [macosx] Remove all references to GC from native
- S8038184: XMLSignature throws StringIndexOutOfBoundsException
- S8038349: Signing XML with DSA throws Exception when key is
- S8049244: XML Signature performance issue caused by
- S8050893: (smartcardio) Invert reset argument in tests in
- S8059212: Modify sun/security/smartcardio manual regression
- S8068279: (typo in the spec)
- S8068491: Update the protocol for references of
- S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs
- S8076369: Introduce the jdk.tls.client.protocols system
- S8139565: Restrict certificates with DSA keys less than 1024
- S8140422: Add mechanism to allow non default root CAs to be
- S8140587: Atomic*FieldUpdaters should use Class.isInstance
- S8149029: Secure validation of XML based digital signature
- S8151893: Add security property to configure XML Signature
- S8161228: URL objects with custom protocol handlers have port
- S8163304: jarsigner -verbose -verify should print the
- S8164908: ReflectionFactory support for IIOP and custom
- S8165230: RMIConnection addNotificationListeners failing with
- S8166393: disabledAlgorithms property should not be strictly
- S8166591: [macos 10.12] Trackpad scrolling of text on OS X
- S8166739: Improve extensibility of ObjectInputFilter
- S8167356: Follow up fix for jdk8 backport of 8164143. Changes
- S8167459: Add debug output for indicating if a chosen
- S8168861: AnchorCertificates uses hardcoded password for
- S8169688: Backout (remove) MD5 from
- S8169911: Enhanced tests for jarsigner -verbose -verify after
- S8170131: Certificates not being blocked by
- S8173854: [TEST] Update DHEKeySizing test case following
- S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on
- S8000351, PR3316, RH1390708: Tenuring threshold should be
- S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak:
- S8170888, PR3316, RH1390708: [linux] Experimental support for
- PR3318: Replace 'infinality' with 'improved font rendering'
- PR3324: Fix NSS_LIBDIR substitution in
- S8165673, PR3320: AArch64: Fix JNI floating point argument
+ S6604109, PR3162:
- Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to
directory to be specified versions of IcedTea
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-629=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
java-1_7_0-openjdk-1.7.0.141-42.3.1
java-1_7_0-openjdk-accessibility-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.141-42.3.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-debugsource-1.7.0.141-42.3.1
java-1_7_0-openjdk-demo-1.7.0.141-42.3.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-devel-1.7.0.141-42.3.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-headless-1.7.0.141-42.3.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.3.1
java-1_7_0-openjdk-src-1.7.0.141-42.3.1
- openSUSE Leap 42.2 (noarch):
java-1_7_0-openjdk-javadoc-1.7.0.141-42.3.1
References:
https://www.suse.com/security/cve/CVE-2017-3289.htmlhttps://www.suse.com/security/cve/CVE-2017-3509.htmlhttps://www.suse.com/security/cve/CVE-2017-3511.htmlhttps://www.suse.com/security/cve/CVE-2017-3512.htmlhttps://www.suse.com/security/cve/CVE-2017-3514.htmlhttps://www.suse.com/security/cve/CVE-2017-3526.htmlhttps://www.suse.com/security/cve/CVE-2017-3533.htmlhttps://www.suse.com/security/cve/CVE-2017-3539.htmlhttps://www.suse.com/security/cve/CVE-2017-3544.htmlhttps://bugzilla.suse.com/1034849
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1415-1
Rating: important
References: #1038231
Cross-References: CVE-2017-7494
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for samba fixes the following issue:
- An unprivileged user with access to the samba server could cause smbd to
load a specially crafted shared library, which then had the ability to
execute arbitrary code on the server as 'root'. [CVE-2017-7494,
bso#12780, bsc#1038231]
This update was imported from SUSE:SLE-12-SP1:Update project.
NOTE: This update is released in openSUSE Leap 42.1 after its official End
Of Life only because
of its severity and potential impact for users that have not migrated yet.
Please upgrade your openSUSE Leap 42.1 as soon as possible.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2017-618=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i586 x86_64):
ctdb-4.2.4-33.1
ctdb-debuginfo-4.2.4-33.1
ctdb-devel-4.2.4-33.1
ctdb-tests-4.2.4-33.1
ctdb-tests-debuginfo-4.2.4-33.1
libdcerpc-atsvc-devel-4.2.4-33.1
libdcerpc-atsvc0-4.2.4-33.1
libdcerpc-atsvc0-debuginfo-4.2.4-33.1
libdcerpc-binding0-4.2.4-33.1
libdcerpc-binding0-debuginfo-4.2.4-33.1
libdcerpc-devel-4.2.4-33.1
libdcerpc-samr-devel-4.2.4-33.1
libdcerpc-samr0-4.2.4-33.1
libdcerpc-samr0-debuginfo-4.2.4-33.1
libdcerpc0-4.2.4-33.1
libdcerpc0-debuginfo-4.2.4-33.1
libgensec-devel-4.2.4-33.1
libgensec0-4.2.4-33.1
libgensec0-debuginfo-4.2.4-33.1
libndr-devel-4.2.4-33.1
libndr-krb5pac-devel-4.2.4-33.1
libndr-krb5pac0-4.2.4-33.1
libndr-krb5pac0-debuginfo-4.2.4-33.1
libndr-nbt-devel-4.2.4-33.1
libndr-nbt0-4.2.4-33.1
libndr-nbt0-debuginfo-4.2.4-33.1
libndr-standard-devel-4.2.4-33.1
libndr-standard0-4.2.4-33.1
libndr-standard0-debuginfo-4.2.4-33.1
libndr0-4.2.4-33.1
libndr0-debuginfo-4.2.4-33.1
libnetapi-devel-4.2.4-33.1
libnetapi0-4.2.4-33.1
libnetapi0-debuginfo-4.2.4-33.1
libregistry-devel-4.2.4-33.1
libregistry0-4.2.4-33.1
libregistry0-debuginfo-4.2.4-33.1
libsamba-credentials-devel-4.2.4-33.1
libsamba-credentials0-4.2.4-33.1
libsamba-credentials0-debuginfo-4.2.4-33.1
libsamba-hostconfig-devel-4.2.4-33.1
libsamba-hostconfig0-4.2.4-33.1
libsamba-hostconfig0-debuginfo-4.2.4-33.1
libsamba-passdb-devel-4.2.4-33.1
libsamba-passdb0-4.2.4-33.1
libsamba-passdb0-debuginfo-4.2.4-33.1
libsamba-policy-devel-4.2.4-33.1
libsamba-policy0-4.2.4-33.1
libsamba-policy0-debuginfo-4.2.4-33.1
libsamba-util-devel-4.2.4-33.1
libsamba-util0-4.2.4-33.1
libsamba-util0-debuginfo-4.2.4-33.1
libsamdb-devel-4.2.4-33.1
libsamdb0-4.2.4-33.1
libsamdb0-debuginfo-4.2.4-33.1
libsmbclient-devel-4.2.4-33.1
libsmbclient-raw-devel-4.2.4-33.1
libsmbclient-raw0-4.2.4-33.1
libsmbclient-raw0-debuginfo-4.2.4-33.1
libsmbclient0-4.2.4-33.1
libsmbclient0-debuginfo-4.2.4-33.1
libsmbconf-devel-4.2.4-33.1
libsmbconf0-4.2.4-33.1
libsmbconf0-debuginfo-4.2.4-33.1
libsmbldap-devel-4.2.4-33.1
libsmbldap0-4.2.4-33.1
libsmbldap0-debuginfo-4.2.4-33.1
libtevent-util-devel-4.2.4-33.1
libtevent-util0-4.2.4-33.1
libtevent-util0-debuginfo-4.2.4-33.1
libwbclient-devel-4.2.4-33.1
libwbclient0-4.2.4-33.1
libwbclient0-debuginfo-4.2.4-33.1
samba-4.2.4-33.1
samba-client-4.2.4-33.1
samba-client-debuginfo-4.2.4-33.1
samba-core-devel-4.2.4-33.1
samba-debuginfo-4.2.4-33.1
samba-debugsource-4.2.4-33.1
samba-libs-4.2.4-33.1
samba-libs-debuginfo-4.2.4-33.1
samba-pidl-4.2.4-33.1
samba-python-4.2.4-33.1
samba-python-debuginfo-4.2.4-33.1
samba-test-4.2.4-33.1
samba-test-debuginfo-4.2.4-33.1
samba-test-devel-4.2.4-33.1
samba-winbind-4.2.4-33.1
samba-winbind-debuginfo-4.2.4-33.1
- openSUSE Leap 42.1 (x86_64):
libdcerpc-atsvc0-32bit-4.2.4-33.1
libdcerpc-atsvc0-debuginfo-32bit-4.2.4-33.1
libdcerpc-binding0-32bit-4.2.4-33.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-33.1
libdcerpc-samr0-32bit-4.2.4-33.1
libdcerpc-samr0-debuginfo-32bit-4.2.4-33.1
libdcerpc0-32bit-4.2.4-33.1
libdcerpc0-debuginfo-32bit-4.2.4-33.1
libgensec0-32bit-4.2.4-33.1
libgensec0-debuginfo-32bit-4.2.4-33.1
libndr-krb5pac0-32bit-4.2.4-33.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-33.1
libndr-nbt0-32bit-4.2.4-33.1
libndr-nbt0-debuginfo-32bit-4.2.4-33.1
libndr-standard0-32bit-4.2.4-33.1
libndr-standard0-debuginfo-32bit-4.2.4-33.1
libndr0-32bit-4.2.4-33.1
libndr0-debuginfo-32bit-4.2.4-33.1
libnetapi0-32bit-4.2.4-33.1
libnetapi0-debuginfo-32bit-4.2.4-33.1
libregistry0-32bit-4.2.4-33.1
libregistry0-debuginfo-32bit-4.2.4-33.1
libsamba-credentials0-32bit-4.2.4-33.1
libsamba-credentials0-debuginfo-32bit-4.2.4-33.1
libsamba-hostconfig0-32bit-4.2.4-33.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-33.1
libsamba-passdb0-32bit-4.2.4-33.1
libsamba-passdb0-debuginfo-32bit-4.2.4-33.1
libsamba-policy0-32bit-4.2.4-33.1
libsamba-policy0-debuginfo-32bit-4.2.4-33.1
libsamba-util0-32bit-4.2.4-33.1
libsamba-util0-debuginfo-32bit-4.2.4-33.1
libsamdb0-32bit-4.2.4-33.1
libsamdb0-debuginfo-32bit-4.2.4-33.1
libsmbclient-raw0-32bit-4.2.4-33.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-33.1
libsmbclient0-32bit-4.2.4-33.1
libsmbclient0-debuginfo-32bit-4.2.4-33.1
libsmbconf0-32bit-4.2.4-33.1
libsmbconf0-debuginfo-32bit-4.2.4-33.1
libsmbldap0-32bit-4.2.4-33.1
libsmbldap0-debuginfo-32bit-4.2.4-33.1
libtevent-util0-32bit-4.2.4-33.1
libtevent-util0-debuginfo-32bit-4.2.4-33.1
libwbclient0-32bit-4.2.4-33.1
libwbclient0-debuginfo-32bit-4.2.4-33.1
samba-32bit-4.2.4-33.1
samba-client-32bit-4.2.4-33.1
samba-client-debuginfo-32bit-4.2.4-33.1
samba-debuginfo-32bit-4.2.4-33.1
samba-libs-32bit-4.2.4-33.1
samba-libs-debuginfo-32bit-4.2.4-33.1
samba-winbind-32bit-4.2.4-33.1
samba-winbind-debuginfo-32bit-4.2.4-33.1
- openSUSE Leap 42.1 (noarch):
samba-doc-4.2.4-33.1
References:
https://www.suse.com/security/cve/CVE-2017-7494.htmlhttps://bugzilla.suse.com/1038231
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for rpcbind
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:1412-1
Rating: important
References: #1037559
Cross-References: CVE-2017-8779
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rpcbind fixes the following issues:
- CVE-2017-8779: A crafted UDP package could lead rcpbind to remote
denial-of-service (bsc#1037559)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-615=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
rpcbind-0.2.3-3.3.1
rpcbind-debuginfo-0.2.3-3.3.1
rpcbind-debugsource-0.2.3-3.3.1
References:
https://www.suse.com/security/cve/CVE-2017-8779.htmlhttps://bugzilla.suse.com/1037559
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org