openSUSE Security Announce May 2017

security-announce@lists.opensuse.org

3 participants
81 discussions

[security-announce] SUSE-SU-2017:1468-1: important: Security update for libtirpc, rpcbind

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for libtirpc, rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1468-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libtirpc-13135=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtirpc-13135=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libtirpc-13135=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libtirpc-13135=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtirpc-13135=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libtirpc-13135=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-devel-0.2.1-1.12.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc1-0.2.1-1.12.3 rpcbind-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libtirpc1-0.2.1-1.12.3 rpcbind-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtirpc1-0.2.1-1.12.3 rpcbind-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-debuginfo-0.2.1-1.12.3 libtirpc-debugsource-0.2.1-1.12.3 rpcbind-debuginfo-0.1.6+git20080930-6.27.2 rpcbind-debugsource-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libtirpc-debuginfo-0.2.1-1.12.3 libtirpc-debugsource-0.2.1-1.12.3 rpcbind-debuginfo-0.1.6+git20080930-6.27.2 rpcbind-debugsource-0.1.6+git20080930-6.27.2 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 11 months

[security-announce] openSUSE-SU-2017:1455-1: important: Security update for sudo

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1455-1 Rating: important References: #1015351 #1024145 #1039361 #981124 Cross-References: CVE-2017-1000367 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-636=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): sudo-1.8.10p3-9.3.1 sudo-debuginfo-1.8.10p3-9.3.1 sudo-debugsource-1.8.10p3-9.3.1 sudo-devel-1.8.10p3-9.3.1 sudo-test-1.8.10p3-9.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000367.html https://bugzilla.suse.com/1015351 https://bugzilla.suse.com/1024145 https://bugzilla.suse.com/1039361 https://bugzilla.suse.com/981124 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] SUSE-SU-2017:1450-1: important: Security update for sudo

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1450-1 Rating: important References: #1015351 #1024145 #1039361 #981124 Cross-References: CVE-2017-1000367 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-889=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-889=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-889=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-889=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-889=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 sudo-devel-1.8.10p3-10.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 References: https://www.suse.com/security/cve/CVE-2017-1000367.html https://bugzilla.suse.com/1015351 https://bugzilla.suse.com/1024145 https://bugzilla.suse.com/1039361 https://bugzilla.suse.com/981124 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] SUSE-SU-2017:1446-1: important: Security update for sudo

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1446-1 Rating: important References: #1015351 #1024145 #1039361 #981124 Cross-References: CVE-2017-1000367 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-888=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-888=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-888=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-888=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-888=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 sudo-devel-1.8.10p3-2.11.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 References: https://www.suse.com/security/cve/CVE-2017-1000367.html https://bugzilla.suse.com/1015351 https://bugzilla.suse.com/1024145 https://bugzilla.suse.com/1039361 https://bugzilla.suse.com/981124 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] SUSE-SU-2017:1445-1: important: Security update for java-1_8_0-openjdk

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1445-1 Rating: important References: #1034849 Cross-References: CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849 * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8168699: Validate special case invocations - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR1969: Add AArch32 JIT port - PR3297: Allow Shenandoah to be used on AArch64 - PR3340: jstack.stp should support AArch64 * Import of OpenJDK 8 u131 build 11 - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7167293: FtpURLConnection connection leak on FileNotFoundException - S8035568: [macosx] Cursor management unification - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910, PR3346: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group - S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993, PR3346: G1 crashes if active_processor_count changes during startup - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8168774: Polymorhic signature method check crashes javac - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173030: Temporary backout fix #8035568 from 8u131-b03 - S8173031: Temporary backout fix #8171952 from 8u131-b03 - S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8174985: NTLM authentication doesn't work with IIS if NTLM cache is disabled - S8176044: (tz) Support tzdata2017a * Backports - S6457406, PR3335: javadoc doesn't handle <a href='http://...'> properly in producing index pages - S8030245, PR3335: Update langtools to use try-with-resources and multi-catch - S8030253, PR3335: Update langtools to use strings-in-switch - S8030262, PR3335: Update langtools to use foreach loops - S8031113, PR3337: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently - S8031625, PR3335: javadoc problems referencing inner class constructors - S8031649, PR3335: Clean up javadoc tests - S8031670, PR3335: Remove unneeded -source options in javadoc tests - S8032066, PR3335: Serialized form has broken links to non private inner classes of package private - S8034174, PR2290: Remove use of JVM_* functions from java.net code - S8034182, PR2290: Misc. warnings in java.net code - S8035876, PR2290: AIX build issues after '8034174: Remove use of JVM_* functions from java.net code' - S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors. - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests - S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests - S8040908, PR3335: javadoc test TestDocEncoding should use -notimestamp - S8041150, PR3335: Avoid silly use of static methods in JavadocTester - S8041253, PR3335: Avoid redundant synonyms of NO_TEST - S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8061305, PR3335: Javadoc crashes when method name ends with "Property" - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits - S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests - S8075670, PR3337: Remove intermittent keyword from some tests - S8078334, PR3337: Mark regression tests using randomness - S8078880, PR3337: Mark a few more intermittently failuring security-libs - S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier - S8144539, PR3337: Update PKCS11 tests to run with security manager - S8144566, PR3352: Custom HostnameVerifier disables SNI extension - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command - S8155049, PR3352: New tests from 8144566 fail with "No expected Server Name Indication" - S8173941, PR3326: SA does not work if executable is DSO - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks with irreducible loops - S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test * Bug fixes - PR3348: Architectures unsupported by SystemTap tapsets throw a parse error - PR3378: Perl should be mandatory - PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path * AArch64 port - S8168699, PR3372: Validate special case invocations [AArch64 support] - S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References - S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect - S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions - S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp * AArch32 port - PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build - PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles - PR3385: aarch32 does not support -Xshare:dump - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build - PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32 - PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build * Shenandoah - Fix Shenandoah argument checking on 32bit builds. - Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-879=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-879=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-879=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.131-26.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-debugsource-1.8.0.131-26.3 java-1_8_0-openjdk-demo-1.8.0.131-26.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-devel-1.8.0.131-26.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-headless-1.8.0.131-26.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_8_0-openjdk-1.8.0.131-26.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-debugsource-1.8.0.131-26.3 java-1_8_0-openjdk-demo-1.8.0.131-26.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-devel-1.8.0.131-26.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-headless-1.8.0.131-26.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.131-26.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-debugsource-1.8.0.131-26.3 java-1_8_0-openjdk-headless-1.8.0.131-26.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3 References: https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3512.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3526.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1034849 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] SUSE-SU-2017:1444-1: important: Security update for java-1_6_0-ibm

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1444-1 Rating: important References: #1027038 #1038505 Cross-References: CVE-2016-2183 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-13130=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_6_0-ibm-13130=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.45-84.1 java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1 java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_6_0-ibm-1.6.0_sr16.45-84.1 java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1 java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1 java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1 java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1027038 https://bugzilla.suse.com/1038505 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] SUSE-SU-2017:1443-1: important: Security update for several openstack-components

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for several openstack-components ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1443-1 Rating: important References: #1024328 #1030406 #1032322 Cross-References: CVE-2017-7214 CVE-2017-7400 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -magnum and -novaopenstack-keystone provides the latest code from OpenStack Newton. - nova: Add release note that legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. (bsc#1030406, CVE-2017-7214) - nova: Remove PrivTmp from openstack-nova-compute service. (bsc#1024328) - dashboard: Remove dangerous safestring declaration. (bsc#1032322, CVE-2017-7400) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-ceilometer-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-central-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-compute-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-ipmi-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-notification-7.0.4~a0~dev7-3.1 openstack-ceilometer-api-7.0.4~a0~dev7-3.1 openstack-ceilometer-collector-7.0.4~a0~dev7-3.1 openstack-ceilometer-doc-7.0.4~a0~dev7-3.2 openstack-ceilometer-polling-7.0.4~a0~dev7-3.1 openstack-cinder-9.1.5~a0~dev1-3.1 openstack-cinder-api-9.1.5~a0~dev1-3.1 openstack-cinder-backup-9.1.5~a0~dev1-3.1 openstack-cinder-doc-9.1.5~a0~dev1-3.1 openstack-cinder-scheduler-9.1.5~a0~dev1-3.1 openstack-cinder-volume-9.1.5~a0~dev1-3.1 openstack-dashboard-10.0.4~a0~dev2-3.1 openstack-glance-13.0.1~a0~dev6-3.1 openstack-glance-api-13.0.1~a0~dev6-3.1 openstack-glance-doc-13.0.1~a0~dev6-3.3 openstack-glance-glare-13.0.1~a0~dev6-3.1 openstack-glance-registry-13.0.1~a0~dev6-3.1 openstack-heat-7.0.4~a0~dev4-4.1 openstack-heat-api-7.0.4~a0~dev4-4.1 openstack-heat-api-cfn-7.0.4~a0~dev4-4.1 openstack-heat-api-cloudwatch-7.0.4~a0~dev4-4.1 openstack-heat-doc-7.0.4~a0~dev4-4.2 openstack-heat-engine-7.0.4~a0~dev4-4.1 openstack-heat-plugin-heat_docker-7.0.4~a0~dev4-4.1 openstack-heat-test-7.0.4~a0~dev4-4.1 openstack-keystone-10.0.2~a0~dev2-6.1 openstack-keystone-doc-10.0.2~a0~dev2-6.2 openstack-magnum-3.1.2~a0~dev22-13.1 openstack-magnum-api-3.1.2~a0~dev22-13.1 openstack-magnum-conductor-3.1.2~a0~dev22-13.1 openstack-magnum-doc-3.1.2~a0~dev22-13.1 openstack-manila-3.0.1~a0~dev27-3.1 openstack-manila-api-3.0.1~a0~dev27-3.1 openstack-manila-data-3.0.1~a0~dev27-3.1 openstack-manila-doc-3.0.1~a0~dev27-3.1 openstack-manila-scheduler-3.0.1~a0~dev27-3.1 openstack-manila-share-3.0.1~a0~dev27-3.1 openstack-nova-14.0.6~a0~dev16-3.1 openstack-nova-api-14.0.6~a0~dev16-3.1 openstack-nova-cells-14.0.6~a0~dev16-3.1 openstack-nova-cert-14.0.6~a0~dev16-3.1 openstack-nova-compute-14.0.6~a0~dev16-3.1 openstack-nova-conductor-14.0.6~a0~dev16-3.1 openstack-nova-console-14.0.6~a0~dev16-3.1 openstack-nova-consoleauth-14.0.6~a0~dev16-3.1 openstack-nova-doc-14.0.6~a0~dev16-3.3 openstack-nova-novncproxy-14.0.6~a0~dev16-3.1 openstack-nova-placement-api-14.0.6~a0~dev16-3.1 openstack-nova-scheduler-14.0.6~a0~dev16-3.1 openstack-nova-serialproxy-14.0.6~a0~dev16-3.1 openstack-nova-vncproxy-14.0.6~a0~dev16-3.1 python-ceilometer-7.0.4~a0~dev7-3.1 python-cinder-9.1.5~a0~dev1-3.1 python-glance-13.0.1~a0~dev6-3.1 python-heat-7.0.4~a0~dev4-4.1 python-horizon-10.0.4~a0~dev2-3.1 python-keystone-10.0.2~a0~dev2-6.1 python-magnum-3.1.2~a0~dev22-13.1 python-manila-3.0.1~a0~dev27-3.1 python-nova-14.0.6~a0~dev16-3.1 References: https://www.suse.com/security/cve/CVE-2017-7214.html https://www.suse.com/security/cve/CVE-2017-7400.html https://bugzilla.suse.com/1024328 https://bugzilla.suse.com/1030406 https://bugzilla.suse.com/1032322 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] openSUSE-SU-2017:1429-1: important: Security update for java-1_7_0-openjdk

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1429-1 Rating: important References: #1034849 Cross-References: CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849) * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR3347: jstack.stp should support AArch64 * Import of OpenJDK 7 u141 build 0 - S4717864: setFont() does not update Fonts of Menus already on screen - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6518907: cleanup IA64 specific code in Hotspot - S6869327: Add new C2 flag to keep safepoints in counted loops. - S7112912: Message "Error occurred during initialization of VM" on boxes with lots of RAM - S7124213: [macosx] pack() does ignore size of a component; doesn't on the other platforms - S7124219: [macosx] Unable to draw images to fullscreen - S7124552: [macosx] NullPointerException in getBufferStrategy() - S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized) - S7154841: [macosx] Popups appear behind taskbar - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7160627: [macosx] TextArea has wrong initial size - S7167293: FtpURLConnection connection leak on FileNotFoundException - S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error - S8005255: [macosx] Cleanup warnings in sun.lwawt - S8006088: Incompatible heap size flags accepted by VM - S8007295: Reduce number of warnings in awt classes - S8010722: assert: failed: heap size is too big for compressed oops - S8011059: [macosx] Support automatic @2x images loading on Mac OS X - S8014058: Regression tests for 8006088 - S8014489: tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags jtreg tests invoke wrong class - S8016302: Change type of the number of GC workers to unsigned int (2) - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile. - S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9 - S8024926: [macosx] AquaIcon HiDPI support - S8025974: l10n for policytool - S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible - S8028212: Custom cursor HiDPI support - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization. - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered in high resolution on Retina - S8033534: [macosx] Get MultiResolution image from native system - S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background - S8035568: [macosx] Cursor management unification - S8041734: JFrame in full screen mode leaves empty workspace after close - S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files - S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0 - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8133357: 8u65 l10n resource file translation update - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993: G1 crashes if active_processor_count changes during startup - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints' - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8175087: [bsd] Fix build after "8024900: PPC64: Enable new build on AIX (jdk part)" - S8175163: [bsd] Fix build after "8005629: javac warnings compiling java.awt.EventDispatchThread..." - S8176044: (tz) Support tzdata2017a * Import of OpenJDK 7 u141 build 1 - S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx * Import of OpenJDK 7 u141 build 2 - S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82 * Backports - S6515172, PR3362: Runtime.availableProcessors() ignores Linux taskset command - S8022284, PR3209: Hide internal data structure in PhaseCFG - S8023003, PR3209: Cleanup the public interface to PhaseCFG - S8023691, PR3209: Create interface for nodes in class Block - S8023988, PR3209: Move local scheduling of nodes to the CFG creation and code motion phase (PhaseCFG) - S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8157306, PR3209: Random infrequent null pointer exceptions in javac - S8173783, PR3329: IllegalArgumentException: jdk.tls.namedGroups - S8173941, PR3330: SA does not work if executable is DSO - S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache * Bug fixes - PR3349: Architectures unsupported by SystemTap tapsets throw a parse error - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh - PR3379: Perl should be mandatory - PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path * CACAO - PR2732: Raise javadoc memory limits for CACAO again! * AArch64 port - S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp - Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available. - S8167104, CVE-2017-3289: Additional class construction - S6253144: Long narrowing conversion should describe the - S6328537: Improve javadocs for Socket class by adding - S6978886: javadoc shows stacktrace after print error - S6995421: Eliminate the static dependency to - S7027045: (doc) java/awt/Window.java has several typos in - S7054969: Null-check-in-finally pattern in java/security - S7072353: JNDI libraries do not build with javac -Xlint:all - S7092447: Clarify the default locale used in each locale - S7103570: AtomicIntegerFieldUpdater does not work when - S7187144: JavaDoc for ScriptEngineFactory.getProgram() - S8000418: javadoc should used a standard "generated by - S8000666: javadoc should write directly to Writer instead of - S8000970: break out auxiliary classes that will prevent - S8001669: javadoc internal DocletAbortException should set - S8011402: Move blacklisting certificate logic from hard code - S8011547: Update XML Signature implementation to Apache - S8012288: XML DSig API allows wrong tag names and extra - S8017325: Cleanup of the javadoc <code> tag in - S8017326: Cleanup of the javadoc <code> tag in - S8019772: Fix doclint issues in javax.crypto and - S8020688: Broken links in documentation at - S8021108: Clean up doclint warnings and errors in java.text - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods - S8025409: Fix javadoc comments errors and warning reported by - S8026021: more fix of javadoc errors and warnings reported by - S8037099: [macosx] Remove all references to GC from native - S8038184: XMLSignature throws StringIndexOutOfBoundsException - S8038349: Signing XML with DSA throws Exception when key is - S8049244: XML Signature performance issue caused by - S8050893: (smartcardio) Invert reset argument in tests in - S8059212: Modify sun/security/smartcardio manual regression - S8068279: (typo in the spec) - S8068491: Update the protocol for references of - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs - S8076369: Introduce the jdk.tls.client.protocols system - S8139565: Restrict certificates with DSA keys less than 1024 - S8140422: Add mechanism to allow non default root CAs to be - S8140587: Atomic*FieldUpdaters should use Class.isInstance - S8149029: Secure validation of XML based digital signature - S8151893: Add security property to configure XML Signature - S8161228: URL objects with custom protocol handlers have port - S8163304: jarsigner -verbose -verify should print the - S8164908: ReflectionFactory support for IIOP and custom - S8165230: RMIConnection addNotificationListeners failing with - S8166393: disabledAlgorithms property should not be strictly - S8166591: [macos 10.12] Trackpad scrolling of text on OS X - S8166739: Improve extensibility of ObjectInputFilter - S8167356: Follow up fix for jdk8 backport of 8164143. Changes - S8167459: Add debug output for indicating if a chosen - S8168861: AnchorCertificates uses hardcoded password for - S8169688: Backout (remove) MD5 from - S8169911: Enhanced tests for jarsigner -verbose -verify after - S8170131: Certificates not being blocked by - S8173854: [TEST] Update DHEKeySizing test case following - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on - S8000351, PR3316, RH1390708: Tenuring threshold should be - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak: - S8170888, PR3316, RH1390708: [linux] Experimental support for - PR3318: Replace 'infinality' with 'improved font rendering' - PR3324: Fix NSS_LIBDIR substitution in - S8165673, PR3320: AArch64: Fix JNI floating point argument + S6604109, PR3162: - Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to directory to be specified versions of IcedTea This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-629=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): java-1_7_0-openjdk-1.7.0.141-42.3.1 java-1_7_0-openjdk-accessibility-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.141-42.3.1 java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-debugsource-1.7.0.141-42.3.1 java-1_7_0-openjdk-demo-1.7.0.141-42.3.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-devel-1.7.0.141-42.3.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-headless-1.7.0.141-42.3.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.3.1 java-1_7_0-openjdk-src-1.7.0.141-42.3.1 - openSUSE Leap 42.2 (noarch): java-1_7_0-openjdk-javadoc-1.7.0.141-42.3.1 References: https://www.suse.com/security/cve/CVE-2017-3289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3512.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3526.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1034849 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] openSUSE-SU-2017:1415-1: important: Security update for samba

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1415-1 Rating: important References: #1038231 Cross-References: CVE-2017-7494 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] This update was imported from SUSE:SLE-12-SP1:Update project. NOTE: This update is released in openSUSE Leap 42.1 after its official End Of Life only because of its severity and potential impact for users that have not migrated yet. Please upgrade your openSUSE Leap 42.1 as soon as possible. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-618=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): ctdb-4.2.4-33.1 ctdb-debuginfo-4.2.4-33.1 ctdb-devel-4.2.4-33.1 ctdb-tests-4.2.4-33.1 ctdb-tests-debuginfo-4.2.4-33.1 libdcerpc-atsvc-devel-4.2.4-33.1 libdcerpc-atsvc0-4.2.4-33.1 libdcerpc-atsvc0-debuginfo-4.2.4-33.1 libdcerpc-binding0-4.2.4-33.1 libdcerpc-binding0-debuginfo-4.2.4-33.1 libdcerpc-devel-4.2.4-33.1 libdcerpc-samr-devel-4.2.4-33.1 libdcerpc-samr0-4.2.4-33.1 libdcerpc-samr0-debuginfo-4.2.4-33.1 libdcerpc0-4.2.4-33.1 libdcerpc0-debuginfo-4.2.4-33.1 libgensec-devel-4.2.4-33.1 libgensec0-4.2.4-33.1 libgensec0-debuginfo-4.2.4-33.1 libndr-devel-4.2.4-33.1 libndr-krb5pac-devel-4.2.4-33.1 libndr-krb5pac0-4.2.4-33.1 libndr-krb5pac0-debuginfo-4.2.4-33.1 libndr-nbt-devel-4.2.4-33.1 libndr-nbt0-4.2.4-33.1 libndr-nbt0-debuginfo-4.2.4-33.1 libndr-standard-devel-4.2.4-33.1 libndr-standard0-4.2.4-33.1 libndr-standard0-debuginfo-4.2.4-33.1 libndr0-4.2.4-33.1 libndr0-debuginfo-4.2.4-33.1 libnetapi-devel-4.2.4-33.1 libnetapi0-4.2.4-33.1 libnetapi0-debuginfo-4.2.4-33.1 libregistry-devel-4.2.4-33.1 libregistry0-4.2.4-33.1 libregistry0-debuginfo-4.2.4-33.1 libsamba-credentials-devel-4.2.4-33.1 libsamba-credentials0-4.2.4-33.1 libsamba-credentials0-debuginfo-4.2.4-33.1 libsamba-hostconfig-devel-4.2.4-33.1 libsamba-hostconfig0-4.2.4-33.1 libsamba-hostconfig0-debuginfo-4.2.4-33.1 libsamba-passdb-devel-4.2.4-33.1 libsamba-passdb0-4.2.4-33.1 libsamba-passdb0-debuginfo-4.2.4-33.1 libsamba-policy-devel-4.2.4-33.1 libsamba-policy0-4.2.4-33.1 libsamba-policy0-debuginfo-4.2.4-33.1 libsamba-util-devel-4.2.4-33.1 libsamba-util0-4.2.4-33.1 libsamba-util0-debuginfo-4.2.4-33.1 libsamdb-devel-4.2.4-33.1 libsamdb0-4.2.4-33.1 libsamdb0-debuginfo-4.2.4-33.1 libsmbclient-devel-4.2.4-33.1 libsmbclient-raw-devel-4.2.4-33.1 libsmbclient-raw0-4.2.4-33.1 libsmbclient-raw0-debuginfo-4.2.4-33.1 libsmbclient0-4.2.4-33.1 libsmbclient0-debuginfo-4.2.4-33.1 libsmbconf-devel-4.2.4-33.1 libsmbconf0-4.2.4-33.1 libsmbconf0-debuginfo-4.2.4-33.1 libsmbldap-devel-4.2.4-33.1 libsmbldap0-4.2.4-33.1 libsmbldap0-debuginfo-4.2.4-33.1 libtevent-util-devel-4.2.4-33.1 libtevent-util0-4.2.4-33.1 libtevent-util0-debuginfo-4.2.4-33.1 libwbclient-devel-4.2.4-33.1 libwbclient0-4.2.4-33.1 libwbclient0-debuginfo-4.2.4-33.1 samba-4.2.4-33.1 samba-client-4.2.4-33.1 samba-client-debuginfo-4.2.4-33.1 samba-core-devel-4.2.4-33.1 samba-debuginfo-4.2.4-33.1 samba-debugsource-4.2.4-33.1 samba-libs-4.2.4-33.1 samba-libs-debuginfo-4.2.4-33.1 samba-pidl-4.2.4-33.1 samba-python-4.2.4-33.1 samba-python-debuginfo-4.2.4-33.1 samba-test-4.2.4-33.1 samba-test-debuginfo-4.2.4-33.1 samba-test-devel-4.2.4-33.1 samba-winbind-4.2.4-33.1 samba-winbind-debuginfo-4.2.4-33.1 - openSUSE Leap 42.1 (x86_64): libdcerpc-atsvc0-32bit-4.2.4-33.1 libdcerpc-atsvc0-debuginfo-32bit-4.2.4-33.1 libdcerpc-binding0-32bit-4.2.4-33.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-33.1 libdcerpc-samr0-32bit-4.2.4-33.1 libdcerpc-samr0-debuginfo-32bit-4.2.4-33.1 libdcerpc0-32bit-4.2.4-33.1 libdcerpc0-debuginfo-32bit-4.2.4-33.1 libgensec0-32bit-4.2.4-33.1 libgensec0-debuginfo-32bit-4.2.4-33.1 libndr-krb5pac0-32bit-4.2.4-33.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-33.1 libndr-nbt0-32bit-4.2.4-33.1 libndr-nbt0-debuginfo-32bit-4.2.4-33.1 libndr-standard0-32bit-4.2.4-33.1 libndr-standard0-debuginfo-32bit-4.2.4-33.1 libndr0-32bit-4.2.4-33.1 libndr0-debuginfo-32bit-4.2.4-33.1 libnetapi0-32bit-4.2.4-33.1 libnetapi0-debuginfo-32bit-4.2.4-33.1 libregistry0-32bit-4.2.4-33.1 libregistry0-debuginfo-32bit-4.2.4-33.1 libsamba-credentials0-32bit-4.2.4-33.1 libsamba-credentials0-debuginfo-32bit-4.2.4-33.1 libsamba-hostconfig0-32bit-4.2.4-33.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-33.1 libsamba-passdb0-32bit-4.2.4-33.1 libsamba-passdb0-debuginfo-32bit-4.2.4-33.1 libsamba-policy0-32bit-4.2.4-33.1 libsamba-policy0-debuginfo-32bit-4.2.4-33.1 libsamba-util0-32bit-4.2.4-33.1 libsamba-util0-debuginfo-32bit-4.2.4-33.1 libsamdb0-32bit-4.2.4-33.1 libsamdb0-debuginfo-32bit-4.2.4-33.1 libsmbclient-raw0-32bit-4.2.4-33.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-33.1 libsmbclient0-32bit-4.2.4-33.1 libsmbclient0-debuginfo-32bit-4.2.4-33.1 libsmbconf0-32bit-4.2.4-33.1 libsmbconf0-debuginfo-32bit-4.2.4-33.1 libsmbldap0-32bit-4.2.4-33.1 libsmbldap0-debuginfo-32bit-4.2.4-33.1 libtevent-util0-32bit-4.2.4-33.1 libtevent-util0-debuginfo-32bit-4.2.4-33.1 libwbclient0-32bit-4.2.4-33.1 libwbclient0-debuginfo-32bit-4.2.4-33.1 samba-32bit-4.2.4-33.1 samba-client-32bit-4.2.4-33.1 samba-client-debuginfo-32bit-4.2.4-33.1 samba-debuginfo-32bit-4.2.4-33.1 samba-libs-32bit-4.2.4-33.1 samba-libs-debuginfo-32bit-4.2.4-33.1 samba-winbind-32bit-4.2.4-33.1 samba-winbind-debuginfo-32bit-4.2.4-33.1 - openSUSE Leap 42.1 (noarch): samba-doc-4.2.4-33.1 References: https://www.suse.com/security/cve/CVE-2017-7494.html https://bugzilla.suse.com/1038231 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

4 years, 12 months

[security-announce] openSUSE-SU-2017:1412-1: important: Security update for rpcbind

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1412-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-615=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): rpcbind-0.2.3-3.3.1 rpcbind-debuginfo-0.2.3-3.3.1 rpcbind-debugsource-0.2.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

5 years

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce May 2017