January 2018 - openSUSE Security Announce

[security-announce] openSUSE-SU-2018:0256-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 28 Jan '18

28 Jan '18

openSUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0256-1 Rating: important References: #1077291 Cross-References: CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). These security issues were fixed: - Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. - Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices - Calendar: Unintended task deletion if numlock is enabled Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-101=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): MozillaThunderbird-52.6-54.1 MozillaThunderbird-buildsymbols-52.6-54.1 MozillaThunderbird-debuginfo-52.6-54.1 MozillaThunderbird-debugsource-52.6-54.1 MozillaThunderbird-devel-52.6-54.1 MozillaThunderbird-translations-common-52.6-54.1 MozillaThunderbird-translations-other-52.6-54.1 References: https://www.suse.com/security/cve/CVE-2018-5089.html https://www.suse.com/security/cve/CVE-2018-5095.html https://www.suse.com/security/cve/CVE-2018-5096.html https://www.suse.com/security/cve/CVE-2018-5097.html https://www.suse.com/security/cve/CVE-2018-5098.html https://www.suse.com/security/cve/CVE-2018-5099.html https://www.suse.com/security/cve/CVE-2018-5102.html https://www.suse.com/security/cve/CVE-2018-5103.html https://www.suse.com/security/cve/CVE-2018-5104.html https://www.suse.com/security/cve/CVE-2018-5117.html https://bugzilla.suse.com/1077291 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0255-1: important: Security update for clamav
by opensuse-security＠opensuse.org 27 Jan '18

27 Jan '18

SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0255-1 Rating: important References: #1040662 #1049423 #1052448 #1052449 #1052466 #1077732 Cross-References: CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it's removal in Leap bsc#1040662 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-176=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-176=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2018-176=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-176=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-176=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-176=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-176=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-176=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-176=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-176=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): clamav-0.99.3-33.5.1 clamav-debuginfo-0.99.3-33.5.1 clamav-debugsource-0.99.3-33.5.1 References: https://www.suse.com/security/cve/CVE-2017-11423.html https://www.suse.com/security/cve/CVE-2017-12374.html https://www.suse.com/security/cve/CVE-2017-12375.html https://www.suse.com/security/cve/CVE-2017-12376.html https://www.suse.com/security/cve/CVE-2017-12377.html https://www.suse.com/security/cve/CVE-2017-12378.html https://www.suse.com/security/cve/CVE-2017-12379.html https://www.suse.com/security/cve/CVE-2017-12380.html https://www.suse.com/security/cve/CVE-2017-6418.html https://www.suse.com/security/cve/CVE-2017-6419.html https://www.suse.com/security/cve/CVE-2017-6420.html https://bugzilla.suse.com/1040662 https://bugzilla.suse.com/1049423 https://bugzilla.suse.com/1052448 https://bugzilla.suse.com/1052449 https://bugzilla.suse.com/1052466 https://bugzilla.suse.com/1077732 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0254-1: important: Security update for clamav
by opensuse-security＠opensuse.org 27 Jan '18

27 Jan '18

SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0254-1 Rating: important References: #1049423 #1052448 #1052449 #1052466 #1077732 Cross-References: CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-13445=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-clamav-13445=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-13445=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-13445=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-13445=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.99.3-0.20.3.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): clamav-0.99.3-0.20.3.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.99.3-0.20.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.99.3-0.20.3.2 clamav-debugsource-0.99.3-0.20.3.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.99.3-0.20.3.2 clamav-debugsource-0.99.3-0.20.3.2 References: https://www.suse.com/security/cve/CVE-2017-11423.html https://www.suse.com/security/cve/CVE-2017-12374.html https://www.suse.com/security/cve/CVE-2017-12375.html https://www.suse.com/security/cve/CVE-2017-12376.html https://www.suse.com/security/cve/CVE-2017-12377.html https://www.suse.com/security/cve/CVE-2017-12378.html https://www.suse.com/security/cve/CVE-2017-12379.html https://www.suse.com/security/cve/CVE-2017-12380.html https://www.suse.com/security/cve/CVE-2017-6418.html https://www.suse.com/security/cve/CVE-2017-6419.html https://www.suse.com/security/cve/CVE-2017-6420.html https://bugzilla.suse.com/1049423 https://bugzilla.suse.com/1052448 https://bugzilla.suse.com/1052449 https://bugzilla.suse.com/1052466 https://bugzilla.suse.com/1077732 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0253-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0253-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-174=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-7-2.1 kgraft-patch-3_12_74-60_64_48-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-7-2.1 kgraft-patch-3_12_74-60_64_48-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0252-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0252-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-168=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-168=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-8-2.1 kgraft-patch-3_12_74-60_64_40-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-8-2.1 kgraft-patch-3_12_74-60_64_40-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0251-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0251-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes one issue. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-165=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-3-2.1 kgraft-patch-3_12_61-52_101-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0250-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0250-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes one issue. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-159=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-6-2.1 kgraft-patch-3_12_61-52_89-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0249-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0249-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes one issue. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-7-2.1 kgraft-patch-3_12_61-52_80-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0245-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0245-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_72 fixes one issue. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_72-default-8-2.1 kgraft-patch-3_12_61-52_72-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2018:0244-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12)
by opensuse-security＠opensuse.org 26 Jan '18

26 Jan '18

SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0244-1 Rating: important References: #1069708 #1071471 Cross-References: CVE-2017-15868 CVE-2017-16939 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes one issue. The following security issues were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bsc#1071471). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-163=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-8-2.1 kgraft-patch-3_12_61-52_77-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16939.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1071471 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0