openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
September 2017
- 1 participants
- 85 discussions
[security-announce] SUSE-SU-2017:2416-1: important: Security update for qemu
by opensuse-security@opensuse.org 11 Sep '17
by opensuse-security@opensuse.org 11 Sep '17
11 Sep '17
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2416-1
Rating: important
References: #1011144 #1031692 #1046636 #1047674 #1048296
#1048902 #1049381 #1050268
Cross-References: CVE-2017-10664 CVE-2017-10806 CVE-2017-11334
CVE-2017-11434
Affected Products:
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________
An update that solves four vulnerabilities and has four
fixes is now available.
Description:
This update for qemu fixes the following issues:
Security issues fixed:
* CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)
* CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb
redirection support (bsc#1047674)
* CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902)
* CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381)
Following non-security issues were fixed:
- Postrequire acl for setfacl
- Prerequire shadow for groupadd
- The recent security fix for CVE-2017-11334 adversely affects Xen.
Include two additional patches to make sure Xen is going to be OK.
- Pre-add group kvm for qemu-tools (bsc#1011144)
- Fixed a few more inaccuracies in the support docs.
- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12
SP3. Apply a few additional clarifications in the support docs.
(bsc#1050268)
- Adjust to libvdeplug-devel package naming changes.
- Fix migration with xhci (bsc#1048296)
- Increase VNC delay to fix missing keyboard input events (bsc#1031692)
- Remove build dependency package iasl used for seabios
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1490=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1490=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
qemu-2.9.0-6.3.1
qemu-block-curl-2.9.0-6.3.1
qemu-block-curl-debuginfo-2.9.0-6.3.1
qemu-block-ssh-2.9.0-6.3.1
qemu-block-ssh-debuginfo-2.9.0-6.3.1
qemu-debugsource-2.9.0-6.3.1
qemu-guest-agent-2.9.0-6.3.1
qemu-guest-agent-debuginfo-2.9.0-6.3.1
qemu-lang-2.9.0-6.3.1
qemu-tools-2.9.0-6.3.1
qemu-tools-debuginfo-2.9.0-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64):
qemu-block-rbd-2.9.0-6.3.1
qemu-block-rbd-debuginfo-2.9.0-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
qemu-kvm-2.9.0-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64):
qemu-arm-2.9.0-6.3.1
qemu-arm-debuginfo-2.9.0-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (ppc64le):
qemu-ppc-2.9.0-6.3.1
qemu-ppc-debuginfo-2.9.0-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (x86_64):
qemu-x86-2.9.0-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
qemu-ipxe-1.0.0-6.3.1
qemu-seabios-1.10.2-6.3.1
qemu-sgabios-8-6.3.1
qemu-vgabios-1.10.2-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (s390x):
qemu-s390-2.9.0-6.3.1
qemu-s390-debuginfo-2.9.0-6.3.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
qemu-ipxe-1.0.0-6.3.1
qemu-seabios-1.10.2-6.3.1
qemu-sgabios-8-6.3.1
qemu-vgabios-1.10.2-6.3.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
qemu-2.9.0-6.3.1
qemu-block-curl-2.9.0-6.3.1
qemu-block-curl-debuginfo-2.9.0-6.3.1
qemu-debugsource-2.9.0-6.3.1
qemu-kvm-2.9.0-6.3.1
qemu-tools-2.9.0-6.3.1
qemu-tools-debuginfo-2.9.0-6.3.1
qemu-x86-2.9.0-6.3.1
References:
https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-10806.html
https://www.suse.com/security/cve/CVE-2017-11334.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://bugzilla.suse.com/1011144
https://bugzilla.suse.com/1031692
https://bugzilla.suse.com/1046636
https://bugzilla.suse.com/1047674
https://bugzilla.suse.com/1048296
https://bugzilla.suse.com/1048902
https://bugzilla.suse.com/1049381
https://bugzilla.suse.com/1050268
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2398-1: important: Security update for xen
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2398-1
Rating: important
References: #1002573 #1026236 #1035231 #1037840 #1046637
#1049578 #1051787 #1051788 #1051789 #1052686
#1055695
Cross-References: CVE-2016-9603 CVE-2017-10664 CVE-2017-11434
CVE-2017-12135 CVE-2017-12136 CVE-2017-12137
CVE-2017-12855
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves 7 vulnerabilities and has four fixes
is now available.
Description:
This update for xen to version 4.7.3 fixes several issues.
These security issues were fixed:
- CVE-2017-12135: Unbounded recursion in grant table code allowed a
malicious guest to crash the host or potentially escalate
privileges/leak information (XSA-226, bsc#1051787).
- CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
privilege escalation (XSA-227, bsc#1051788).
- CVE-2017-12136: Race conditions with maptrack free list handling allows
a malicious guest administrator to crash the host or escalate their
privilege to that of the host (XSA-228, bsc#1051789).
- CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP
options string (bsc#1049578).
- CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046637).
- CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to
potentially leaking sensitive information (XSA-230 CVE-2017-12855).
These non-security issues were fixed:
- bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after
the save using xl stack
- bsc#1035231: Migration of HVM domU did not use superpages on destination
dom0
- bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd
- bsc#1037840: Xen-detect always showed HVM for PV guests
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1022=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
xen-debugsource-4.7.3_03-11.12.1
xen-devel-4.7.3_03-11.12.1
xen-libs-4.7.3_03-11.12.1
xen-libs-debuginfo-4.7.3_03-11.12.1
xen-tools-domU-4.7.3_03-11.12.1
xen-tools-domU-debuginfo-4.7.3_03-11.12.1
- openSUSE Leap 42.2 (x86_64):
xen-4.7.3_03-11.12.1
xen-doc-html-4.7.3_03-11.12.1
xen-libs-32bit-4.7.3_03-11.12.1
xen-libs-debuginfo-32bit-4.7.3_03-11.12.1
xen-tools-4.7.3_03-11.12.1
xen-tools-debuginfo-4.7.3_03-11.12.1
References:
https://www.suse.com/security/cve/CVE-2016-9603.html
https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12136.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
https://bugzilla.suse.com/1002573
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1035231
https://bugzilla.suse.com/1037840
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1051789
https://bugzilla.suse.com/1052686
https://bugzilla.suse.com/1055695
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2394-1: important: Security update for xen
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2394-1
Rating: important
References: #1002573 #1026236 #1027519 #1035231 #1046637
#1049578 #1051787 #1051788 #1051789 #1052686
#1055695
Cross-References: CVE-2017-10664 CVE-2017-11434 CVE-2017-12135
CVE-2017-12136 CVE-2017-12137 CVE-2017-12855
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 5 fixes is
now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2017-12135: Unbounded recursion in grant table code allowed a
malicious guest to crash the host or potentially escalate
privileges/leak information (XSA-226, bsc#1051787).
- CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
privilege escalation (XSA-227, bsc#1051788).
- CVE-2017-12136: Race conditions with maptrack free list handling allows
a malicious guest administrator to crash the host or escalate their
privilege to that of the host (XSA-228, bsc#1051789).
- CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP
options string (bsc#1049578).
- CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046637).
- CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to
potentially leaking sensitive information (XSA-230 bsc#1052686.
These non-security issues were fixed:
- bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after
the save using xl stack
- bsc#1035231: Migration of HVM domU did not use superpages on destination
dom0
- bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1023=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (x86_64):
xen-4.9.0_11-4.1
xen-debugsource-4.9.0_11-4.1
xen-devel-4.9.0_11-4.1
xen-doc-html-4.9.0_11-4.1
xen-libs-4.9.0_11-4.1
xen-libs-debuginfo-4.9.0_11-4.1
xen-tools-4.9.0_11-4.1
xen-tools-debuginfo-4.9.0_11-4.1
xen-tools-domU-4.9.0_11-4.1
xen-tools-domU-debuginfo-4.9.0_11-4.1
References:
https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12136.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
https://bugzilla.suse.com/1002573
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1035231
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1051789
https://bugzilla.suse.com/1052686
https://bugzilla.suse.com/1055695
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2393-1: important: Security update for gdk-pixbuf
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
openSUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2393-1
Rating: important
References: #1027024 #1027025 #1027026 #1048289 #1048544
#1049877
Cross-References: CVE-2017-2862 CVE-2017-2870 CVE-2017-6312
CVE-2017-6313 CVE-2017-6314
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for gdk-pixbuf fixes the following issues:
- CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution
Vulnerability (bsc#1048289)
- CVE-2017-2870: tiff_image_parse Code Execution Vulnerability
(bsc#1048544)
- CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024)
- CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025)
- CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1024=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1024=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
gdk-pixbuf-debugsource-2.34.0-10.1
gdk-pixbuf-devel-2.34.0-10.1
gdk-pixbuf-devel-debuginfo-2.34.0-10.1
gdk-pixbuf-query-loaders-2.34.0-10.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-10.1
libgdk_pixbuf-2_0-0-2.34.0-10.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-10.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-10.1
- openSUSE Leap 42.3 (noarch):
gdk-pixbuf-lang-2.34.0-10.1
- openSUSE Leap 42.3 (x86_64):
gdk-pixbuf-devel-32bit-2.34.0-10.1
gdk-pixbuf-devel-debuginfo-32bit-2.34.0-10.1
gdk-pixbuf-query-loaders-32bit-2.34.0-10.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-10.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-10.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-10.1
- openSUSE Leap 42.2 (i586 x86_64):
gdk-pixbuf-debugsource-2.34.0-7.3.1
gdk-pixbuf-devel-2.34.0-7.3.1
gdk-pixbuf-devel-debuginfo-2.34.0-7.3.1
gdk-pixbuf-query-loaders-2.34.0-7.3.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-7.3.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-7.3.1
- openSUSE Leap 42.2 (noarch):
gdk-pixbuf-lang-2.34.0-7.3.1
- openSUSE Leap 42.2 (x86_64):
gdk-pixbuf-devel-32bit-2.34.0-7.3.1
gdk-pixbuf-devel-debuginfo-32bit-2.34.0-7.3.1
gdk-pixbuf-query-loaders-32bit-2.34.0-7.3.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-7.3.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-7.3.1
References:
https://www.suse.com/security/cve/CVE-2017-2862.html
https://www.suse.com/security/cve/CVE-2017-2870.html
https://www.suse.com/security/cve/CVE-2017-6312.html
https://www.suse.com/security/cve/CVE-2017-6313.html
https://www.suse.com/security/cve/CVE-2017-6314.html
https://bugzilla.suse.com/1027024
https://bugzilla.suse.com/1027025
https://bugzilla.suse.com/1027026
https://bugzilla.suse.com/1048289
https://bugzilla.suse.com/1048544
https://bugzilla.suse.com/1049877
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2392-1: important: Security update for postgresql94
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
openSUSE Security Update: Security update for postgresql94
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2392-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for postgresql94 fixes the following issues:
* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1020=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1020=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
postgresql94-9.4.13-12.1
postgresql94-contrib-9.4.13-12.1
postgresql94-contrib-debuginfo-9.4.13-12.1
postgresql94-debuginfo-9.4.13-12.1
postgresql94-debugsource-9.4.13-12.1
postgresql94-devel-9.4.13-12.1
postgresql94-devel-debuginfo-9.4.13-12.1
postgresql94-libs-debugsource-9.4.13-12.1
postgresql94-plperl-9.4.13-12.1
postgresql94-plperl-debuginfo-9.4.13-12.1
postgresql94-plpython-9.4.13-12.1
postgresql94-plpython-debuginfo-9.4.13-12.1
postgresql94-pltcl-9.4.13-12.1
postgresql94-pltcl-debuginfo-9.4.13-12.1
postgresql94-server-9.4.13-12.1
postgresql94-server-debuginfo-9.4.13-12.1
postgresql94-test-9.4.13-12.1
- openSUSE Leap 42.3 (noarch):
postgresql94-docs-9.4.13-12.1
- openSUSE Leap 42.2 (i586 x86_64):
postgresql94-9.4.13-9.9.1
postgresql94-contrib-9.4.13-9.9.1
postgresql94-contrib-debuginfo-9.4.13-9.9.1
postgresql94-debuginfo-9.4.13-9.9.1
postgresql94-debugsource-9.4.13-9.9.1
postgresql94-devel-9.4.13-9.9.1
postgresql94-devel-debuginfo-9.4.13-9.9.1
postgresql94-libs-debugsource-9.4.13-9.9.1
postgresql94-plperl-9.4.13-9.9.1
postgresql94-plperl-debuginfo-9.4.13-9.9.1
postgresql94-plpython-9.4.13-9.9.1
postgresql94-plpython-debuginfo-9.4.13-9.9.1
postgresql94-pltcl-9.4.13-9.9.1
postgresql94-pltcl-debuginfo-9.4.13-9.9.1
postgresql94-server-9.4.13-9.9.1
postgresql94-server-debuginfo-9.4.13-9.9.1
postgresql94-test-9.4.13-9.9.1
- openSUSE Leap 42.2 (noarch):
postgresql94-docs-9.4.13-9.9.1
References:
https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2391-1: important: Security update for postgresql96
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
openSUSE Security Update: Security update for postgresql96
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2391-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for postgresql96 fixes the following issues:
* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)
The changelog for this release is here:
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1021=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1021=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libecpg6-9.6.4-6.1
libecpg6-debuginfo-9.6.4-6.1
libpq5-9.6.4-6.1
libpq5-debuginfo-9.6.4-6.1
postgresql96-9.6.4-6.1
postgresql96-contrib-9.6.4-6.1
postgresql96-contrib-debuginfo-9.6.4-6.1
postgresql96-debuginfo-9.6.4-6.1
postgresql96-debugsource-9.6.4-6.1
postgresql96-devel-9.6.4-6.1
postgresql96-devel-debuginfo-9.6.4-6.1
postgresql96-libs-debugsource-9.6.4-6.1
postgresql96-plperl-9.6.4-6.1
postgresql96-plperl-debuginfo-9.6.4-6.1
postgresql96-plpython-9.6.4-6.1
postgresql96-plpython-debuginfo-9.6.4-6.1
postgresql96-pltcl-9.6.4-6.1
postgresql96-pltcl-debuginfo-9.6.4-6.1
postgresql96-server-9.6.4-6.1
postgresql96-server-debuginfo-9.6.4-6.1
postgresql96-test-9.6.4-6.1
- openSUSE Leap 42.3 (noarch):
postgresql96-docs-9.6.4-6.1
- openSUSE Leap 42.3 (x86_64):
libecpg6-32bit-9.6.4-6.1
libecpg6-debuginfo-32bit-9.6.4-6.1
libpq5-32bit-9.6.4-6.1
libpq5-debuginfo-32bit-9.6.4-6.1
- openSUSE Leap 42.2 (i586 x86_64):
libecpg6-9.6.4-5.1
libecpg6-debuginfo-9.6.4-5.1
libpq5-9.6.4-5.1
libpq5-debuginfo-9.6.4-5.1
postgresql96-9.6.4-5.1
postgresql96-contrib-9.6.4-5.1
postgresql96-contrib-debuginfo-9.6.4-5.1
postgresql96-debuginfo-9.6.4-5.1
postgresql96-debugsource-9.6.4-5.1
postgresql96-devel-9.6.4-5.1
postgresql96-devel-debuginfo-9.6.4-5.1
postgresql96-libs-debugsource-9.6.4-5.1
postgresql96-plperl-9.6.4-5.1
postgresql96-plperl-debuginfo-9.6.4-5.1
postgresql96-plpython-9.6.4-5.1
postgresql96-plpython-debuginfo-9.6.4-5.1
postgresql96-pltcl-9.6.4-5.1
postgresql96-pltcl-debuginfo-9.6.4-5.1
postgresql96-server-9.6.4-5.1
postgresql96-server-debuginfo-9.6.4-5.1
postgresql96-test-9.6.4-5.1
- openSUSE Leap 42.2 (x86_64):
libecpg6-32bit-9.6.4-5.1
libecpg6-debuginfo-32bit-9.6.4-5.1
libpq5-32bit-9.6.4-5.1
libpq5-debuginfo-32bit-9.6.4-5.1
- openSUSE Leap 42.2 (noarch):
postgresql96-docs-9.6.4-5.1
References:
https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2390-1: important: Security update for evince
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
SUSE Security Update: Security update for evince
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2390-1
Rating: important
References: #1046856
Cross-References: CVE-2017-1000083
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for evince fixes the following issue:
- CVE-2017-1000083: Remote attackers could have used the comicbook mode of
evince to inject shell code (bsc#1046856).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1479=1
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1479=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1479=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1479=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1479=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1479=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1479=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1479=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1479=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1
- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-devel-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-devel-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
evince-lang-3.20.1-6.16.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
evince-lang-3.20.1-6.16.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
evince-lang-3.20.1-6.16.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
evince-lang-3.20.1-6.16.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
evince-3.20.1-6.16.1
evince-browser-plugin-3.20.1-6.16.1
evince-browser-plugin-debuginfo-3.20.1-6.16.1
evince-debuginfo-3.20.1-6.16.1
evince-debugsource-3.20.1-6.16.1
evince-plugin-djvudocument-3.20.1-6.16.1
evince-plugin-djvudocument-debuginfo-3.20.1-6.16.1
evince-plugin-dvidocument-3.20.1-6.16.1
evince-plugin-dvidocument-debuginfo-3.20.1-6.16.1
evince-plugin-pdfdocument-3.20.1-6.16.1
evince-plugin-pdfdocument-debuginfo-3.20.1-6.16.1
evince-plugin-psdocument-3.20.1-6.16.1
evince-plugin-psdocument-debuginfo-3.20.1-6.16.1
evince-plugin-tiffdocument-3.20.1-6.16.1
evince-plugin-tiffdocument-debuginfo-3.20.1-6.16.1
evince-plugin-xpsdocument-3.20.1-6.16.1
evince-plugin-xpsdocument-debuginfo-3.20.1-6.16.1
libevdocument3-4-3.20.1-6.16.1
libevdocument3-4-debuginfo-3.20.1-6.16.1
libevview3-3-3.20.1-6.16.1
libevview3-3-debuginfo-3.20.1-6.16.1
nautilus-evince-3.20.1-6.16.1
nautilus-evince-debuginfo-3.20.1-6.16.1
typelib-1_0-EvinceDocument-3_0-3.20.1-6.16.1
typelib-1_0-EvinceView-3_0-3.20.1-6.16.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
evince-lang-3.20.1-6.16.1
References:
https://www.suse.com/security/cve/CVE-2017-1000083.html
https://bugzilla.suse.com/1046856
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2389-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 08 Sep '17
by opensuse-security@opensuse.org 08 Sep '17
08 Sep '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2389-1
Rating: important
References: #1000365 #1000380 #1012422 #1013018 #1015452
#1023051 #1029140 #1029850 #1030552 #1030593
#1030814 #1032340 #1032471 #1034026 #1034670
#1035576 #1035721 #1035777 #1035920 #1036056
#1036288 #1036629 #1037191 #1037193 #1037227
#1037232 #1037233 #1037356 #1037358 #1037359
#1037441 #1038544 #1038879 #1038981 #1038982
#1039258 #1039354 #1039456 #1039594 #1039882
#1039883 #1039885 #1040069 #1040351 #1041160
#1041431 #1041762 #1041975 #1042045 #1042615
#1042633 #1042687 #1042832 #1042863 #1043014
#1043234 #1043935 #1044015 #1044125 #1044216
#1044230 #1044854 #1044882 #1044913 #1045154
#1045356 #1045416 #1045479 #1045487 #1045525
#1045538 #1045547 #1045615 #1046107 #1046192
#1046715 #1047027 #1047053 #1047343 #1047354
#1047487 #1047523 #1047653 #1048185 #1048221
#1048232 #1048275 #1049128 #1049483 #1049603
#1049688 #1049882 #1050154 #1050431 #1051478
#1051515 #1051770 #1055680 #784815 #792863
#799133 #909618 #919382 #928138 #938352 #943786
#948562 #962257 #971975 #972891 #986924 #990682
#995542
Cross-References: CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363
CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176
CVE-2017-11473 CVE-2017-2647 CVE-2017-6951
CVE-2017-7482 CVE-2017-7487 CVE-2017-7533
CVE-2017-7542 CVE-2017-8890 CVE-2017-8924
CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise High Availability Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 21 vulnerabilities and has 92 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-7482: Several missing length checks ticket decode allowing for
information leak or potentially code execution (bsc#1046107).
- CVE-2016-10277: Potential privilege escalation due to a missing bounds
check in the lp driver. A kernel command-line adversary can overflow the
parport_nr array to execute code (bsc#1039456).
- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bsc#1049882).
- CVE-2017-7533: Bug in inotify code allowing privilege escalation
(bsc#1049483).
- CVE-2017-11176: The mq_notify function in the Linux kernel did not set
the sock pointer to NULL upon entry into the retry logic. During a
user-space close of a Netlink socket, it allowed attackers to cause a
denial of service (use-after-free) or possibly have unspecified other
impact (bsc#1048275).
- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
to gain privileges via a crafted ACPI table (bnc#1049603).
- CVE-2017-1000365: The Linux Kernel imposed a size restriction on the
arguments and environmental strings passed through
RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
argument and environment pointers into account, which allowed attackers
to bypass this limitation. (bnc#1039354)
- CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
users to gain privileges via a large filesystem stack that includes an
overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
(bnc#1032340)
- CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
obtain sensitive information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB device (posing as an
io_ti USB serial device) to trigger an integer underflow (bnc#1038982).
- CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
in the Linux kernel allowed local users to cause a denial of service
(tty exhaustion) by leveraging reference count mishandling (bnc#1038981).
- CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in
the ALSA /dev/snd/timer driver resulting in local users being able to
read information belonging to other users, i.e., uninitialized memory
contents could have bene disclosed when a read and an ioctl happen at
the same time (bnc#1044125)
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
was too late in checking whether an overwrite of an skb data structure
may occur, which allowed local users to cause a denial of service
(system crash) via crafted system calls (bnc#1041431)
- CVE-2017-1000363: A buffer overflow in kernel commandline handling of
the "lp" parameter could be used by local console attackers to bypass
certain secure boot settings. (bnc#1039456)
- CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)
- CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)
- CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
did not consider that the nexthdr field may be associated with an
invalid option, which allowed local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882)
- CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel mishandled reference counts, which allowed local users to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(bnc#1038879)
- CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bnc#1038544)
- CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bnc#1030593)
- CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and OOPS) via a
request_key system call for the "dead" type (bnc#1029850)
The following non-security bugs were fixed:
- 8250: use callbacks to access UART_DLL/UART_DLM.
- ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
- ALSA: hda - Fix regression of HD-audio controller fallback modes
(bsc#1045538).
- ALSA: hda - using uninitialized data (bsc#1045538).
- ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
(bsc#1045538).
- ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
(bsc#1045538).
- ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
- ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
- Add CVE tag to references
- CIFS: backport prepath matching fix (bsc#799133).
- Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).
- EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().
- Fix scripts/bigmem-generate-ifdef-guard to work on all branches
- Fix soft lockup in svc_rdma_send (bsc#1044854).
- IB/mlx4: Demote mcg message from warning to debug (bsc#919382).
- IB/mlx4: Fix ib device initialization error flow (bsc#919382).
- IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
- IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
- IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
(bsc#919382).
- IB/mlx4: Set traffic class in AH (bsc#919382).
- Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
operation (bsc#1036288).
- Input: cm109 - validate number of endpoints before using them
(bsc#1037193).
- Input: hanwang - validate number of endpoints before using them
(bsc#1037232).
- Input: yealink - validate number of endpoints before using them
(bsc#1037227).
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (bnc#1035576).
- NFS: Avoid getting confused by confused server (bsc#1045416).
- NFS: Fix another OPEN_DOWNGRADE bug (git-next).
- NFS: Fix size of NFSACL SETACL operations (git-fixes).
- NFS: Make nfs_readdir revalidate less often (bsc#1048232).
- NFS: tidy up nfs_show_mountd_netid (git-fixes).
- NFSD: Do not use state id of 0 - it is reserved (bsc#1049688
bsc#1051770).
- NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
- NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).
- NFSv4: Fix problems with close in the presence of a delegation
(git-fixes).
- NFSv4: Fix the underestimation of delegation XDR space reservation
(git-fixes).
- NFSv4: fix getacl head length estimation (git-fixes).
- PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
- Remove superfluous make flags (bsc#1012422)
- Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
- Revert "math64: New div64_u64_rem helper" (bnc#938352).
- SUNRPC: Fix a memory leak in the backchannel code (git-fixes).
- Staging: vt6655-6: potential NULL dereference in
hostap_disable_hostapd() (bsc#1045479).
- USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
- USB: class: usbtmc: do not print error when allocating urb fails
(bsc#1036288).
- USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).
- USB: iowarrior: fix NULL-deref in write (bsc#1037359).
- USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
- USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
- USB: serial: ark3116: fix register-accessor error handling (git-fixes).
- USB: serial: ch341: fix open error handling (bsc#1037441).
- USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).
- USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
- USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
- USB: serial: io_ti: fix information leak in completion handler
(git-fixes).
- USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
- USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).
- USB: serial: sierra: fix bogus alternate-setting assumption
(bsc#1037441).
- USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
- USB: usbip: fix nonconforming hub descriptor (bsc#1047487).
- USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
- USB: usbtmc: Change magic number to constant (bsc#1036288).
- USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
- USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
- USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
- USB: usbtmc: add missing endpoint sanity check (bsc#1036288).
- USB: usbtmc: fix DMA on stack (bsc#1036288).
- USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
- USB: usbtmc: fix probe error path (bsc#1036288).
- USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
(bsc#1036288).
- USB: wusbcore: fix NULL-deref at probe (bsc#1045487).
- Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
- Use make --output-sync feature when available (bsc#1012422).
- Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
- __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
- acpi: Disable APEI error injection if securelevel is set (bsc#972891,
bsc#1023051).
- af_key: Add lock to key dump (bsc#1047653).
- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
- ath9k: fix buffer overrun for ar9287 (bsc#1045538).
- blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU
(bsc#1035721).
- blacklist.conf: Add a few inapplicable items (bsc#1045538).
- blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub
to weak to prevent gcc from using short jumps to it') The released
kernels are not build with a gas new enough to optimize the jmps so that
this patch would be required. (bsc#1051478)
- blkback/blktap: do not leak stack data via response ring (bsc#1042863
XSA-216).
- block: do not allow updates through sysfs until registration completes
(bsc#1047027).
- block: fix ext_dev_lock lockdep report (bsc#1050154).
- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- cifs: Timeout on SMBNegotiate request (bsc#1044913).
- cifs: do not compare uniqueids in cifs_prime_dcache unless server inode
numbers are in use (bsc#1041975). backporting upstream commit
2f2591a34db6c9361faa316c91a6e320cb4e6aee
- cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
- cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
- crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863).
- decompress_bunzip2: off by one in get_next_block() (git-fixes).
- dentry name snapshots (bsc#1049483).
- devres: fix a for loop bounds check (git-fixes).
- dm: fix ioctl retry termination with signal (bsc#1050154).
- drm/mgag200: Add support for G200eH3 (bnc#1044216)
- drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,
bsc#995542).
- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: fix fdatasync(2) after extent manipulation operations
(bsc#1013018).
- ext4: keep existing extra fields when inode expands (bsc#1013018).
- fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
- firmware: fix directory creation rule matching with make 3.80
(bsc#1012422).
- firmware: fix directory creation rule matching with make 3.82
(bsc#1012422).
- fixed invalid assignment of 64bit mask to host dma_boundary for scatter
gather segment boundary limit (bsc#1042045).
- fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).
- fnic: Using rport->dd_data to check rport online instead of rport_lookup
(bsc#1035920).
- fs/block_dev: always invalidate cleancache in invalidate_bdev()
(git-fixes).
- fs/xattr.c: zero out memory copied to userspace in getxattr
(bsc#1013018).
- fs: fix data invalidation in the cleancache during direct IO (git-fixes).
- fuse: add missing FR_FORCE (bsc#1013018).
- genirq: Prevent proc race against freeing of irq descriptors
(bnc#1044230).
- hrtimer: Allow concurrent hrtimer_start() for self restarting timers
(bnc#1013018).
- initial cr0 bits (bnc#1036056, LTC#153612).
- ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route (git-fixes).
- irq: Fix race condition (bsc#1042615).
- isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
- isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
- jsm: add support for additional Neo cards (bsc#1045615).
- kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
- libata: fix sff host state machine locking while polling (bsc#1045525).
- libceph: NULL deref on crush_decode() error path (bsc#1044015).
- libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1051515).
- libfc: fixup locking in fc_disc_stop() (bsc#1029140).
- libfc: move 'pending' and 'requested' setting (bsc#1029140).
- libfc: only restart discovery after timeout if not already running
(bsc#1029140).
- locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
- math64: New div64_u64_rem helper (bnc#938352).
- md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
- md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies (git-fixes).
- md/raid1: fix test for 'was read error from last working device'
(git-fixes).
- md/raid5: Fix CPU hotplug callback registration (git-fixes).
- md/raid5: do not record new size if resize_stripes fails (git-fixes).
- md: ensure md devices are freed before module is unloaded (git-fixes).
- md: fix a null dereference (bsc#1040351).
- md: flush ->event_work before stopping array (git-fixes).
- md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status
(git-fixes).
- md: use separate bio_pool for metadata writes (bsc#1040351).
- megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
- mlx4: reduce OOM risk on arches with large pages (bsc#919382).
- mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
Functionality, bsc#1042832).
- mm/memory-failure.c: use compound_head() flags for huge pages
(bnc#971975 VM -- git fixes).
- mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
Functionality, bsc#1042832).
- mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
(bsc#1045547).
- mmc: ushc: fix NULL-deref at probe (bsc#1037191).
- module: fix memory leak on early load_module() failures (bsc#1043014).
- mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
- net/mlx4: Fix the check in attaching steering rules (bsc#919382).
- net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
to device managed flow steering (bsc#919382).
- net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
(bsc#919382).
- net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
physical (bsc#919382).
- net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs (bsc#919382).
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions (bsc#919382).
- net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
- net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
(bsc#919382).
- net/mlx4_core: Use-after-free causes a resource leak in flow-steering
detach (bsc#919382).
- net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
- net/mlx4_en: Change the error print to debug print (bsc#919382).
- net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
- net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
- net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).
- net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
- net: avoid reference counter overflows on fib_rules in multicast
forwarding (git-fixes).
- net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
- net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
- net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
- netxen_nic: set rcode to the return status from the call to
netxen_issue_cmd (bnc#784815).
- nfs: fix nfs_size_to_loff_t (git-fixes).
- nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
- nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
- nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
- ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
- perf/core: Fix event inheritance on fork() (bnc#1013018).
- powerpc/ibmebus: Fix device reference leaks in sysfs interface
(bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).
- powerpc/ibmebus: Fix further device reference leaks (bsc#1035777
[2017-04-24] Pending Base Kernel Fixes).
- powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
(bsc#1032471).
- powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).
- powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).
- powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
(bsc#1032471).
- powerpc/mm/hash: Support 68 bit VA (bsc#1032471).
- powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).
- powerpc/mm/slice: Convert slice_mask high slice to a bitmap
(bsc#1032471).
- powerpc/mm/slice: Fix off-by-1 error when computing slice mask
(bsc#1032471).
- powerpc/mm/slice: Move slice_mask struct definition to slice.c
(bsc#1032471).
- powerpc/mm/slice: Update slice mask printing to use bitmap printing
(bsc#1032471).
- powerpc/mm/slice: Update the function prototype (bsc#1032471).
- powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
(bsc#928138).
- powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
(bsc#1032471).
- powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
(bsc#1032471).
- powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777
[2017-04-24] Pending Base Kernel Fixes).
- powerpc/pseries: Release DRC when configure_connector fails
(bsc#1035777, Pending Base Kernel Fixes).
- powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).
- powerpc: Remove STAB code (bsc#1032471).
- random32: fix off-by-one in seeding requirement (git-fixes).
- reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
- rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
- s390/qdio: clear DSCI prior to scanning multiple input queues
(bnc#1046715, LTC#156234).
- s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
- s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
- sched/core: Remove false-positive warning from wake_up_process()
(bnc#1044882).
- sched/cputime: Do not scale when utime == 0 (bnc#938352).
- sched/debug: Print the scheduler topology group mask (bnc#1013018).
- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
- sched/fair: Fix min_vruntime tracking (bnc#1013018).
- sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
for b60205c7c558 sched/fair: Fix min_vruntime tracking
- sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
- sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
- sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
- sched/topology: Move comment about asymmetric node setups (bnc#1013018).
- sched/topology: Optimize build_group_mask() (bnc#1013018).
- sched/topology: Refactor function build_overlap_sched_groups()
(bnc#1013018).
- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
- sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
- sched/topology: Verify the first group matches the child domain
(bnc#1013018).
- sched: Always initialize cpu-power (bnc#1013018).
- sched: Avoid cputime scaling overflow (bnc#938352).
- sched: Avoid prev->stime underflow (bnc#938352).
- sched: Do not account bogus utime (bnc#938352).
- sched: Fix SD_OVERLAP (bnc#1013018).
- sched: Fix domain iteration (bnc#1013018).
- sched: Lower chances of cputime scaling overflow (bnc#938352).
- sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'
(bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
tracking
- sched: Rename a misleading variable in build_overlap_sched_groups()
(bnc#1013018).
- sched: Use swap() macro in scale_stime() (bnc#938352).
- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
- scsi: fix race between simultaneous decrements of ->host_failed
(bsc#1050154).
- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
(bsc#1035920).
- scsi: mvsas: fix command_active typo (bsc#1050154).
- scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
(bsc#1050154).
- sfc: do not device_attach if a reset is pending (bsc#909618).
- smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- splice: Stub splice_write_to_file (bsc#1043234).
- svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
- target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
- tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
- tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
- udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
- udf: Fix races with i_size changes during readpage (bsc#1013018).
- usbtmc: remove redundant braces (bsc#1036288).
- usbtmc: remove trailing spaces (bsc#1036288).
- usbvision: fix NULL-deref at probe (bsc#1050431).
- uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
- uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
- vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).
- vmxnet3: avoid calling pskb_may_pull with interrupts disabled
(bsc#1045356).
- vmxnet3: fix checks for dma mapping errors (bsc#1045356).
- vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
- x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
(bsc#948562).
- x86/pci-calgary: Fix iommu_free() comparison of unsigned expression
greater than 0 (bsc#1051478).
- xen: avoid deadlock in xenbus (bnc#1047523).
- xfrm: NULL dereference on allocation failure (bsc#1047343).
- xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
- xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
- xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
- xfs: use ->b_state to fix buffer I/O accounting release race
(bsc#1041160).
- xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-13274=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-13274=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-13274=1
- SUSE Linux Enterprise Real Time Extension 11-SP4:
zypper in -t patch slertesp4-kernel-13274=1
- SUSE Linux Enterprise High Availability Extension 11-SP4:
zypper in -t patch slehasp4-kernel-13274=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-13274=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-108.7.2
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-108.7.1
kernel-default-base-3.0.101-108.7.1
kernel-default-devel-3.0.101-108.7.1
kernel-source-3.0.101-108.7.1
kernel-syms-3.0.101-108.7.1
kernel-trace-3.0.101-108.7.1
kernel-trace-base-3.0.101-108.7.1
kernel-trace-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-108.7.1
kernel-ec2-base-3.0.101-108.7.1
kernel-ec2-devel-3.0.101-108.7.1
kernel-xen-3.0.101-108.7.1
kernel-xen-base-3.0.101-108.7.1
kernel-xen-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-108.7.1
kernel-bigmem-base-3.0.101-108.7.1
kernel-bigmem-devel-3.0.101-108.7.1
kernel-ppc64-3.0.101-108.7.1
kernel-ppc64-base-3.0.101-108.7.1
kernel-ppc64-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-108.7.1
kernel-pae-base-3.0.101-108.7.1
kernel-pae-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.32.2.14
cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.32.2.14
drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.27.2.13
drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.27.2.13
gfs2-kmp-rt-2_3.0.101_rt130_68-0.24.2.14
gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.24.2.14
ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.28.3.4
ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.101_108.7-2.32.2.14
cluster-network-kmp-trace-1.4_3.0.101_108.7-2.32.2.14
drbd-8.4.4-0.27.2.1
drbd-bash-completion-8.4.4-0.27.2.1
drbd-heartbeat-8.4.4-0.27.2.1
drbd-kmp-default-8.4.4_3.0.101_108.7-0.27.2.13
drbd-kmp-trace-8.4.4_3.0.101_108.7-0.27.2.13
drbd-pacemaker-8.4.4-0.27.2.1
drbd-udev-8.4.4-0.27.2.1
drbd-utils-8.4.4-0.27.2.1
gfs2-kmp-default-2_3.0.101_108.7-0.24.2.14
gfs2-kmp-trace-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-default-1.6_3.0.101_108.7-0.28.3.4
ocfs2-kmp-trace-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-xen-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-xen-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-xen-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):
drbd-xen-8.4.4-0.27.2.1
- SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):
cluster-network-kmp-bigmem-1.4_3.0.101_108.7-2.32.2.14
cluster-network-kmp-ppc64-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-bigmem-8.4.4_3.0.101_108.7-0.27.2.13
drbd-kmp-ppc64-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-bigmem-2_3.0.101_108.7-0.24.2.14
gfs2-kmp-ppc64-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-bigmem-1.6_3.0.101_108.7-0.28.3.4
ocfs2-kmp-ppc64-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):
cluster-network-kmp-pae-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-pae-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-pae-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-pae-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
drbd-debuginfo-8.4.4-0.27.2.1
drbd-debugsource-8.4.4-0.27.2.1
kernel-default-debuginfo-3.0.101-108.7.1
kernel-default-debugsource-3.0.101-108.7.1
kernel-trace-debuginfo-3.0.101-108.7.1
kernel-trace-debugsource-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.7.1
kernel-trace-devel-debuginfo-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.7.1
kernel-ec2-debugsource-3.0.101-108.7.1
kernel-xen-debuginfo-3.0.101-108.7.1
kernel-xen-debugsource-3.0.101-108.7.1
kernel-xen-devel-debuginfo-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.7.1
kernel-bigmem-debugsource-3.0.101-108.7.1
kernel-ppc64-debuginfo-3.0.101-108.7.1
kernel-ppc64-debugsource-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.7.1
kernel-pae-debugsource-3.0.101-108.7.1
kernel-pae-devel-debuginfo-3.0.101-108.7.1
References:
https://www.suse.com/security/cve/CVE-2014-9922.html
https://www.suse.com/security/cve/CVE-2016-10277.html
https://www.suse.com/security/cve/CVE-2017-1000363.html
https://www.suse.com/security/cve/CVE-2017-1000365.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-11176.html
https://www.suse.com/security/cve/CVE-2017-11473.html
https://www.suse.com/security/cve/CVE-2017-2647.html
https://www.suse.com/security/cve/CVE-2017-6951.html
https://www.suse.com/security/cve/CVE-2017-7482.html
https://www.suse.com/security/cve/CVE-2017-7487.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7542.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-8924.html
https://www.suse.com/security/cve/CVE-2017-8925.html
https://www.suse.com/security/cve/CVE-2017-9074.html
https://www.suse.com/security/cve/CVE-2017-9075.html
https://www.suse.com/security/cve/CVE-2017-9076.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1000365
https://bugzilla.suse.com/1000380
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1015452
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1029140
https://bugzilla.suse.com/1029850
https://bugzilla.suse.com/1030552
https://bugzilla.suse.com/1030593
https://bugzilla.suse.com/1030814
https://bugzilla.suse.com/1032340
https://bugzilla.suse.com/1032471
https://bugzilla.suse.com/1034026
https://bugzilla.suse.com/1034670
https://bugzilla.suse.com/1035576
https://bugzilla.suse.com/1035721
https://bugzilla.suse.com/1035777
https://bugzilla.suse.com/1035920
https://bugzilla.suse.com/1036056
https://bugzilla.suse.com/1036288
https://bugzilla.suse.com/1036629
https://bugzilla.suse.com/1037191
https://bugzilla.suse.com/1037193
https://bugzilla.suse.com/1037227
https://bugzilla.suse.com/1037232
https://bugzilla.suse.com/1037233
https://bugzilla.suse.com/1037356
https://bugzilla.suse.com/1037358
https://bugzilla.suse.com/1037359
https://bugzilla.suse.com/1037441
https://bugzilla.suse.com/1038544
https://bugzilla.suse.com/1038879
https://bugzilla.suse.com/1038981
https://bugzilla.suse.com/1038982
https://bugzilla.suse.com/1039258
https://bugzilla.suse.com/1039354
https://bugzilla.suse.com/1039456
https://bugzilla.suse.com/1039594
https://bugzilla.suse.com/1039882
https://bugzilla.suse.com/1039883
https://bugzilla.suse.com/1039885
https://bugzilla.suse.com/1040069
https://bugzilla.suse.com/1040351
https://bugzilla.suse.com/1041160
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041762
https://bugzilla.suse.com/1041975
https://bugzilla.suse.com/1042045
https://bugzilla.suse.com/1042615
https://bugzilla.suse.com/1042633
https://bugzilla.suse.com/1042687
https://bugzilla.suse.com/1042832
https://bugzilla.suse.com/1042863
https://bugzilla.suse.com/1043014
https://bugzilla.suse.com/1043234
https://bugzilla.suse.com/1043935
https://bugzilla.suse.com/1044015
https://bugzilla.suse.com/1044125
https://bugzilla.suse.com/1044216
https://bugzilla.suse.com/1044230
https://bugzilla.suse.com/1044854
https://bugzilla.suse.com/1044882
https://bugzilla.suse.com/1044913
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045356
https://bugzilla.suse.com/1045416
https://bugzilla.suse.com/1045479
https://bugzilla.suse.com/1045487
https://bugzilla.suse.com/1045525
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1045547
https://bugzilla.suse.com/1045615
https://bugzilla.suse.com/1046107
https://bugzilla.suse.com/1046192
https://bugzilla.suse.com/1046715
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1047053
https://bugzilla.suse.com/1047343
https://bugzilla.suse.com/1047354
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047523
https://bugzilla.suse.com/1047653
https://bugzilla.suse.com/1048185
https://bugzilla.suse.com/1048221
https://bugzilla.suse.com/1048232
https://bugzilla.suse.com/1048275
https://bugzilla.suse.com/1049128
https://bugzilla.suse.com/1049483
https://bugzilla.suse.com/1049603
https://bugzilla.suse.com/1049688
https://bugzilla.suse.com/1049882
https://bugzilla.suse.com/1050154
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1051478
https://bugzilla.suse.com/1051515
https://bugzilla.suse.com/1051770
https://bugzilla.suse.com/1055680
https://bugzilla.suse.com/784815
https://bugzilla.suse.com/792863
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/919382
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/938352
https://bugzilla.suse.com/943786
https://bugzilla.suse.com/948562
https://bugzilla.suse.com/962257
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/972891
https://bugzilla.suse.com/986924
https://bugzilla.suse.com/990682
https://bugzilla.suse.com/995542
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2384-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 07 Sep '17
by opensuse-security@opensuse.org 07 Sep '17
07 Sep '17
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2384-1
Rating: important
References: #1005776 #1015342 #1020645 #1020657 #1030850
#1031717 #1031784 #1034048 #1037838 #1040813
#1042847 #1047487 #1047989 #1048155 #1048228
#1048325 #1048327 #1048356 #1048501 #1048912
#1048934 #1049226 #1049272 #1049291 #1049336
#1050211 #1050742 #1051790 #1052093 #1052094
#1052095 #1052384 #1052580 #1052888 #1053117
#1053309 #1053472 #1053627 #1053629 #1053633
#1053681 #1053685 #1053802 #1053915 #1053919
#1054082 #1054084 #1055013 #1055096 #1055272
#1055290 #1055359 #1055709 #1055896 #1055935
#1055963 #1056185 #1056588 #1056827 #969756
Cross-References: CVE-2017-12134 CVE-2017-14051
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves two vulnerabilities and has 58 fixes
is now available.
Description:
The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
to cause a denial of service (memory corruption and system crash) by
leveraging root access (bnc#1056588).
- CVE-2017-12134: The xen_biovec_phys_mergeable function in
drivers/xen/biomerge.c in Xen might allow local OS guest users to
corrupt block device data streams and consequently obtain sensitive
memory information, cause a denial of service, or gain host OS
privileges by leveraging incorrect block IO merge-ability calculation
(bnc#1051790 bnc#1053919).
The following non-security bugs were fixed:
- acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller
(bsc#1049291).
- acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).
- acpi: APEI: Enable APEI multiple GHES source to share a single external
IRQ (bsc#1053627).
- acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).
- acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).
- acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes).
- Add "shutdown" to "struct class" (bsc#1053117).
- alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
(bsc#1020657).
- alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
- alsa: hda - Workaround for i915 KBL breakage
(bsc#1048356,bsc#1047989,bsc#1055272).
- alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
- alsa: usb-audio: Apply sample rate quirk to Sennheiser headset
(bsc#1052580).
- arm64: do not trace atomic operations (bsc#1055290).
- block: add kblock_mod_delayed_work_on() (bsc#1050211).
- block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet
time (bsc#1050211).
- block: provide bio_uninit() free freeing integrity/task associations
(bsc#1050211).
- block: return on congested block device (FATE#321994).
- bluetooth: bnep: fix possible might sleep error in bnep_session
(bsc#1031784).
- bluetooth: cmtp: fix possible might sleep error in cmtp_session
(bsc#1031784).
- bnxt_en: Add a callback to inform RDMA driver during PCI shutdown
(bsc#1053309).
- bnxt_en: Add additional chip ID definitions (bsc#1053309).
- bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool
stats (bsc#1053309).
- bnxt_en: Add missing logic to handle TPA end error conditions
(bsc#1053309).
- bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309).
- bnxt_en: Allow the user to set ethtool stats-block-usecs to 0
(bsc#1053309).
- bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration
(bsc#1053309).
- bnxt_en: Check status of firmware DCBX agent before setting
DCB_CAP_DCBX_HOST (bsc#1053309).
- bnxt_en: Fix bug in ethtool -L (bsc#1053309).
- bnxt_en: Fix netpoll handling (bsc#1053309).
- bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309).
- bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309).
- bnxt_en: Fix xmit_more with BQL (bsc#1053309).
- bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309).
- bnxt_en: Implement xmit_more (bsc#1053309).
- bnxt_en: Optimize doorbell write operations for newer chips
(bsc#1053309).
- bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309).
- bnxt_en: Report firmware DCBX agent (bsc#1053309).
- bnxt_en: Retrieve the hardware bridge mode from the firmware
(bsc#1053309).
- bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309).
- bnxt_en: Support for Short Firmware Message (bsc#1053309).
- bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309).
- bnxt: fix unsigned comparsion with 0 (bsc#1053309).
- bnxt: fix unused variable warnings (bsc#1053309).
- btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
- btrfs: nowait aio: Correct assignment of pos (FATE#321994).
- btrfs: nowait aio support (FATE#321994).
- ceph: avoid accessing freeing inode in ceph_check_delayed_caps()
(bsc#1048228).
- ceph: avoid invalid memory dereference in the middle of umount
(bsc#1048228).
- ceph: cleanup writepage_nounlock() (bsc#1048228).
- ceph: do not re-send interrupted flock request (bsc#1048228).
- ceph: getattr before read on ceph.* xattrs (bsc#1048228).
- ceph: handle epoch barriers in cap messages (bsc#1048228).
- ceph: new mount option that specifies fscache uniquifier (bsc#1048228).
- ceph: redirty page when writepage_nounlock() skips unwritable page
(bsc#1048228).
- ceph: remove special ack vs commit behavior (bsc#1048228).
- ceph: remove useless page->mapping check in writepage_nounlock()
(bsc#1048228).
- ceph: re-request max size after importing caps (bsc#1048228).
- ceph: update ceph_dentry_info::lease_session when necessary
(bsc#1048228).
- ceph: update the 'approaching max_size' code (bsc#1048228).
- ceph: when seeing write errors on an inode, switch to sync writes
(bsc#1048228).
- cifs: Fix maximum SMB2 header size (bsc#1056185).
- clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization
(bsc#1055709).
- crush: assume weight_set != null imples weight_set_size > 0
(bsc#1048228).
- crush: crush_init_workspace starts with struct crush_work (bsc#1048228).
- crush: implement weight and id overrides for straw2 (bsc#1048228).
- crush: remove an obsolete comment (bsc#1048228).
- crypto: chcr - Add ctr mode and process large sg entries for cipher
(bsc#1048325).
- crypto: chcr - Avoid changing request structure (bsc#1048325).
- crypto: chcr - Ensure Destination sg entry size less than 2k
(bsc#1048325).
- crypto: chcr - Fix fallback key setting (bsc#1048325).
- crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325).
- crypto: chcr - Return correct error code (bsc#1048325).
- cxgb4: update latest firmware version supported (bsc#1048327).
- cxgbit: add missing __kfree_skb() (bsc#1052095).
- cxgbit: fix sg_nents calculation (bsc#1052095).
- Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384)
- dm: make flush bios explicitly sync (bsc#1050211).
- dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912).
- drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
- drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
- ext4: nowait aio support (FATE#321994).
- fs: Introduce filemap_range_has_page() (FATE#321994).
- fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994).
- fs: pass on flags in compat_writev (bsc#1050211).
- fs: return if direct I/O will trigger writeback (FATE#321994).
- fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994).
- fs: Use RWF_* flags for AIO operations (FATE#321994).
- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
- i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
(bsc#1049291).
- i2c: designware: Convert to use unified device property API
(bsc#1049291).
- i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).
- i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633).
- i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633).
- i2c: xgene-slimpro: Use a single function to send command message
(bsc#1053633).
- i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685).
- ib/iser: Fix connection teardown race condition (bsc#1050211).
- iscsi-target: fix invalid flags in text response (bsc#1052095).
- iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
- kabi: arm64: compatibility workaround for lse atomics (bsc#1055290).
- kABI: protect enum pid_type (kabi).
- kABI: protect struct iscsi_np (kabi).
- kABI: protect struct se_lun (kabi).
- kabi/severities: add fs/ceph to kabi severities (bsc#1048228).
- kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)
- kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472)
- kABI: uninline task_tgid_nr_nr (kabi).
- kvm: arm64: Restore host physical timer access on hyp_panic()
(bsc#1054082).
- kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability
(bsc#1054082).
- kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state
(bsc#1055935).
- kvm: x86: block guest protection keys unless the host has them enabled
(bsc#1055935).
- kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).
- kvm: x86: simplify handling of PKRU (bsc#1055935).
- libceph: abort already submitted but abortable requests when map or pool
goes full (bsc#1048228).
- libceph: add an epoch_barrier field to struct ceph_osd_client
(bsc#1048228).
- libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS
(bsc#1048228).
- libceph: advertise support for OSD_POOLRESEND (bsc#1048228).
- libceph: allow requests to return immediately on full conditions if
caller wishes (bsc#1048228).
- libceph: always populate t->target_{oid,oloc} in calc_target()
(bsc#1048228).
- libceph: always signal completion when done (bsc#1048228).
- libceph: apply_upmap() (bsc#1048228).
- libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228).
- libceph: ceph_connection_operations::reencode_message() method
(bsc#1048228).
- libceph: ceph_decode_skip_* helpers (bsc#1048228).
- libceph: compute actual pgid in ceph_pg_to_up_acting_osds()
(bsc#1048228).
- libceph, crush: per-pool crush_choose_arg_map for crush_do_rule()
(bsc#1048228).
- libceph: delete from need_resend_linger before check_linger_pool_dne()
(bsc#1048228).
- libceph: do not call encode_request_finish() on MOSDBackoff messages
(bsc#1048228).
- libceph: do not call ->reencode_message() more than once per message
(bsc#1048228).
- libceph: do not pass pgid by value (bsc#1048228).
- libceph: drop need_resend from calc_target() (bsc#1048228).
- libceph: encode_{pgid,oloc}() helpers (bsc#1048228).
- libceph: fallback for when there isn't a pool-specific choose_arg
(bsc#1048228).
- libceph: fix old style declaration warnings (bsc#1048228).
- libceph: foldreq->last_force_resend into ceph_osd_request_target
(bsc#1048228).
- libceph: get rid of ack vs commit (bsc#1048228).
- libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228).
- libceph: initialize last_linger_id with a large integer (bsc#1048228).
- libceph: introduce and switch to decode_pg_mapping() (bsc#1048228).
- libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228).
- libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228).
- libceph: make DEFINE_RB_* helpers more general (bsc#1048228).
- libceph: make encode_request_*() work with r_mempool requests
(bsc#1048228).
- libceph: make RECOVERY_DELETES feature create a new interval
(bsc#1048228).
- libceph: make sure need_resend targets reflect latest map (bsc#1048228).
- libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228).
- libceph: new features macros (bsc#1048228).
- libceph: new pi->last_force_request_resend (bsc#1048228).
- libceph: NULL deref on osdmap_apply_incremental() error path
(bsc#1048228).
- libceph: osd_request_timeout option (bsc#1048228).
- libceph: osd_state is 32 bits wide in luminous (bsc#1048228).
- libceph: pg_upmap[_items] infrastructure (bsc#1048228).
- libceph: pool deletion detection (bsc#1048228).
- libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1048228).
- libceph: remove ceph_sanitize_features() workaround (bsc#1048228).
- libceph: remove now unused finish_request() wrapper (bsc#1048228).
- libceph: remove req->r_replay_version (bsc#1048228).
- libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228).
- libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).
- libceph: set -EINVAL in one place in crush_decode() (bsc#1048228).
- libceph: support SERVER_JEWEL feature bits (bsc#1048228).
- libceph: take osdc->lock in osdmap_show() and dump flags in hex
(bsc#1048228).
- libceph: upmap semantic changes (bsc#1048228).
- libceph: use alloc_pg_mapping() in __decode_pg_upmap_items()
(bsc#1048228).
- libceph: use target pi for calc_target() calculations (bsc#1048228).
- lib: test_rhashtable: fix for large entry counts (bsc#1055359).
- lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
- locking/rwsem: Fix down_write_killable() for
CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).
- locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
(bsc#969756).
- lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384).
- lpfc: convert info messages to standard messages (bsc#1052384).
- lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384).
- lpfc: Correct return error codes to align with nvme_fc transport
(bsc#1052384).
- lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384).
- lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384).
- lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384).
- lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology
(bsc#1052384).
- lpfc: fix "integer constant too large" error on 32bit archs
(bsc#1052384).
- lpfc: Fix loop mode target discovery (bsc#1052384).
- lpfc: Fix MRQ > 1 context list handling (bsc#1052384).
- lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).
- lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384).
- lpfc: Fix oops when NVME Target is discovered in a nonNVME environment
(bsc#1052384).
- lpfc: Fix plogi collision that causes illegal state transition
(bsc#1052384).
- lpfc: Fix rediscovery on switch blade pull (bsc#1052384).
- lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384).
- lpfc: fixup crash during storage failover operations (bsc#1042847).
- lpfc: Limit amount of work processed in IRQ (bsc#1052384).
- lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).
- lpfc: remove console log clutter (bsc#1052384).
- lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).
- megaraid_sas: Fix probing cards without io port (bsc#1053681).
- mmc: mmc: correct the logic for setting HS400ES signal voltage
(bsc#1054082).
- mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw
poison -- git fixes).
- mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
- net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336).
- netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
- netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
- netfilter: x_tables: pass xt_counters struct instead of packet counter
(bsc#1052888).
- netfilter: x_tables: pass xt_counters struct to counter allocator
(bsc#1052888).
- net: hns: add acpi function of xge led control (bsc#1049336).
- net: hns: Fix a skb used after free bug (bsc#1049336).
- net/mlx5: Cancel delayed recovery work when unloading the driver
(bsc#1015342).
- net/mlx5: Clean SRIOV eswitch resources upon VF creation failure
(bsc#1015342).
- net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).
- net/mlx5e: Add field select to MTPPS register (bsc#1015342).
- net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).
- net/mlx5e: Change 1PPS out scheme (bsc#1015342).
- net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).
- net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).
- net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).
- net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff
(bsc#1015342).
- net/mlx5e: Rename physical symbol errors counter (bsc#1015342).
- net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests
(bsc#1015342).
- net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).
- net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).
- net: phy: Fix lack of reference count on PHY driver (bsc#1049336).
- net: phy: Fix PHY module checks and NULL deref in phy_attach_direct()
(bsc#1049336).
- nvme-fc: address target disconnect race conditions in fcp io submit
(bsc#1052384).
- nvme-fc: do not override opts->nr_io_queues (bsc#1052384).
- nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384).
- nvme_fc/nvmet_fc: revise Create Association descriptor length
(bsc#1052384).
- nvme_fc: Reattach to localports on re-registration (bsc#1052384).
- nvme-fc: revise TRADDR parsing (bsc#1052384).
- nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384).
- nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it
(bsc#1052384).
- nvme: fix hostid parsing (bsc#1049272).
- nvme-loop: update tagset nr_hw_queues after reconnecting/resetting
(bsc#1052384).
- nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).
- nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting
(bsc#1052384).
- nvmet: avoid unneeded assignment of submit_bio return value
(bsc#1052384).
- nvmet_fc: Accept variable pad lengths on Create Association LS
(bsc#1052384).
- nvmet_fc: add defer_req callback for deferment of cmd buffer return
(bsc#1052384).
- nvmet-fc: correct use after free on list teardown (bsc#1052384).
- nvmet-fc: eliminate incorrect static markers on local variables
(bsc#1052384).
- nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association
(bsc#1052384).
- nvmet_fc: Simplify sg list handling (bsc#1052384).
- nvmet: prefix version configfs file with attr (bsc#1052384).
- of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()
(bsc#1056827).
- ovl: fix dentry leak for default_permissions (bsc#1054084).
- pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).
- pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs
(1050211).
- percpu_ref: allow operation mode switching operations to be called
concurrently (bsc#1055096).
- percpu_ref: remove unnecessary RCU grace period for staggered atomic
switching confirmation (bsc#1055096).
- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate
percpu_ref_switch_to_atomic() (bsc#1055096).
- percpu_ref: restructure operation mode switching (bsc#1055096).
- percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
- phy: Do not increment MDIO bus refcount unless it's a different owner
(bsc#1049336).
- phy: fix error case of phy_led_triggers_(un)register (bsc#1049336).
- qeth: add network device features for VLAN devices (bnc#1053472,
LTC#157385).
- r8169: Add support for restarting auto-negotiation (bsc#1050742).
- r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742).
- r8169:fix system hange problem (bsc#1050742).
- r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742).
- r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742).
- r8169:Remove unnecessary phy reset for pcie nic when setting link spped
(bsc#1050742).
- r8169:Update the way of reading RTL8168H PHY register "rg_saw_cnt"
(bsc#1050742).
- rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).
- Remove patch
0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch
(bsc#1037838)
- Revert "ceph: SetPageError() for writeback pages if writepages fails"
(bsc#1048228).
- s390/diag: add diag26c support (bnc#1053472, LTC#156729).
- s390: export symbols for crash-kmp (bsc#1053915).
- s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h
(bsc#1053472).
- s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472,
LTC#157731).
- s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731).
- s390/pci: improve error handling during fmb (de)registration
(bnc#1053472, LTC#157731).
- s390/pci: improve error handling during interrupt deregistration
(bnc#1053472, LTC#157731).
- s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).
- s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731).
- s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731).
- s390/pci: provide more debug information (bnc#1053472, LTC#157731).
- s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731).
- s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276).
- s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276).
- s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472,
LTC#156729).
- scsi: csiostor: add check for supported fw version (bsc#1005776).
- scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776).
- scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
(bsc#1005776).
- scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776).
- scsi: csiostor: update module version (bsc#1052093).
- scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094).
- scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912).
- scsi: qedf: Limit number of CQs (bsc#1040813).
- supported.conf: clear mistaken external support flag for cifs.ko
(bsc#1053802).
- tpm: fix: return rc when devm_add_action() fails (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
8e0ee3c9faed).
- tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
- tpm: KABI fix (bsc#1053117).
- tpm: read burstcount from TPM_STS in one 32-bit transaction
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes 27084efee0c3).
- tpm_tis_core: Choose appropriate timeout for reading burstcount
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes aec04cbdf723).
- tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
aec04cbdf723).
- tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082).
- tty: serial: msm: Support more bauds (git-fixes).
- Update
patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes 5ca4c20cfd37).
- usb: core: fix device node leak (bsc#1047487).
- x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).
- xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage
(bsc#1055896).
- xfs: nowait aio support (FATE#321994).
- xgene: Always get clk source, but ignore if it's missing for SGMII ports
(bsc#1048501).
- xgene: Do not fail probe, if there is no clk resource for SGMII
interfaces (bsc#1048501).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1017=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.85-22.1
kernel-docs-4.4.85-22.3
kernel-docs-html-4.4.85-22.3
kernel-docs-pdf-4.4.85-22.3
kernel-macros-4.4.85-22.1
kernel-source-4.4.85-22.1
kernel-source-vanilla-4.4.85-22.1
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.85-22.1
kernel-debug-base-4.4.85-22.1
kernel-debug-base-debuginfo-4.4.85-22.1
kernel-debug-debuginfo-4.4.85-22.1
kernel-debug-debugsource-4.4.85-22.1
kernel-debug-devel-4.4.85-22.1
kernel-debug-devel-debuginfo-4.4.85-22.1
kernel-default-4.4.85-22.1
kernel-default-base-4.4.85-22.1
kernel-default-base-debuginfo-4.4.85-22.1
kernel-default-debuginfo-4.4.85-22.1
kernel-default-debugsource-4.4.85-22.1
kernel-default-devel-4.4.85-22.1
kernel-obs-build-4.4.85-22.1
kernel-obs-build-debugsource-4.4.85-22.1
kernel-obs-qa-4.4.85-22.1
kernel-syms-4.4.85-22.1
kernel-vanilla-4.4.85-22.1
kernel-vanilla-base-4.4.85-22.1
kernel-vanilla-base-debuginfo-4.4.85-22.1
kernel-vanilla-debuginfo-4.4.85-22.1
kernel-vanilla-debugsource-4.4.85-22.1
kernel-vanilla-devel-4.4.85-22.1
References:
https://www.suse.com/security/cve/CVE-2017-12134.html
https://www.suse.com/security/cve/CVE-2017-14051.html
https://bugzilla.suse.com/1005776
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1020657
https://bugzilla.suse.com/1030850
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1031784
https://bugzilla.suse.com/1034048
https://bugzilla.suse.com/1037838
https://bugzilla.suse.com/1040813
https://bugzilla.suse.com/1042847
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047989
https://bugzilla.suse.com/1048155
https://bugzilla.suse.com/1048228
https://bugzilla.suse.com/1048325
https://bugzilla.suse.com/1048327
https://bugzilla.suse.com/1048356
https://bugzilla.suse.com/1048501
https://bugzilla.suse.com/1048912
https://bugzilla.suse.com/1048934
https://bugzilla.suse.com/1049226
https://bugzilla.suse.com/1049272
https://bugzilla.suse.com/1049291
https://bugzilla.suse.com/1049336
https://bugzilla.suse.com/1050211
https://bugzilla.suse.com/1050742
https://bugzilla.suse.com/1051790
https://bugzilla.suse.com/1052093
https://bugzilla.suse.com/1052094
https://bugzilla.suse.com/1052095
https://bugzilla.suse.com/1052384
https://bugzilla.suse.com/1052580
https://bugzilla.suse.com/1052888
https://bugzilla.suse.com/1053117
https://bugzilla.suse.com/1053309
https://bugzilla.suse.com/1053472
https://bugzilla.suse.com/1053627
https://bugzilla.suse.com/1053629
https://bugzilla.suse.com/1053633
https://bugzilla.suse.com/1053681
https://bugzilla.suse.com/1053685
https://bugzilla.suse.com/1053802
https://bugzilla.suse.com/1053915
https://bugzilla.suse.com/1053919
https://bugzilla.suse.com/1054082
https://bugzilla.suse.com/1054084
https://bugzilla.suse.com/1055013
https://bugzilla.suse.com/1055096
https://bugzilla.suse.com/1055272
https://bugzilla.suse.com/1055290
https://bugzilla.suse.com/1055359
https://bugzilla.suse.com/1055709
https://bugzilla.suse.com/1055896
https://bugzilla.suse.com/1055935
https://bugzilla.suse.com/1055963
https://bugzilla.suse.com/1056185
https://bugzilla.suse.com/1056588
https://bugzilla.suse.com/1056827
https://bugzilla.suse.com/969756
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2381-1: important: Security update for gdk-pixbuf
by opensuse-security@opensuse.org 06 Sep '17
by opensuse-security@opensuse.org 06 Sep '17
06 Sep '17
SUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2381-1
Rating: important
References: #1027024 #1027025 #1027026 #1048289 #1048544
#1049877
Cross-References: CVE-2017-2862 CVE-2017-2870 CVE-2017-6312
CVE-2017-6313 CVE-2017-6314
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for gdk-pixbuf fixes the following issues:
- CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution
Vulnerability (bsc#1048289)
- CVE-2017-2870: tiff_image_parse Code Execution Vulnerability
(bsc#1048544)
- CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024)
- CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025)
- CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1471=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1471=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1471=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1471=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1471=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1471=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1471=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-devel-2.34.0-19.5.1
gdk-pixbuf-devel-debuginfo-2.34.0-19.5.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-devel-2.34.0-19.5.1
gdk-pixbuf-devel-debuginfo-2.34.0-19.5.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
gdk-pixbuf-lang-2.34.0-19.5.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
gdk-pixbuf-lang-2.34.0-19.5.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
gdk-pixbuf-lang-2.34.0-19.5.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
gdk-pixbuf-lang-2.34.0-19.5.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
gdk-pixbuf-lang-2.34.0-19.5.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
gdk-pixbuf-debugsource-2.34.0-19.5.1
gdk-pixbuf-query-loaders-2.34.0-19.5.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.5.1
gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.5.1
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.5.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.5.1
References:
https://www.suse.com/security/cve/CVE-2017-2862.html
https://www.suse.com/security/cve/CVE-2017-2870.html
https://www.suse.com/security/cve/CVE-2017-6312.html
https://www.suse.com/security/cve/CVE-2017-6313.html
https://www.suse.com/security/cve/CVE-2017-6314.html
https://bugzilla.suse.com/1027024
https://bugzilla.suse.com/1027025
https://bugzilla.suse.com/1027026
https://bugzilla.suse.com/1048289
https://bugzilla.suse.com/1048544
https://bugzilla.suse.com/1049877
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0