openSUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0323-1
Rating: important
References: #1040039 #1047184 #1076118
Cross-References: CVE-2017-3145
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for bind fixes several issues.
This security issue was fixed:
- CVE-2017-3145: Improper sequencing during cleanup could have lead to a
use-after-free error that triggered an assertion failure and crash in
named (bsc#1076118).
These non-security issues were fixed:
- Updated named.root file (bsc#1040039)
- Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-114=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
bind-9.9.9P1-53.1
bind-chrootenv-9.9.9P1-53.1
bind-debuginfo-9.9.9P1-53.1
bind-debugsource-9.9.9P1-53.1
bind-devel-9.9.9P1-53.1
bind-libs-9.9.9P1-53.1
bind-libs-debuginfo-9.9.9P1-53.1
bind-lwresd-9.9.9P1-53.1
bind-lwresd-debuginfo-9.9.9P1-53.1
bind-utils-9.9.9P1-53.1
bind-utils-debuginfo-9.9.9P1-53.1
- openSUSE Leap 42.3 (x86_64):
bind-libs-32bit-9.9.9P1-53.1
bind-libs-debuginfo-32bit-9.9.9P1-53.1
- openSUSE Leap 42.3 (noarch):
bind-doc-9.9.9P1-53.1
References:
https://www.suse.com/security/cve/CVE-2017-3145.htmlhttps://bugzilla.suse.com/1040039https://bugzilla.suse.com/1047184https://bugzilla.suse.com/1076118
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
Hi all,
With the release of release-notes-openSUSE on Jan 26th, 2018 the SUSE
sponsored maintenance of openSUSE Leap 42.2 has ended.
openSUSE Leap 42.2 is now officially discontinued and out of support by
SUSE.
The currently maintained stable release is openSUSE Leap 42.3, which
will be maintained until Jan 31st 2019. See https://en.opensuse.org/Lifetime
Upgrading is easy. See the links below for instructions:
https://doc.opensuse.org/documentation/leap/startup/html/book.opensuse.star…https://en.opensuse.org/SDB:System_upgradehttps://en.opensuse.org/SDB:Offline_upgrade
openSUSE Leap 42.2 was released on November 16, 2016, making it ca. 14
months of security and bugfix support.
It was the second hybrid distribution which used sources from SUSE Linux
Enterprise and from our community developers to bridge a gap between
matured packages and newer packages found in openSUSE Tumbleweed.
Some statistics on the released patches (compared to Leap 42.1):
Total updates: 1286 (-156)
Updates imported from SUSE Linux Enterprise: 648 (+141)
Updates provided by community developers: 638 (-297)
Security: 569 (-29)
Recommended: 677 (-130)
Optional: 39 (+3)
Feature: 1 (+-0)
Fixed CVE-entries: 2239 (-195)
Fixed Bugs (overall): 3887 (+152)
A huge thanks to our awesome packagers, community, and all involved
people, who made the next great release possible!
Your maintenance- and security-team
--
Benjamin Brunner <bbrunner(a)suse.com>,
SUSE Maintenance
SUSE LINUX GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284
(AG Nürnberg)
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0303-1
Rating: important
References: #1040039 #1047184 #1076118
Cross-References: CVE-2017-3145
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for bind fixes several issues.
This security issue was fixed:
- CVE-2017-3145: Improper sequencing during cleanup could have lead to a
use-after-free error that triggered an assertion failure and crash in
named (bsc#1076118).
These non-security issues were fixed:
- Updated named.root file (bsc#1040039)
- Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2018-220=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-220=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-220=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-220=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-220=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-220=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-220=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-220=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-220=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-220=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (noarch):
bind-doc-9.9.9P1-63.7.1
- SUSE OpenStack Cloud 6 (x86_64):
bind-9.9.9P1-63.7.1
bind-chrootenv-9.9.9P1-63.7.1
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-devel-9.9.9P1-63.7.1
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-devel-9.9.9P1-63.7.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-devel-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
bind-9.9.9P1-63.7.1
bind-chrootenv-9.9.9P1-63.7.1
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-devel-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):
bind-doc-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
bind-9.9.9P1-63.7.1
bind-chrootenv-9.9.9P1-63.7.1
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
bind-doc-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
bind-9.9.9P1-63.7.1
bind-chrootenv-9.9.9P1-63.7.1
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
bind-doc-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
bind-9.9.9P1-63.7.1
bind-chrootenv-9.9.9P1-63.7.1
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
bind-doc-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
bind-9.9.9P1-63.7.1
bind-chrootenv-9.9.9P1-63.7.1
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-devel-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64):
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):
bind-doc-9.9.9P1-63.7.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
bind-debuginfo-9.9.9P1-63.7.1
bind-debugsource-9.9.9P1-63.7.1
bind-libs-32bit-9.9.9P1-63.7.1
bind-libs-9.9.9P1-63.7.1
bind-libs-debuginfo-32bit-9.9.9P1-63.7.1
bind-libs-debuginfo-9.9.9P1-63.7.1
bind-utils-9.9.9P1-63.7.1
bind-utils-debuginfo-9.9.9P1-63.7.1
References:
https://www.suse.com/security/cve/CVE-2017-3145.htmlhttps://bugzilla.suse.com/1040039https://bugzilla.suse.com/1047184https://bugzilla.suse.com/1076118
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0301-1
Rating: important
References: #1073230
Cross-References: CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.4.103-92_56 fixes one issue.
The following security issue was fixed:
- CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2018-216=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_103-92_56-default-2-2.1
References:
https://www.suse.com/security/cve/CVE-2017-17712.htmlhttps://bugzilla.suse.com/1073230
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0298-1
Rating: important
References: #1073230
Cross-References: CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.4.103-92_53 fixes one issue.
The following security issue was fixed:
- CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2018-217=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_103-92_53-default-2-2.1
References:
https://www.suse.com/security/cve/CVE-2017-17712.htmlhttps://bugzilla.suse.com/1073230
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0297-1
Rating: important
References: #1069708 #1073230
Cross-References: CVE-2017-16939 CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.49-92_11 fixes several issues.
The following security issues were fixed:
- CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
- CVE-2017-16939: The XFRM dump policy implementation allowed local users
to gain privileges or cause a denial of service (use-after-free) via a
crafted SO_RCVBUF setsockopt system call in conjunction with
XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2018-219=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_49-92_11-default-10-2.1
References:
https://www.suse.com/security/cve/CVE-2017-16939.htmlhttps://www.suse.com/security/cve/CVE-2017-17712.htmlhttps://bugzilla.suse.com/1069708https://bugzilla.suse.com/1073230
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0296-1
Rating: important
References: #1069708 #1073230
Cross-References: CVE-2017-16939 CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.49-92_14 fixes several issues.
The following security issues were fixed:
- CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
- CVE-2017-16939: The XFRM dump policy implementation allowed local users
to gain privileges or cause a denial of service (use-after-free) via a
crafted SO_RCVBUF setsockopt system call in conjunction with
XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2018-218=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_49-92_14-default-9-2.1
References:
https://www.suse.com/security/cve/CVE-2017-16939.htmlhttps://www.suse.com/security/cve/CVE-2017-17712.htmlhttps://bugzilla.suse.com/1069708https://bugzilla.suse.com/1073230
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0294-1
Rating: important
References: #1073230
Cross-References: CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.4.90-92_50 fixes one issue.
The following security issue was fixed:
- CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2018-215=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_90-92_50-default-3-2.1
References:
https://www.suse.com/security/cve/CVE-2017-17712.htmlhttps://bugzilla.suse.com/1073230
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org