openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- 4 participants
- 10846 discussions
[security-announce] SUSE-SU-2015:2336-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 21 Dec '15
by opensuse-security@opensuse.org 21 Dec '15
21 Dec '15
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2336-1
Rating: important
References: #959277
Cross-References: CVE-2015-7201 CVE-2015-7202 CVE-2015-7205
CVE-2015-7210 CVE-2015-7212 CVE-2015-7213
CVE-2015-7214 CVE-2015-7222
Affected Products:
SUSE Linux Enterprise Server 11-SP2-LTSS
SUSE Linux Enterprise Debuginfo 11-SP2
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
MozillaFirefox was updated to version 38.5.0 ESR.
It fixes the following security issues:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety
hazards (rv:43.0 / rv:38.5)
* MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is
used after being destroyed
* MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large
textures
* MFSA 2015-145/CVE-2015-7205 Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit
versions
* MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow
processing MP4 metadata in libstagefright
* MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and
view-source URIs
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP2-LTSS:
zypper in -t patch slessp2-MozillaFirefox-12275=1
- SUSE Linux Enterprise Debuginfo 11-SP2:
zypper in -t patch dbgsp2-MozillaFirefox-12275=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):
MozillaFirefox-38.5.0esr-28.2
MozillaFirefox-translations-38.5.0esr-28.2
- SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):
MozillaFirefox-debuginfo-38.5.0esr-28.2
MozillaFirefox-debugsource-38.5.0esr-28.2
References:
https://www.suse.com/security/cve/CVE-2015-7201.html
https://www.suse.com/security/cve/CVE-2015-7202.html
https://www.suse.com/security/cve/CVE-2015-7205.html
https://www.suse.com/security/cve/CVE-2015-7210.html
https://www.suse.com/security/cve/CVE-2015-7212.html
https://www.suse.com/security/cve/CVE-2015-7213.html
https://www.suse.com/security/cve/CVE-2015-7214.html
https://www.suse.com/security/cve/CVE-2015-7222.html
https://bugzilla.suse.com/959277
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2335-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 21 Dec '15
by opensuse-security@opensuse.org 21 Dec '15
21 Dec '15
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2335-1
Rating: important
References: #959277
Cross-References: CVE-2015-7201 CVE-2015-7202 CVE-2015-7205
CVE-2015-7210 CVE-2015-7212 CVE-2015-7213
CVE-2015-7214 CVE-2015-7222
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12-SP1
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
MozillaFirefox was updated to version 38.5.0 ESR to fix the following
issues:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety
hazards (rv:43.0 / rv:38.5)
* MFSA 2015-138/CVE-2015-7210 A use-after-free in WebRTC when datachannel
is used after being destroyed
* MFSA 2015-139/CVE-2015-7212 An integer overflow allocating extremely
large textures
* MFSA 2015-145/CVE-2015-7205 A underflow found through code inspection
* MFSA 2015-146/CVE-2015-7213 A integer overflow in MP4 playback in 64-bit
versions
* MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow
processing MP4 metadata in libstagefright
* MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and
view-source URIs
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1001=1
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-1001=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1001=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-1001=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1001=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1001=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
MozillaFirefox-debuginfo-38.5.0esr-54.1
MozillaFirefox-debugsource-38.5.0esr-54.1
MozillaFirefox-devel-38.5.0esr-54.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
MozillaFirefox-debuginfo-38.5.0esr-54.1
MozillaFirefox-debugsource-38.5.0esr-54.1
MozillaFirefox-devel-38.5.0esr-54.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
MozillaFirefox-38.5.0esr-54.1
MozillaFirefox-debuginfo-38.5.0esr-54.1
MozillaFirefox-debugsource-38.5.0esr-54.1
MozillaFirefox-translations-38.5.0esr-54.1
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
MozillaFirefox-38.5.0esr-54.1
MozillaFirefox-debuginfo-38.5.0esr-54.1
MozillaFirefox-debugsource-38.5.0esr-54.1
MozillaFirefox-translations-38.5.0esr-54.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
MozillaFirefox-38.5.0esr-54.1
MozillaFirefox-debuginfo-38.5.0esr-54.1
MozillaFirefox-debugsource-38.5.0esr-54.1
MozillaFirefox-translations-38.5.0esr-54.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
MozillaFirefox-38.5.0esr-54.1
MozillaFirefox-debuginfo-38.5.0esr-54.1
MozillaFirefox-debugsource-38.5.0esr-54.1
MozillaFirefox-translations-38.5.0esr-54.1
References:
https://www.suse.com/security/cve/CVE-2015-7201.html
https://www.suse.com/security/cve/CVE-2015-7202.html
https://www.suse.com/security/cve/CVE-2015-7205.html
https://www.suse.com/security/cve/CVE-2015-7210.html
https://www.suse.com/security/cve/CVE-2015-7212.html
https://www.suse.com/security/cve/CVE-2015-7213.html
https://www.suse.com/security/cve/CVE-2015-7214.html
https://www.suse.com/security/cve/CVE-2015-7222.html
https://bugzilla.suse.com/959277
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2334-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 21 Dec '15
by opensuse-security@opensuse.org 21 Dec '15
21 Dec '15
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2334-1
Rating: important
References: #959277
Cross-References: CVE-2015-7201 CVE-2015-7202 CVE-2015-7205
CVE-2015-7210 CVE-2015-7212 CVE-2015-7213
CVE-2015-7214 CVE-2015-7222
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Software Development Kit 11-SP3
SUSE Linux Enterprise Server for VMWare 11-SP3
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3
SUSE Linux Enterprise Desktop 11-SP4
SUSE Linux Enterprise Desktop 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
MozillaFirefox was updated to version 38.5.0 esr to fix the following
issues:
Following security issues were fixed:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety
hazards (rv:43.0 / rv:38.5)
* MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is
used after being destroyed
* MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large
textures
* MFSA 2015-145/CVE-2015-7205 Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit
versions
* MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow
processing MP4 metadata in libstagefright
* MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and
view-source URIs
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-MozillaFirefox-12276=1
- SUSE Linux Enterprise Software Development Kit 11-SP3:
zypper in -t patch sdksp3-MozillaFirefox-12276=1
- SUSE Linux Enterprise Server for VMWare 11-SP3:
zypper in -t patch slessp3-MozillaFirefox-12276=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-MozillaFirefox-12276=1
- SUSE Linux Enterprise Server 11-SP3:
zypper in -t patch slessp3-MozillaFirefox-12276=1
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-MozillaFirefox-12276=1
- SUSE Linux Enterprise Desktop 11-SP3:
zypper in -t patch sledsp3-MozillaFirefox-12276=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-MozillaFirefox-12276=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-MozillaFirefox-12276=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-38.5.0esr-28.2
- SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-38.5.0esr-28.2
- SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64):
MozillaFirefox-38.5.0esr-28.2
MozillaFirefox-translations-38.5.0esr-28.2
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-38.5.0esr-28.2
MozillaFirefox-translations-38.5.0esr-28.2
- SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-38.5.0esr-28.2
MozillaFirefox-translations-38.5.0esr-28.2
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
MozillaFirefox-38.5.0esr-28.2
MozillaFirefox-translations-38.5.0esr-28.2
- SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):
MozillaFirefox-38.5.0esr-28.2
MozillaFirefox-translations-38.5.0esr-28.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-debuginfo-38.5.0esr-28.2
MozillaFirefox-debugsource-38.5.0esr-28.2
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-debuginfo-38.5.0esr-28.2
MozillaFirefox-debugsource-38.5.0esr-28.2
References:
https://www.suse.com/security/cve/CVE-2015-7201.html
https://www.suse.com/security/cve/CVE-2015-7202.html
https://www.suse.com/security/cve/CVE-2015-7205.html
https://www.suse.com/security/cve/CVE-2015-7210.html
https://www.suse.com/security/cve/CVE-2015-7212.html
https://www.suse.com/security/cve/CVE-2015-7213.html
https://www.suse.com/security/cve/CVE-2015-7214.html
https://www.suse.com/security/cve/CVE-2015-7222.html
https://bugzilla.suse.com/959277
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2305-1: important: Security update for ldb, samba, talloc, tdb, tevent
by opensuse-security@opensuse.org 18 Dec '15
by opensuse-security@opensuse.org 18 Dec '15
18 Dec '15
SUSE Security Update: Security update for ldb, samba, talloc, tdb, tevent
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2305-1
Rating: important
References: #949022 #951660 #954658 #958581 #958582 #958583
#958584 #958585 #958586
Cross-References: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296
CVE-2015-5299 CVE-2015-5330 CVE-2015-8467
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 6 vulnerabilities and has three fixes
is now available.
Description:
This update for ldb, samba, talloc, tdb, tevent fixes the following
security issues and bugs:
The Samba LDB was updated to version 1.1.24:
- Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325)
- Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599)
- Move ldb_(un)pack_data into ldb_module.h for testing
- Fix installation of _ldb_text.py
- Fix propagation of ldb errors through tdb
- Fix bug triggered by having an empty message in database during search
Samba was updated to fix these issues:
- Malicious request can cause Samba LDAP server to hang, spinning using
CPU; CVE-2015-3223; (bso#11325); (bnc#958581).
- Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
- Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
- No man in the middle protection when forcing smb encryption on the
client side; CVE-2015-5296; (bso#11536); (bnc#958584).
- Currently the snapshot browsing is not secure thru windows previous
version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
- Fix Microsoft MS15-096 to prevent machine accounts from being changed
into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
- Changing log level of two entries to from 1 to 3; (bso#9912).
- vfs_gpfs: Re-enable share modes; (bso#11243).
- wafsamba: Also build libraries with RELRO protection; (bso#11346).
- ctdb: Strip trailing spaces from nodes file; (bso#11365).
- s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute
type
of zero; (bso#11452).
- nss_wins: Do not run into use after free issues when we access memory
allocated on the globals and the global being reinitialized; (bso#11563).
- async_req: Fix non-blocking connect(); (bso#11564).
- auth: gensec: Fix a memory leak; (bso#11565).
- lib: util: Make non-critical message a warning; (bso#11566).
- Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bnc#949022).
- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
- ctdb: Open the RO tracking db with perms 0600 instead of 0000;
(bso#11577).
- manpage: Correct small typo error; (bso#11584).
- s3: smbd: If EA's are turned off on a share don't allow an SMB2 create
containing them; (bso#11589).
- Backport some valgrind fixes from upstream master; (bso#11597).
- s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
- docs: Fix some typos in the idmap config section of man 5 smb.conf;
(bso#11619).
- Cleanup and enhance the pidl sub package.
- s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
Windows; (bso#10252).
- smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
- kerberos: Make sure we only use prompter type when available;
(bso#11038).
- s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket;
(bso#11316).
- dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327).
- Fix a deadlock in tdb; (bso#11381).
- s3: smbd: Fix mkdir race condition; (bso#11486).
- pam_winbind: Fix a segfault if initialization fails; (bso#11502).
- s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
- s3: smbd: Fix opening/creating :stream files on the root share
directory; (bso#11522).
- net: Fix a crash with 'net ads keytab create'; (bso#11528).
- s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug
introduced by previous 'raw' stream fix (bso#11522); (bso#11535).
- vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
- vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
- Fix bug in smbstatus where the lease info is not printed; (bso#11549).
- s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
- Prevent null pointer access in samlogon fallback when security
credentials are null; (bnc#949022).
- Fix 100% CPU in winbindd when logging in with "user must change password
on next logon"; (bso#11038).
talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660).
- Test that talloc magic differs between processes.
- Increment minor version due to added talloc_test_get_magic.
- Provide tests access to talloc_magic.
- Test magic protection measures.
tdb was updated to version 1.3.8; (bsc#954658).
- Improved python3 bindings
tevent was updated to 0.9.26; (bsc#954658).
- New tevent_thread_proxy api
- Minor build fixes
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-996=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-996=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-996=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
ldb-debugsource-1.1.24-4.1
libdcerpc-atsvc-devel-4.2.4-6.1
libdcerpc-atsvc0-4.2.4-6.1
libdcerpc-atsvc0-debuginfo-4.2.4-6.1
libdcerpc-devel-4.2.4-6.1
libdcerpc-samr-devel-4.2.4-6.1
libdcerpc-samr0-4.2.4-6.1
libdcerpc-samr0-debuginfo-4.2.4-6.1
libgensec-devel-4.2.4-6.1
libldb-devel-1.1.24-4.1
libndr-devel-4.2.4-6.1
libndr-krb5pac-devel-4.2.4-6.1
libndr-nbt-devel-4.2.4-6.1
libndr-standard-devel-4.2.4-6.1
libnetapi-devel-4.2.4-6.1
libregistry-devel-4.2.4-6.1
libsamba-credentials-devel-4.2.4-6.1
libsamba-hostconfig-devel-4.2.4-6.1
libsamba-passdb-devel-4.2.4-6.1
libsamba-policy-devel-4.2.4-6.1
libsamba-policy0-4.2.4-6.1
libsamba-policy0-debuginfo-4.2.4-6.1
libsamba-util-devel-4.2.4-6.1
libsamdb-devel-4.2.4-6.1
libsmbclient-devel-4.2.4-6.1
libsmbclient-raw-devel-4.2.4-6.1
libsmbconf-devel-4.2.4-6.1
libsmbldap-devel-4.2.4-6.1
libtalloc-devel-2.1.5-4.1
libtdb-devel-1.3.8-4.1
libtevent-devel-0.9.26-4.1
libtevent-util-devel-4.2.4-6.1
libwbclient-devel-4.2.4-6.1
pyldb-1.1.24-4.1
pyldb-debuginfo-1.1.24-4.1
pyldb-devel-1.1.24-4.1
pytalloc-devel-2.1.5-4.1
samba-core-devel-4.2.4-6.1
samba-debuginfo-4.2.4-6.1
samba-debugsource-4.2.4-6.1
samba-test-devel-4.2.4-6.1
talloc-debugsource-2.1.5-4.1
tdb-debugsource-1.3.8-4.1
tevent-debugsource-0.9.26-4.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
ldb-debugsource-1.1.24-4.1
libdcerpc-binding0-4.2.4-6.1
libdcerpc-binding0-debuginfo-4.2.4-6.1
libdcerpc0-4.2.4-6.1
libdcerpc0-debuginfo-4.2.4-6.1
libgensec0-4.2.4-6.1
libgensec0-debuginfo-4.2.4-6.1
libldb1-1.1.24-4.1
libldb1-debuginfo-1.1.24-4.1
libndr-krb5pac0-4.2.4-6.1
libndr-krb5pac0-debuginfo-4.2.4-6.1
libndr-nbt0-4.2.4-6.1
libndr-nbt0-debuginfo-4.2.4-6.1
libndr-standard0-4.2.4-6.1
libndr-standard0-debuginfo-4.2.4-6.1
libndr0-4.2.4-6.1
libndr0-debuginfo-4.2.4-6.1
libnetapi0-4.2.4-6.1
libnetapi0-debuginfo-4.2.4-6.1
libregistry0-4.2.4-6.1
libregistry0-debuginfo-4.2.4-6.1
libsamba-credentials0-4.2.4-6.1
libsamba-credentials0-debuginfo-4.2.4-6.1
libsamba-hostconfig0-4.2.4-6.1
libsamba-hostconfig0-debuginfo-4.2.4-6.1
libsamba-passdb0-4.2.4-6.1
libsamba-passdb0-debuginfo-4.2.4-6.1
libsamba-util0-4.2.4-6.1
libsamba-util0-debuginfo-4.2.4-6.1
libsamdb0-4.2.4-6.1
libsamdb0-debuginfo-4.2.4-6.1
libsmbclient-raw0-4.2.4-6.1
libsmbclient-raw0-debuginfo-4.2.4-6.1
libsmbclient0-4.2.4-6.1
libsmbclient0-debuginfo-4.2.4-6.1
libsmbconf0-4.2.4-6.1
libsmbconf0-debuginfo-4.2.4-6.1
libsmbldap0-4.2.4-6.1
libsmbldap0-debuginfo-4.2.4-6.1
libtalloc2-2.1.5-4.1
libtalloc2-debuginfo-2.1.5-4.1
libtdb1-1.3.8-4.1
libtdb1-debuginfo-1.3.8-4.1
libtevent-util0-4.2.4-6.1
libtevent-util0-debuginfo-4.2.4-6.1
libtevent0-0.9.26-4.1
libtevent0-debuginfo-0.9.26-4.1
libwbclient0-4.2.4-6.1
libwbclient0-debuginfo-4.2.4-6.1
pytalloc-2.1.5-4.1
pytalloc-debuginfo-2.1.5-4.1
samba-4.2.4-6.1
samba-client-4.2.4-6.1
samba-client-debuginfo-4.2.4-6.1
samba-debuginfo-4.2.4-6.1
samba-debugsource-4.2.4-6.1
samba-libs-4.2.4-6.1
samba-libs-debuginfo-4.2.4-6.1
samba-winbind-4.2.4-6.1
samba-winbind-debuginfo-4.2.4-6.1
talloc-debugsource-2.1.5-4.1
tdb-debugsource-1.3.8-4.1
tdb-tools-1.3.8-4.1
tdb-tools-debuginfo-1.3.8-4.1
tevent-debugsource-0.9.26-4.1
- SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
libdcerpc-binding0-32bit-4.2.4-6.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-6.1
libdcerpc0-32bit-4.2.4-6.1
libdcerpc0-debuginfo-32bit-4.2.4-6.1
libgensec0-32bit-4.2.4-6.1
libgensec0-debuginfo-32bit-4.2.4-6.1
libldb1-32bit-1.1.24-4.1
libldb1-debuginfo-32bit-1.1.24-4.1
libndr-krb5pac0-32bit-4.2.4-6.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-6.1
libndr-nbt0-32bit-4.2.4-6.1
libndr-nbt0-debuginfo-32bit-4.2.4-6.1
libndr-standard0-32bit-4.2.4-6.1
libndr-standard0-debuginfo-32bit-4.2.4-6.1
libndr0-32bit-4.2.4-6.1
libndr0-debuginfo-32bit-4.2.4-6.1
libnetapi0-32bit-4.2.4-6.1
libnetapi0-debuginfo-32bit-4.2.4-6.1
libsamba-credentials0-32bit-4.2.4-6.1
libsamba-credentials0-debuginfo-32bit-4.2.4-6.1
libsamba-hostconfig0-32bit-4.2.4-6.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-6.1
libsamba-passdb0-32bit-4.2.4-6.1
libsamba-passdb0-debuginfo-32bit-4.2.4-6.1
libsamba-util0-32bit-4.2.4-6.1
libsamba-util0-debuginfo-32bit-4.2.4-6.1
libsamdb0-32bit-4.2.4-6.1
libsamdb0-debuginfo-32bit-4.2.4-6.1
libsmbclient-raw0-32bit-4.2.4-6.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-6.1
libsmbclient0-32bit-4.2.4-6.1
libsmbclient0-debuginfo-32bit-4.2.4-6.1
libsmbconf0-32bit-4.2.4-6.1
libsmbconf0-debuginfo-32bit-4.2.4-6.1
libsmbldap0-32bit-4.2.4-6.1
libsmbldap0-debuginfo-32bit-4.2.4-6.1
libtalloc2-32bit-2.1.5-4.1
libtalloc2-debuginfo-32bit-2.1.5-4.1
libtdb1-32bit-1.3.8-4.1
libtdb1-debuginfo-32bit-1.3.8-4.1
libtevent-util0-32bit-4.2.4-6.1
libtevent-util0-debuginfo-32bit-4.2.4-6.1
libtevent0-32bit-0.9.26-4.1
libtevent0-debuginfo-32bit-0.9.26-4.1
libwbclient0-32bit-4.2.4-6.1
libwbclient0-debuginfo-32bit-4.2.4-6.1
pytalloc-32bit-2.1.5-4.1
pytalloc-debuginfo-32bit-2.1.5-4.1
samba-32bit-4.2.4-6.1
samba-client-32bit-4.2.4-6.1
samba-client-debuginfo-32bit-4.2.4-6.1
samba-debuginfo-32bit-4.2.4-6.1
samba-libs-32bit-4.2.4-6.1
samba-libs-debuginfo-32bit-4.2.4-6.1
samba-winbind-32bit-4.2.4-6.1
samba-winbind-debuginfo-32bit-4.2.4-6.1
- SUSE Linux Enterprise Server 12-SP1 (noarch):
samba-doc-4.2.4-6.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
ldb-debugsource-1.1.24-4.1
libdcerpc-binding0-32bit-4.2.4-6.1
libdcerpc-binding0-4.2.4-6.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-6.1
libdcerpc-binding0-debuginfo-4.2.4-6.1
libdcerpc0-32bit-4.2.4-6.1
libdcerpc0-4.2.4-6.1
libdcerpc0-debuginfo-32bit-4.2.4-6.1
libdcerpc0-debuginfo-4.2.4-6.1
libgensec0-32bit-4.2.4-6.1
libgensec0-4.2.4-6.1
libgensec0-debuginfo-32bit-4.2.4-6.1
libgensec0-debuginfo-4.2.4-6.1
libldb1-1.1.24-4.1
libldb1-32bit-1.1.24-4.1
libldb1-debuginfo-1.1.24-4.1
libldb1-debuginfo-32bit-1.1.24-4.1
libndr-krb5pac0-32bit-4.2.4-6.1
libndr-krb5pac0-4.2.4-6.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-6.1
libndr-krb5pac0-debuginfo-4.2.4-6.1
libndr-nbt0-32bit-4.2.4-6.1
libndr-nbt0-4.2.4-6.1
libndr-nbt0-debuginfo-32bit-4.2.4-6.1
libndr-nbt0-debuginfo-4.2.4-6.1
libndr-standard0-32bit-4.2.4-6.1
libndr-standard0-4.2.4-6.1
libndr-standard0-debuginfo-32bit-4.2.4-6.1
libndr-standard0-debuginfo-4.2.4-6.1
libndr0-32bit-4.2.4-6.1
libndr0-4.2.4-6.1
libndr0-debuginfo-32bit-4.2.4-6.1
libndr0-debuginfo-4.2.4-6.1
libnetapi0-32bit-4.2.4-6.1
libnetapi0-4.2.4-6.1
libnetapi0-debuginfo-32bit-4.2.4-6.1
libnetapi0-debuginfo-4.2.4-6.1
libregistry0-4.2.4-6.1
libregistry0-debuginfo-4.2.4-6.1
libsamba-credentials0-32bit-4.2.4-6.1
libsamba-credentials0-4.2.4-6.1
libsamba-credentials0-debuginfo-32bit-4.2.4-6.1
libsamba-credentials0-debuginfo-4.2.4-6.1
libsamba-hostconfig0-32bit-4.2.4-6.1
libsamba-hostconfig0-4.2.4-6.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-6.1
libsamba-hostconfig0-debuginfo-4.2.4-6.1
libsamba-passdb0-32bit-4.2.4-6.1
libsamba-passdb0-4.2.4-6.1
libsamba-passdb0-debuginfo-32bit-4.2.4-6.1
libsamba-passdb0-debuginfo-4.2.4-6.1
libsamba-util0-32bit-4.2.4-6.1
libsamba-util0-4.2.4-6.1
libsamba-util0-debuginfo-32bit-4.2.4-6.1
libsamba-util0-debuginfo-4.2.4-6.1
libsamdb0-32bit-4.2.4-6.1
libsamdb0-4.2.4-6.1
libsamdb0-debuginfo-32bit-4.2.4-6.1
libsamdb0-debuginfo-4.2.4-6.1
libsmbclient-raw0-32bit-4.2.4-6.1
libsmbclient-raw0-4.2.4-6.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-6.1
libsmbclient-raw0-debuginfo-4.2.4-6.1
libsmbclient0-32bit-4.2.4-6.1
libsmbclient0-4.2.4-6.1
libsmbclient0-debuginfo-32bit-4.2.4-6.1
libsmbclient0-debuginfo-4.2.4-6.1
libsmbconf0-32bit-4.2.4-6.1
libsmbconf0-4.2.4-6.1
libsmbconf0-debuginfo-32bit-4.2.4-6.1
libsmbconf0-debuginfo-4.2.4-6.1
libsmbldap0-32bit-4.2.4-6.1
libsmbldap0-4.2.4-6.1
libsmbldap0-debuginfo-32bit-4.2.4-6.1
libsmbldap0-debuginfo-4.2.4-6.1
libtalloc2-2.1.5-4.1
libtalloc2-32bit-2.1.5-4.1
libtalloc2-debuginfo-2.1.5-4.1
libtalloc2-debuginfo-32bit-2.1.5-4.1
libtdb1-1.3.8-4.1
libtdb1-32bit-1.3.8-4.1
libtdb1-debuginfo-1.3.8-4.1
libtdb1-debuginfo-32bit-1.3.8-4.1
libtevent-util0-32bit-4.2.4-6.1
libtevent-util0-4.2.4-6.1
libtevent-util0-debuginfo-32bit-4.2.4-6.1
libtevent-util0-debuginfo-4.2.4-6.1
libtevent0-0.9.26-4.1
libtevent0-32bit-0.9.26-4.1
libtevent0-debuginfo-0.9.26-4.1
libtevent0-debuginfo-32bit-0.9.26-4.1
libwbclient0-32bit-4.2.4-6.1
libwbclient0-4.2.4-6.1
libwbclient0-debuginfo-32bit-4.2.4-6.1
libwbclient0-debuginfo-4.2.4-6.1
pytalloc-2.1.5-4.1
pytalloc-32bit-2.1.5-4.1
pytalloc-debuginfo-2.1.5-4.1
pytalloc-debuginfo-32bit-2.1.5-4.1
samba-32bit-4.2.4-6.1
samba-4.2.4-6.1
samba-client-32bit-4.2.4-6.1
samba-client-4.2.4-6.1
samba-client-debuginfo-32bit-4.2.4-6.1
samba-client-debuginfo-4.2.4-6.1
samba-debuginfo-32bit-4.2.4-6.1
samba-debuginfo-4.2.4-6.1
samba-debugsource-4.2.4-6.1
samba-libs-32bit-4.2.4-6.1
samba-libs-4.2.4-6.1
samba-libs-debuginfo-32bit-4.2.4-6.1
samba-libs-debuginfo-4.2.4-6.1
samba-winbind-32bit-4.2.4-6.1
samba-winbind-4.2.4-6.1
samba-winbind-debuginfo-32bit-4.2.4-6.1
samba-winbind-debuginfo-4.2.4-6.1
talloc-debugsource-2.1.5-4.1
tdb-debugsource-1.3.8-4.1
tevent-debugsource-0.9.26-4.1
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
samba-doc-4.2.4-6.1
References:
https://www.suse.com/security/cve/CVE-2015-3223.html
https://www.suse.com/security/cve/CVE-2015-5252.html
https://www.suse.com/security/cve/CVE-2015-5296.html
https://www.suse.com/security/cve/CVE-2015-5299.html
https://www.suse.com/security/cve/CVE-2015-5330.html
https://www.suse.com/security/cve/CVE-2015-8467.html
https://bugzilla.suse.com/949022
https://bugzilla.suse.com/951660
https://bugzilla.suse.com/954658
https://bugzilla.suse.com/958581
https://bugzilla.suse.com/958582
https://bugzilla.suse.com/958583
https://bugzilla.suse.com/958584
https://bugzilla.suse.com/958585
https://bugzilla.suse.com/958586
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2304-1: important: Security update for ldb, samba, talloc, tdb, tevent
by opensuse-security@opensuse.org 18 Dec '15
by opensuse-security@opensuse.org 18 Dec '15
18 Dec '15
SUSE Security Update: Security update for ldb, samba, talloc, tdb, tevent
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2304-1
Rating: important
References: #295284 #773464 #872912 #901813 #902421 #910378
#912457 #913304 #923374 #931854 #936909 #939051
#947552 #949022 #951660 #953382 #954658 #958581
#958582 #958583 #958584 #958585 #958586
Cross-References: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296
CVE-2015-5299 CVE-2015-5330 CVE-2015-8467
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 17 fixes is
now available.
Description:
This update for ldb, samba, talloc, tdb, tevent fixes the following
security issues:
- ldb was updated to version 1.1.24.
+ Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325)
+ Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599)
+ Move ldb_(un)pack_data into ldb_module.h for testing
+ Fix installation of _ldb_text.py
+ Fix propagation of ldb errors through tdb
+ Fix bug triggered by having an empty message in database during search
- Move the ldb-cmdline library to the ldb-tools package as the packaged
binaries depend on it.
- Update the samba library distribution key file 'ldb.keyring';
(bso#945116).
Samba was updated to fix these issues:
- Malicious request can cause samba ldap server to hang, spinning using
cpu; CVE-2015-3223; (bso#11325); (bsc#958581).
- Remote read memory exploit in ldb; cve-2015-5330; (bso#11599);
(bsc#958586).
- Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bsc#958582).
- No man in the middle protection when forcing smb encryption on the
client side; CVE-2015-5296; (bso#11536); (bsc#958584).
- Currently the snapshot browsing is not secure thru windows previous
version (shadow_copy2); CVE-2015-5299; (bso#11529); (bsc#958583).
- Fix microsoft ms15-096 to prevent machine accounts from being changed
into user accounts; CVE-2015-8467; (bso#11552); (bsc#958585).
- Changing log level of two entries to from 1 to 3; (bso#9912).
- Vfs_gpfs: re-enable share modes; (bso#11243).
- Wafsamba: also build libraries with relro protection; (bso#11346).
- Ctdb: strip trailing spaces from nodes file; (bso#11365).
- S3-smbd: fix old dos client doing wildcard delete - gives a attribute
type
of zero; (bso#11452).
- Nss_wins: do not run into use after free issues when we access memory
allocated on the globals and the global being reinitialized; (bso#11563).
- Async_req: fix non-blocking connect(); (bso#11564).
- Auth: gensec: fix a memory leak; (bso#11565).
- Lib: util: make non-critical message a warning; (bso#11566).
- Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bsc#949022).
- Smbd: send smb2 oplock breaks unencrypted; (bso#11570).
- Ctdb: open the ro tracking db with perms 0600 instead of 0000;
(bso#11577).
- Manpage: correct small typo error; (bso#11584).
- S3: smbd: if ea's are turned off on a share don't allow an smb2 create
containing them; (bso#11589).
- Backport some valgrind fixes from upstream master; (bso#11597).
- S3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
- Docs: fix some typos in the idmap config section of man 5 smb.conf;
(bso#11619).
- Cleanup and enhance the pidl sub package.
- S3: smbd: fix our access-based enumeration on "hide unreadable" to match
Windows; (bso#10252).
- Smbd: fix file name buflen and padding in notify repsonse; (bso#10634).
- Kerberos: make sure we only use prompter type when available;
(bso#11038).
- S3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
(bso#11316).
- Dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327).
- Fix a deadlock in tdb; (bso#11381).
- S3: smbd: fix mkdir race condition; (bso#11486).
- Pam_winbind: fix a segfault if initialization fails; (bso#11502).
- S3: dfs: fix a crash when the dfs targets are disabled; (bso#11509).
- S3: smbd: fix opening/creating :stream files on the root share
directory; (bso#11522).
- Net: fix a crash with 'net ads keytab create'; (bso#11528).
- S3: smbd: fix a crash in unix_convert() and a null pointer bug
introduced by previous 'raw' stream fix (bso#11522); (bso#11535).
- Vfs_fruit: return value of ad_pack in vfs_fruit.c; (bso#11543).
- Vfs_commit: set the fd on open before calling smb_vfs_fstat; (bso#11547).
- Fix bug in smbstatus where the lease info is not printed; (bso#11549).
- S3:smbstatus: add stream name to share_entry_forall(); (bso#11550).
- Prevent null pointer access in samlogon fallback when security
credentials are null; (bsc#949022).
- Fix 100% cpu in winbindd when logging in with "user must change password
on next logon"; (bso#11038).
talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660).
+ Test that talloc magic differs between processes.
+ Increment minor version due to added talloc_test_get_magic.
+ Provide tests access to talloc_magic.
+ Test magic protection measures.
tdb was updated to version 1.3.8; (bsc#954658).
+ First fix deadlock in the interaction between fcntl and mutex locking;
(bso#11381)
+ Improved python3 bindings
+ Fix runtime detection for robust mutexes in the standalone build;
(bso#11326).
+ Possible fix for the build with robust mutexes on solaris 11;
(bso#11319).
+ Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock
variant of tdb_chainlock_read()
+ Do not build test binaries if it's not a standalone build
+ Fix cid 1034842 resource leak
+ Fix cid 1034841 resource leak
+ Don't let tdb_wrap_open() segfault with name==null
+ Toos: allow transactions with tdb_mutex_locking
+ Test: add tdb1-run-mutex-transaction1 test
+ Allow transactions on on tdb's with tdb_mutex_locking
+ Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid
combination
+ Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs.
+ Fix a comment
+ Fix tdb_runtime_check_for_robust_mutexes()
+ Improve wording in a comment
+ Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch
+ Tdb_wrap: make mutexes easier to use
+ Tdb_wrap: only pull in samba-debug
+ Tdb_wrap: standalone compile without includes.h
+ Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context
- Update to version 1.3.1.
+ Tools: fix a compiler warning
+ Defragment the freelist in tdb_allocate_from_freelist()
+ Add "freelist_size" sub-command to tdbtool
+ Use tdb_freelist_merge_adjacent in tdb_freelist_size()
+ Add tdb_freelist_merge_adjacent()
+ Add utility function check_merge_ptr_with_left_record()
+ Simplify tdb_free() using check_merge_with_left_record()
+ Add utility function check_merge_with_left_record()
+ Improve comments for tdb_free().
+ Factor merge_with_left_record() out of tdb_free()
+ Fix debug message in tdb_free()
+ Reduce indentation in tdb_free() for merging left
+ Increase readability of read_record_on_left()
+ Factor read_record_on_left() out of tdb_free()
+ Build: improve detection of srcdir.
tevent was updated to 0.9.26; (bsc#954658).
+ New tevent_thread_proxy api
+ Minor build fixes
+ Fix compile error in solaris ports backend.
+ Fix access after free in tevent_common_check_signal(); (bso#11308).
+ Improve pytevent bindings.
+ Testsuite fixes.
+ Improve the documentation of the tevent_add_fd() assumtions. it must
be talloc_free'ed before closing the fd! (bso##11141); (bso#11316).
+ Ignore unexpected signal events in the same way the epoll backend does.
+ Update the tevent_data.dox tutrial stuff to fix some errors, including
white space problems.
+ Use tevent_req_simple_recv_unix in a few places.
+ Remove unused exit_code in tevent_select.c
+ Remove unused exit_code in tevent_poll.c
+ Build: improve detection of srcdir
+ Lib: tevent: make tevent_sig_increment atomic.
+ Update flags in tevent pkgconfig file
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-994=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-994=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-994=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
ldb-debugsource-1.1.24-4.3.1
libdcerpc-atsvc-devel-4.1.12-18.3.1
libdcerpc-atsvc0-4.1.12-18.3.1
libdcerpc-atsvc0-debuginfo-4.1.12-18.3.1
libdcerpc-devel-4.1.12-18.3.1
libdcerpc-samr-devel-4.1.12-18.3.1
libdcerpc-samr0-4.1.12-18.3.1
libdcerpc-samr0-debuginfo-4.1.12-18.3.1
libgensec-devel-4.1.12-18.3.1
libldb-devel-1.1.24-4.3.1
libndr-devel-4.1.12-18.3.1
libndr-krb5pac-devel-4.1.12-18.3.1
libndr-nbt-devel-4.1.12-18.3.1
libndr-standard-devel-4.1.12-18.3.1
libnetapi-devel-4.1.12-18.3.1
libpdb-devel-4.1.12-18.3.1
libregistry-devel-4.1.12-18.3.1
libsamba-credentials-devel-4.1.12-18.3.1
libsamba-hostconfig-devel-4.1.12-18.3.1
libsamba-policy-devel-4.1.12-18.3.1
libsamba-policy0-4.1.12-18.3.1
libsamba-policy0-debuginfo-4.1.12-18.3.1
libsamba-util-devel-4.1.12-18.3.1
libsamdb-devel-4.1.12-18.3.1
libsmbclient-devel-4.1.12-18.3.1
libsmbclient-raw-devel-4.1.12-18.3.1
libsmbconf-devel-4.1.12-18.3.1
libsmbldap-devel-4.1.12-18.3.1
libsmbsharemodes-devel-4.1.12-18.3.1
libsmbsharemodes0-4.1.12-18.3.1
libsmbsharemodes0-debuginfo-4.1.12-18.3.1
libtalloc-devel-2.1.5-3.4.1
libtdb-devel-1.3.8-2.3.1
libtevent-devel-0.9.26-3.3.1
libtevent-util-devel-4.1.12-18.3.1
libwbclient-devel-4.1.12-18.3.1
pyldb-1.1.24-4.3.1
pyldb-debuginfo-1.1.24-4.3.1
pyldb-devel-1.1.24-4.3.1
pytalloc-devel-2.1.5-3.4.1
samba-core-devel-4.1.12-18.3.1
samba-debuginfo-4.1.12-18.3.1
samba-debugsource-4.1.12-18.3.1
samba-test-devel-4.1.12-18.3.1
talloc-debugsource-2.1.5-3.4.1
tdb-debugsource-1.3.8-2.3.1
tevent-debugsource-0.9.26-3.3.1
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
ldb-debugsource-1.1.24-4.3.1
libdcerpc-binding0-4.1.12-18.3.1
libdcerpc-binding0-debuginfo-4.1.12-18.3.1
libdcerpc0-4.1.12-18.3.1
libdcerpc0-debuginfo-4.1.12-18.3.1
libgensec0-4.1.12-18.3.1
libgensec0-debuginfo-4.1.12-18.3.1
libldb1-1.1.24-4.3.1
libldb1-debuginfo-1.1.24-4.3.1
libndr-krb5pac0-4.1.12-18.3.1
libndr-krb5pac0-debuginfo-4.1.12-18.3.1
libndr-nbt0-4.1.12-18.3.1
libndr-nbt0-debuginfo-4.1.12-18.3.1
libndr-standard0-4.1.12-18.3.1
libndr-standard0-debuginfo-4.1.12-18.3.1
libndr0-4.1.12-18.3.1
libndr0-debuginfo-4.1.12-18.3.1
libnetapi0-4.1.12-18.3.1
libnetapi0-debuginfo-4.1.12-18.3.1
libpdb0-4.1.12-18.3.1
libpdb0-debuginfo-4.1.12-18.3.1
libregistry0-4.1.12-18.3.1
libregistry0-debuginfo-4.1.12-18.3.1
libsamba-credentials0-4.1.12-18.3.1
libsamba-credentials0-debuginfo-4.1.12-18.3.1
libsamba-hostconfig0-4.1.12-18.3.1
libsamba-hostconfig0-debuginfo-4.1.12-18.3.1
libsamba-util0-4.1.12-18.3.1
libsamba-util0-debuginfo-4.1.12-18.3.1
libsamdb0-4.1.12-18.3.1
libsamdb0-debuginfo-4.1.12-18.3.1
libsmbclient-raw0-4.1.12-18.3.1
libsmbclient-raw0-debuginfo-4.1.12-18.3.1
libsmbclient0-4.1.12-18.3.1
libsmbclient0-debuginfo-4.1.12-18.3.1
libsmbconf0-4.1.12-18.3.1
libsmbconf0-debuginfo-4.1.12-18.3.1
libsmbldap0-4.1.12-18.3.1
libsmbldap0-debuginfo-4.1.12-18.3.1
libtalloc2-2.1.5-3.4.1
libtalloc2-debuginfo-2.1.5-3.4.1
libtdb1-1.3.8-2.3.1
libtdb1-debuginfo-1.3.8-2.3.1
libtevent-util0-4.1.12-18.3.1
libtevent-util0-debuginfo-4.1.12-18.3.1
libtevent0-0.9.26-3.3.1
libtevent0-debuginfo-0.9.26-3.3.1
libwbclient0-4.1.12-18.3.1
libwbclient0-debuginfo-4.1.12-18.3.1
pytalloc-2.1.5-3.4.1
pytalloc-debuginfo-2.1.5-3.4.1
samba-4.1.12-18.3.1
samba-client-4.1.12-18.3.1
samba-client-debuginfo-4.1.12-18.3.1
samba-debuginfo-4.1.12-18.3.1
samba-debugsource-4.1.12-18.3.1
samba-libs-4.1.12-18.3.1
samba-libs-debuginfo-4.1.12-18.3.1
samba-winbind-4.1.12-18.3.1
samba-winbind-debuginfo-4.1.12-18.3.1
talloc-debugsource-2.1.5-3.4.1
tdb-debugsource-1.3.8-2.3.1
tdb-tools-1.3.8-2.3.1
tdb-tools-debuginfo-1.3.8-2.3.1
tevent-debugsource-0.9.26-3.3.1
- SUSE Linux Enterprise Server 12 (s390x x86_64):
libdcerpc-binding0-32bit-4.1.12-18.3.1
libdcerpc-binding0-debuginfo-32bit-4.1.12-18.3.1
libdcerpc0-32bit-4.1.12-18.3.1
libdcerpc0-debuginfo-32bit-4.1.12-18.3.1
libgensec0-32bit-4.1.12-18.3.1
libgensec0-debuginfo-32bit-4.1.12-18.3.1
libldb1-32bit-1.1.24-4.3.1
libldb1-debuginfo-32bit-1.1.24-4.3.1
libndr-krb5pac0-32bit-4.1.12-18.3.1
libndr-krb5pac0-debuginfo-32bit-4.1.12-18.3.1
libndr-nbt0-32bit-4.1.12-18.3.1
libndr-nbt0-debuginfo-32bit-4.1.12-18.3.1
libndr-standard0-32bit-4.1.12-18.3.1
libndr-standard0-debuginfo-32bit-4.1.12-18.3.1
libndr0-32bit-4.1.12-18.3.1
libndr0-debuginfo-32bit-4.1.12-18.3.1
libnetapi0-32bit-4.1.12-18.3.1
libnetapi0-debuginfo-32bit-4.1.12-18.3.1
libpdb0-32bit-4.1.12-18.3.1
libpdb0-debuginfo-32bit-4.1.12-18.3.1
libsamba-credentials0-32bit-4.1.12-18.3.1
libsamba-credentials0-debuginfo-32bit-4.1.12-18.3.1
libsamba-hostconfig0-32bit-4.1.12-18.3.1
libsamba-hostconfig0-debuginfo-32bit-4.1.12-18.3.1
libsamba-util0-32bit-4.1.12-18.3.1
libsamba-util0-debuginfo-32bit-4.1.12-18.3.1
libsamdb0-32bit-4.1.12-18.3.1
libsamdb0-debuginfo-32bit-4.1.12-18.3.1
libsmbclient-raw0-32bit-4.1.12-18.3.1
libsmbclient-raw0-debuginfo-32bit-4.1.12-18.3.1
libsmbclient0-32bit-4.1.12-18.3.1
libsmbclient0-debuginfo-32bit-4.1.12-18.3.1
libsmbconf0-32bit-4.1.12-18.3.1
libsmbconf0-debuginfo-32bit-4.1.12-18.3.1
libsmbldap0-32bit-4.1.12-18.3.1
libsmbldap0-debuginfo-32bit-4.1.12-18.3.1
libtalloc2-32bit-2.1.5-3.4.1
libtalloc2-debuginfo-32bit-2.1.5-3.4.1
libtdb1-32bit-1.3.8-2.3.1
libtdb1-debuginfo-32bit-1.3.8-2.3.1
libtevent-util0-32bit-4.1.12-18.3.1
libtevent-util0-debuginfo-32bit-4.1.12-18.3.1
libtevent0-32bit-0.9.26-3.3.1
libtevent0-debuginfo-32bit-0.9.26-3.3.1
libwbclient0-32bit-4.1.12-18.3.1
libwbclient0-debuginfo-32bit-4.1.12-18.3.1
pytalloc-32bit-2.1.5-3.4.1
pytalloc-debuginfo-32bit-2.1.5-3.4.1
samba-32bit-4.1.12-18.3.1
samba-client-32bit-4.1.12-18.3.1
samba-client-debuginfo-32bit-4.1.12-18.3.1
samba-debuginfo-32bit-4.1.12-18.3.1
samba-libs-32bit-4.1.12-18.3.1
samba-libs-debuginfo-32bit-4.1.12-18.3.1
samba-winbind-32bit-4.1.12-18.3.1
samba-winbind-debuginfo-32bit-4.1.12-18.3.1
- SUSE Linux Enterprise Server 12 (noarch):
samba-doc-4.1.12-18.3.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
ldb-debugsource-1.1.24-4.3.1
libdcerpc-binding0-32bit-4.1.12-18.3.1
libdcerpc-binding0-4.1.12-18.3.1
libdcerpc-binding0-debuginfo-32bit-4.1.12-18.3.1
libdcerpc-binding0-debuginfo-4.1.12-18.3.1
libdcerpc0-32bit-4.1.12-18.3.1
libdcerpc0-4.1.12-18.3.1
libdcerpc0-debuginfo-32bit-4.1.12-18.3.1
libdcerpc0-debuginfo-4.1.12-18.3.1
libgensec0-32bit-4.1.12-18.3.1
libgensec0-4.1.12-18.3.1
libgensec0-debuginfo-32bit-4.1.12-18.3.1
libgensec0-debuginfo-4.1.12-18.3.1
libldb1-1.1.24-4.3.1
libldb1-32bit-1.1.24-4.3.1
libldb1-debuginfo-1.1.24-4.3.1
libldb1-debuginfo-32bit-1.1.24-4.3.1
libndr-krb5pac0-32bit-4.1.12-18.3.1
libndr-krb5pac0-4.1.12-18.3.1
libndr-krb5pac0-debuginfo-32bit-4.1.12-18.3.1
libndr-krb5pac0-debuginfo-4.1.12-18.3.1
libndr-nbt0-32bit-4.1.12-18.3.1
libndr-nbt0-4.1.12-18.3.1
libndr-nbt0-debuginfo-32bit-4.1.12-18.3.1
libndr-nbt0-debuginfo-4.1.12-18.3.1
libndr-standard0-32bit-4.1.12-18.3.1
libndr-standard0-4.1.12-18.3.1
libndr-standard0-debuginfo-32bit-4.1.12-18.3.1
libndr-standard0-debuginfo-4.1.12-18.3.1
libndr0-32bit-4.1.12-18.3.1
libndr0-4.1.12-18.3.1
libndr0-debuginfo-32bit-4.1.12-18.3.1
libndr0-debuginfo-4.1.12-18.3.1
libnetapi0-32bit-4.1.12-18.3.1
libnetapi0-4.1.12-18.3.1
libnetapi0-debuginfo-32bit-4.1.12-18.3.1
libnetapi0-debuginfo-4.1.12-18.3.1
libpdb0-32bit-4.1.12-18.3.1
libpdb0-4.1.12-18.3.1
libpdb0-debuginfo-32bit-4.1.12-18.3.1
libpdb0-debuginfo-4.1.12-18.3.1
libregistry0-4.1.12-18.3.1
libregistry0-debuginfo-4.1.12-18.3.1
libsamba-credentials0-32bit-4.1.12-18.3.1
libsamba-credentials0-4.1.12-18.3.1
libsamba-credentials0-debuginfo-32bit-4.1.12-18.3.1
libsamba-credentials0-debuginfo-4.1.12-18.3.1
libsamba-hostconfig0-32bit-4.1.12-18.3.1
libsamba-hostconfig0-4.1.12-18.3.1
libsamba-hostconfig0-debuginfo-32bit-4.1.12-18.3.1
libsamba-hostconfig0-debuginfo-4.1.12-18.3.1
libsamba-util0-32bit-4.1.12-18.3.1
libsamba-util0-4.1.12-18.3.1
libsamba-util0-debuginfo-32bit-4.1.12-18.3.1
libsamba-util0-debuginfo-4.1.12-18.3.1
libsamdb0-32bit-4.1.12-18.3.1
libsamdb0-4.1.12-18.3.1
libsamdb0-debuginfo-32bit-4.1.12-18.3.1
libsamdb0-debuginfo-4.1.12-18.3.1
libsmbclient-raw0-32bit-4.1.12-18.3.1
libsmbclient-raw0-4.1.12-18.3.1
libsmbclient-raw0-debuginfo-32bit-4.1.12-18.3.1
libsmbclient-raw0-debuginfo-4.1.12-18.3.1
libsmbclient0-32bit-4.1.12-18.3.1
libsmbclient0-4.1.12-18.3.1
libsmbclient0-debuginfo-32bit-4.1.12-18.3.1
libsmbclient0-debuginfo-4.1.12-18.3.1
libsmbconf0-32bit-4.1.12-18.3.1
libsmbconf0-4.1.12-18.3.1
libsmbconf0-debuginfo-32bit-4.1.12-18.3.1
libsmbconf0-debuginfo-4.1.12-18.3.1
libsmbldap0-32bit-4.1.12-18.3.1
libsmbldap0-4.1.12-18.3.1
libsmbldap0-debuginfo-32bit-4.1.12-18.3.1
libsmbldap0-debuginfo-4.1.12-18.3.1
libtalloc2-2.1.5-3.4.1
libtalloc2-32bit-2.1.5-3.4.1
libtalloc2-debuginfo-2.1.5-3.4.1
libtalloc2-debuginfo-32bit-2.1.5-3.4.1
libtdb1-1.3.8-2.3.1
libtdb1-32bit-1.3.8-2.3.1
libtdb1-debuginfo-1.3.8-2.3.1
libtdb1-debuginfo-32bit-1.3.8-2.3.1
libtevent-util0-32bit-4.1.12-18.3.1
libtevent-util0-4.1.12-18.3.1
libtevent-util0-debuginfo-32bit-4.1.12-18.3.1
libtevent-util0-debuginfo-4.1.12-18.3.1
libtevent0-0.9.26-3.3.1
libtevent0-32bit-0.9.26-3.3.1
libtevent0-debuginfo-0.9.26-3.3.1
libtevent0-debuginfo-32bit-0.9.26-3.3.1
libwbclient0-32bit-4.1.12-18.3.1
libwbclient0-4.1.12-18.3.1
libwbclient0-debuginfo-32bit-4.1.12-18.3.1
libwbclient0-debuginfo-4.1.12-18.3.1
pytalloc-2.1.5-3.4.1
pytalloc-32bit-2.1.5-3.4.1
pytalloc-debuginfo-2.1.5-3.4.1
pytalloc-debuginfo-32bit-2.1.5-3.4.1
samba-32bit-4.1.12-18.3.1
samba-4.1.12-18.3.1
samba-client-32bit-4.1.12-18.3.1
samba-client-4.1.12-18.3.1
samba-client-debuginfo-32bit-4.1.12-18.3.1
samba-client-debuginfo-4.1.12-18.3.1
samba-debuginfo-32bit-4.1.12-18.3.1
samba-debuginfo-4.1.12-18.3.1
samba-debugsource-4.1.12-18.3.1
samba-libs-32bit-4.1.12-18.3.1
samba-libs-4.1.12-18.3.1
samba-libs-debuginfo-32bit-4.1.12-18.3.1
samba-libs-debuginfo-4.1.12-18.3.1
samba-winbind-32bit-4.1.12-18.3.1
samba-winbind-4.1.12-18.3.1
samba-winbind-debuginfo-32bit-4.1.12-18.3.1
samba-winbind-debuginfo-4.1.12-18.3.1
talloc-debugsource-2.1.5-3.4.1
tdb-debugsource-1.3.8-2.3.1
tevent-debugsource-0.9.26-3.3.1
- SUSE Linux Enterprise Desktop 12 (noarch):
samba-doc-4.1.12-18.3.1
References:
https://www.suse.com/security/cve/CVE-2015-3223.html
https://www.suse.com/security/cve/CVE-2015-5252.html
https://www.suse.com/security/cve/CVE-2015-5296.html
https://www.suse.com/security/cve/CVE-2015-5299.html
https://www.suse.com/security/cve/CVE-2015-5330.html
https://www.suse.com/security/cve/CVE-2015-8467.html
https://bugzilla.suse.com/295284
https://bugzilla.suse.com/773464
https://bugzilla.suse.com/872912
https://bugzilla.suse.com/901813
https://bugzilla.suse.com/902421
https://bugzilla.suse.com/910378
https://bugzilla.suse.com/912457
https://bugzilla.suse.com/913304
https://bugzilla.suse.com/923374
https://bugzilla.suse.com/931854
https://bugzilla.suse.com/936909
https://bugzilla.suse.com/939051
https://bugzilla.suse.com/947552
https://bugzilla.suse.com/949022
https://bugzilla.suse.com/951660
https://bugzilla.suse.com/953382
https://bugzilla.suse.com/954658
https://bugzilla.suse.com/958581
https://bugzilla.suse.com/958582
https://bugzilla.suse.com/958583
https://bugzilla.suse.com/958584
https://bugzilla.suse.com/958585
https://bugzilla.suse.com/958586
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2292-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 17 Dec '15
by opensuse-security@opensuse.org 17 Dec '15
17 Dec '15
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2292-1
Rating: important
References: #758040 #814440 #904348 #921949 #924493 #926238
#933514 #936773 #939826 #939926 #940776 #941113
#941202 #943959 #944296 #947241 #947478 #949100
#949192 #949706 #949744 #949936 #950013 #950580
#950750 #950998 #951110 #951165 #951440 #951638
#951864 #952384 #952666 #953717 #953826 #953830
#953971 #953980 #954635 #954986 #955136 #955148
#955224 #955354 #955422 #955533 #955644 #956047
#956053 #956147 #956284 #956703 #956711 #956717
#956801 #956876 #957395 #957546 #958504 #958510
#958647
Cross-References: CVE-2015-0272 CVE-2015-2925 CVE-2015-5156
CVE-2015-7799 CVE-2015-7872 CVE-2015-7990
CVE-2015-8215
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 54 fixes is
now available.
Description:
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive
various security and bugfixes.
Following features were added:
- hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784).
Following security bugs were fixed:
- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel
did not validate attempted changes to the MTU value, which allowed
context-dependent attackers to cause a denial of service (packet loss)
via a value that is (1) smaller than the minimum compliant value or (2)
larger than the MTU of an interface, as demonstrated by a Router
Advertisement (RA) message that is not validated by a daemon, a
different vulnerability than CVE-2015-0272. (bsc#955354)
- CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in
the Linux kernel attempted to support a FRAGLIST feature without proper
memory allocation, which allowed guest OS users to cause a denial of
service (buffer overflow and memory corruption) via a crafted sequence
of fragmented packets (bnc#940776).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
the Linux kernel allowed local users to cause a denial of service (OOPS)
via crafted keyctl commands (bnc#951440).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
Linux kernel did not ensure that certain slot numbers are valid, which
allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936).
- CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
kernel did not properly handle rename actions inside a bind mount, which
allowed local users to bypass an intended container protection mechanism
by renaming a directory, related to a "double-chroot attack (bnc#926238).
- CVE-2015-7990: RDS: Verify the underlying transport exists before
creating a connection, preventing possible DoS (bsc#952384).
The following non-security bugs were fixed:
- af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986,
LTC#131684).
- alsa: hda - Disable 64bit address for Creative HDA controllers
(bnc#814440).
- alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another
task (bsc#921949).
- audit: correctly record file names with different path name types
(bsc#950013).
- audit: create private file name copies when auditing inodes (bsc#950013).
- bcache: Add btree_insert_node() (bnc#951638).
- bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
- bcache: backing device set to clean after finishing detach (bsc#951638).
- bcache: backing device set to clean after finishing detach (bsc#951638).
- bcache: Clean up keylist code (bnc#951638).
- bcache: Convert btree_insert_check_key() to btree_insert_node()
(bnc#951638).
- bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
- bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
- bcache: Explicitly track btree node's parent (bnc#951638).
- bcache: Fix a bug when detaching (bsc#951638).
- bcache: Fix a lockdep splat in an error path (bnc#951638).
- bcache: Fix a shutdown bug (bsc#951638).
- bcache: Fix more early shutdown bugs (bsc#951638).
- bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
- bcache: Insert multiple keys at a time (bnc#951638).
- bcache: kill closure locking usage (bnc#951638).
- bcache: Refactor journalling flow control (bnc#951638).
- bcache: Refactor request_write() (bnc#951638).
- bcache: Use blkdev_issue_discard() (bnc#951638).
- btrfs: Adjust commit-transaction condition to avoid NO_SPACE more
(bsc#958647).
- btrfs: Adjust commit-transaction condition to avoid NO_SPACE more
(bsc#958647).
- btrfs: cleanup: remove no-used alloc_chunk in
btrfs_check_data_free_space() (bsc#958647).
- btrfs: cleanup: remove no-used alloc_chunk in
btrfs_check_data_free_space() (bsc#958647).
- btrfs: fix condition of commit transaction (bsc#958647).
- btrfs: fix condition of commit transaction (bsc#958647).
- btrfs: fix file corruption and data loss after cloning inline extents
(bnc#956053).
- btrfs: Fix out-of-space bug (bsc#958647).
- btrfs: Fix out-of-space bug (bsc#958647).
- btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
- btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
- btrfs: fix the number of transaction units needed to remove a block
group (bsc#958647).
- btrfs: fix the number of transaction units needed to remove a block
group (bsc#958647).
- btrfs: fix truncation of compressed and inlined extents (bnc#956053).
- btrfs: Set relative data on clear btrfs_block_group_cache->pinned
(bsc#958647).
- btrfs: Set relative data on clear btrfs_block_group_cache->pinned
(bsc#958647).
- btrfs: use global reserve when deleting unused block group after ENOSPC
(bsc#958647).
- btrfs: use global reserve when deleting unused block group after ENOSPC
(bsc#958647).
- cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
- cpu: Defer smpboot kthread unparking until CPU known to scheduler
(bsc#936773).
- cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
(bsc#957395).
- cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes
(bsc#950580).
- dlm: make posix locks interruptible, (bsc#947241).
- dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744).
- dm: do not start current request if it would've merged with the previous
(bsc#904348).
- dm: impose configurable deadline for dm_request_fn's merge heuristic
(bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- drm: Allocate new master object when client becomes master (bsc#956876,
bsc#956801).
- drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).
- drm/i915: add hotplug activation period to hotplug update mask
(bsc#953980).
- drm/i915: clean up backlight conditional build (bsc#941113).
- drm/i915: debug print on backlight register (bsc#941113).
- drm/i915: do full backlight setup at enable time (bsc#941113).
- drm/i915: do not save/restore backlight registers in KMS (bsc#941113).
- drm/i915: Eliminate lots of WARNs when there's no backlight present
(bsc#941113).
- drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971).
- drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971).
- drm/i915: Fix missing backlight update during panel disablement
(bsc#941113).
- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
- drm/i915: gather backlight information at setup (bsc#941113).
- drm/i915: handle backlight through chip specific functions (bsc#941113).
- drm/i915: Ignore "digital output" and "not HDMI output" bits for eDP
detection (bsc#949192).
- drm/i915: make asle notifications update backlight on all connectors
(bsc#941113).
- drm/i915: make backlight info per-connector (bsc#941113).
- drm/i915: move backlight level setting in enable/disable to hooks
(bsc#941113).
- drm/i915: move opregion asle request handling to a work queue
(bsc#953826).
- drm/i915: nuke get max backlight functions (bsc#941113).
- drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826).
- drm/i915: restore backlight precision when converting from ACPI
(bsc#941113).
- drm/i915/tv: add ->get_config callback (bsc#953830).
- drm/i915: use backlight legacy combination mode also for i915gm/i945gm
(bsc#941113).
- drm/i915: use the initialized backlight max value instead of reading it
(bsc#941113).
- drm/i915: vlv does not have pipe field in backlight registers
(bsc#941113).
- fanotify: fix notification of groups with inode & mount marks
(bsc#955533).
- Fix remove_and_add_spares removes drive added as spare in slot_store
(bsc#956717).
- genksyms: Handle string literals with spaces in reference files
(bsc#958510).
- genksyms: Handle string literals with spaces in reference files
(bsc#958510).
- hwrng: Add a driver for the hwrng found in power7+ systems
(fate#315784). in the non-RT kernel to minimize the differences.
- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
- ipv6: distinguish frag queues by device for multicast and link-local
packets (bsc#955422).
- ixgbe: fix broken PFC with X550 (bsc#951864).
- ixgbe: use correct fcoe ddp max check (bsc#951864).
- kabi: Fix spurious kabi change in mm/util.c.
- kABI: protect struct ahci_host_priv.
- kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
- kabi: Restore kabi in struct se_cmd (bsc#954635).
- kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
- ktime: add ktime_after and ktime_before helper (bsc#904348).
- mm: factor commit limit calculation (VM Performance).
- mm: get rid of "vmalloc_info" from /proc/meminfo (VM Performance).
- mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy
a fault (Automatic NUMA Balancing (fate#315482)).
- mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).
- mm: vmscan: never isolate more pages than necessary (VM Performance).
- Move ktime_after patch to the networking section
- nfsrdma: Fix regression in NFSRDMA server (bsc#951110).
- pci: Drop "setting latency timer" messages (bsc#956047).
- pci: Update VPD size with correct length (bsc#924493).
- perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put()
call (bsc#955136).
- perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put()
call (bsc#955136).
- perf/x86/intel/uncore: Fix multi-segment problem of
perf_event_intel_uncore (bsc#955136).
- perf/x86/intel/uncore: Fix multi-segment problem of
perf_event_intel_uncore (bsc#955136).
- pm, hinernate: use put_page in release_swap_writer (bnc#943959).
- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods
(bsc#949706).
- Re-add copy_page_vector_to_user()
- ring-buffer: Always run per-cpu ring buffer resize with
schedule_work_on() (bnc#956711).
- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
- rpm/constraints.in: Require 14GB worth of disk space on POWER The builds
started to fail randomly due to ENOSPC errors.
- rpm/kernel-binary.spec.in: Always build zImage for ARM
- rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH
CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since
2.6.39 and is enabled in our configs.
- rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the
parent directory of the O= directory.
- rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags}
- rpm/kernel-binary.spec.in: Use parallel make in all invocations Also,
remove the lengthy comment, since we are using a standard rpm macro now.
- rpm/kernel-binary.spec.in: Use upstream script to support config.addon
- s390/dasd: fix disconnected device with valid path mask (bnc#954986,
LTC#132707).
- s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986,
LTC#132706).
- s390/dasd: fix list_del corruption after lcu changes (bnc#954986,
LTC#133077).
- sched: Call select_idle_sibling() when not affine_sd (Scheduler
Performance).
- sched/core: Fix task and run queue sched_info::run_delay inconsistencies
(bnc#949100).
- sched, isolcpu: make cpu_isolated_map visible outside scheduler
(bsc#957395).
- sched/numa: Check all nodes when placing a pseudo-interleaved group
(Automatic NUMA Balancing (fate#315482)).
- sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA
Balancing (fate#315482)).
- sched/numa: Only consider less busy nodes as numa balancing destinations
(Automatic NUMA Balancing (fate#315482)).
- sched: Put expensive runtime debugging checks under a separate Kconfig
entry (Scheduler performance).
- scsi: hosts: update to use ida_simple for host_no (bsc#939926)
- sunrpc/cache: make cache flushing more reliable (bsc#947478).
- sunrpc: Fix oops when trace sunrpc_task events in nfs client
(bnc#956703).
- supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are
supported in the RT kernel for a long time so we can also support them
- target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
- target: Send UA upon LUN RESET tmr completion (bsc#933514).
- target: use "se_dev_entry" when allocating UAs (bsc#933514).
- Update config files. (bnc#955644)
- Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
- usbvision fix overflow of interfaces array (bnc#950998).
- vmxnet3: adjust ring sizes when interface is down (bsc#950750).
- vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
- x86/efi: Fix invalid parameter error when getting hibernation key
(fate#316350, bsc#956284).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- x86/mm: Add parenthesis for TLB tracepoint size calculation (VM
Performance (Reduce IPIs during reclaim)).
- x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,
bnc#955148).
- x86/mm/hotplug: Pass sync_global_pgds() a correct argument in
remove_pagetable() (VM Functionality, bnc#955148).
- x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate()
(bsc#953717).
- xen: fix boot crash in EC2 settings (bsc#956147).
- xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147).
- xen: Update Xen patches to 3.12.50.
- xfs: always drain dio before extending aio write submission (bsc#949744).
- xfs: DIO needs an ioend for writes (bsc#949744).
- xfs: DIO write completion size updates race (bsc#949744).
- xfs: DIO writes within EOF do not need an ioend (bsc#949744).
- xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
- xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
- xfs: factor DIO write mapping from get_blocks (bsc#949744).
- xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
- xfs: move DIO mapping size calculation (bsc#949744).
- xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
(bnc#951165).
- xhci: Workaround to get Intel xHCI reset working more reliably
(bnc#957546).
- zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2015-985=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-985=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-985=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2015-985=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-985=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
kernel-default-debuginfo-3.12.51-60.20.2
kernel-default-debugsource-3.12.51-60.20.2
kernel-default-extra-3.12.51-60.20.2
kernel-default-extra-debuginfo-3.12.51-60.20.2
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
kernel-obs-build-3.12.51-60.20.1
kernel-obs-build-debugsource-3.12.51-60.20.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):
kernel-docs-3.12.51-60.20.2
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
kernel-default-3.12.51-60.20.2
kernel-default-base-3.12.51-60.20.2
kernel-default-base-debuginfo-3.12.51-60.20.2
kernel-default-debuginfo-3.12.51-60.20.2
kernel-default-debugsource-3.12.51-60.20.2
kernel-default-devel-3.12.51-60.20.2
kernel-syms-3.12.51-60.20.2
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
kernel-xen-3.12.51-60.20.2
kernel-xen-base-3.12.51-60.20.2
kernel-xen-base-debuginfo-3.12.51-60.20.2
kernel-xen-debuginfo-3.12.51-60.20.2
kernel-xen-debugsource-3.12.51-60.20.2
kernel-xen-devel-3.12.51-60.20.2
- SUSE Linux Enterprise Server 12-SP1 (noarch):
kernel-devel-3.12.51-60.20.2
kernel-macros-3.12.51-60.20.2
kernel-source-3.12.51-60.20.2
- SUSE Linux Enterprise Server 12-SP1 (s390x):
kernel-default-man-3.12.51-60.20.2
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.51-60.20.2
kernel-ec2-debuginfo-3.12.51-60.20.2
kernel-ec2-debugsource-3.12.51-60.20.2
kernel-ec2-devel-3.12.51-60.20.2
kernel-ec2-extra-3.12.51-60.20.2
kernel-ec2-extra-debuginfo-3.12.51-60.20.2
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_51-60_20-default-1-4.1
kgraft-patch-3_12_51-60_20-xen-1-4.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
kernel-default-3.12.51-60.20.2
kernel-default-debuginfo-3.12.51-60.20.2
kernel-default-debugsource-3.12.51-60.20.2
kernel-default-devel-3.12.51-60.20.2
kernel-default-extra-3.12.51-60.20.2
kernel-default-extra-debuginfo-3.12.51-60.20.2
kernel-syms-3.12.51-60.20.2
kernel-xen-3.12.51-60.20.2
kernel-xen-debuginfo-3.12.51-60.20.2
kernel-xen-debugsource-3.12.51-60.20.2
kernel-xen-devel-3.12.51-60.20.2
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
kernel-devel-3.12.51-60.20.2
kernel-macros-3.12.51-60.20.2
kernel-source-3.12.51-60.20.2
References:
https://www.suse.com/security/cve/CVE-2015-0272.html
https://www.suse.com/security/cve/CVE-2015-2925.html
https://www.suse.com/security/cve/CVE-2015-5156.html
https://www.suse.com/security/cve/CVE-2015-7799.html
https://www.suse.com/security/cve/CVE-2015-7872.html
https://www.suse.com/security/cve/CVE-2015-7990.html
https://www.suse.com/security/cve/CVE-2015-8215.html
https://bugzilla.suse.com/758040
https://bugzilla.suse.com/814440
https://bugzilla.suse.com/904348
https://bugzilla.suse.com/921949
https://bugzilla.suse.com/924493
https://bugzilla.suse.com/926238
https://bugzilla.suse.com/933514
https://bugzilla.suse.com/936773
https://bugzilla.suse.com/939826
https://bugzilla.suse.com/939926
https://bugzilla.suse.com/940776
https://bugzilla.suse.com/941113
https://bugzilla.suse.com/941202
https://bugzilla.suse.com/943959
https://bugzilla.suse.com/944296
https://bugzilla.suse.com/947241
https://bugzilla.suse.com/947478
https://bugzilla.suse.com/949100
https://bugzilla.suse.com/949192
https://bugzilla.suse.com/949706
https://bugzilla.suse.com/949744
https://bugzilla.suse.com/949936
https://bugzilla.suse.com/950013
https://bugzilla.suse.com/950580
https://bugzilla.suse.com/950750
https://bugzilla.suse.com/950998
https://bugzilla.suse.com/951110
https://bugzilla.suse.com/951165
https://bugzilla.suse.com/951440
https://bugzilla.suse.com/951638
https://bugzilla.suse.com/951864
https://bugzilla.suse.com/952384
https://bugzilla.suse.com/952666
https://bugzilla.suse.com/953717
https://bugzilla.suse.com/953826
https://bugzilla.suse.com/953830
https://bugzilla.suse.com/953971
https://bugzilla.suse.com/953980
https://bugzilla.suse.com/954635
https://bugzilla.suse.com/954986
https://bugzilla.suse.com/955136
https://bugzilla.suse.com/955148
https://bugzilla.suse.com/955224
https://bugzilla.suse.com/955354
https://bugzilla.suse.com/955422
https://bugzilla.suse.com/955533
https://bugzilla.suse.com/955644
https://bugzilla.suse.com/956047
https://bugzilla.suse.com/956053
https://bugzilla.suse.com/956147
https://bugzilla.suse.com/956284
https://bugzilla.suse.com/956703
https://bugzilla.suse.com/956711
https://bugzilla.suse.com/956717
https://bugzilla.suse.com/956801
https://bugzilla.suse.com/956876
https://bugzilla.suse.com/957395
https://bugzilla.suse.com/957546
https://bugzilla.suse.com/958504
https://bugzilla.suse.com/958510
https://bugzilla.suse.com/958647
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2015:2291-1: important: Security update for Chromium
by opensuse-security@opensuse.org 17 Dec '15
by opensuse-security@opensuse.org 17 Dec '15
17 Dec '15
openSUSE Security Update: Security update for Chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:2291-1
Rating: important
References: #957519 #958481
Cross-References: CVE-2015-6764 CVE-2015-6765 CVE-2015-6766
CVE-2015-6767 CVE-2015-6768 CVE-2015-6769
CVE-2015-6770 CVE-2015-6771 CVE-2015-6772
CVE-2015-6773 CVE-2015-6774 CVE-2015-6775
CVE-2015-6776 CVE-2015-6777 CVE-2015-6778
CVE-2015-6779 CVE-2015-6780 CVE-2015-6781
CVE-2015-6782 CVE-2015-6783 CVE-2015-6784
CVE-2015-6785 CVE-2015-6786 CVE-2015-6787
CVE-2015-6788 CVE-2015-6789 CVE-2015-6790
CVE-2015-6791
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
Chromium was updated to 47.0.2526.80 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-6788: Type confusion in extensions
* CVE-2015-6789: Use-after-free in Blink
* CVE-2015-6790: Escaping issue in saved pages
* CVE-2015-6791: Various fixes from internal audits, fuzzing and other
initiatives
The following vulnerabilities were fixed in 47.0.2526.73:
* CVE-2015-6765: Use-after-free in AppCache
* CVE-2015-6766: Use-after-free in AppCache
* CVE-2015-6767: Use-after-free in AppCache
* CVE-2015-6768: Cross-origin bypass in DOM
* CVE-2015-6769: Cross-origin bypass in core
* CVE-2015-6770: Cross-origin bypass in DOM
* CVE-2015-6771: Out of bounds access in v8
* CVE-2015-6772: Cross-origin bypass in DOM
* CVE-2015-6764: Out of bounds access in v8
* CVE-2015-6773: Out of bounds access in Skia
* CVE-2015-6774: Use-after-free in Extensions
* CVE-2015-6775: Type confusion in PDFium
* CVE-2015-6776: Out of bounds access in PDFium
* CVE-2015-6777: Use-after-free in DOM
* CVE-2015-6778: Out of bounds access in PDFium
* CVE-2015-6779: Scheme bypass in PDFium
* CVE-2015-6780: Use-after-free in Infobars
* CVE-2015-6781: Integer overflow in Sfntly
* CVE-2015-6782: Content spoofing in Omnibox
* CVE-2015-6783: Signature validation issue in Android Crazy Linker.
* CVE-2015-6784: Escaping issue in saved pages
* CVE-2015-6785: Wildcard matching issue in CSP
* CVE-2015-6786: Scheme bypass in CSP
* CVE-2015-6787: Various fixes from internal audits, fuzzing and other
initiatives.
* Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2015-912=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
chromedriver-47.0.2526.80-35.1
chromedriver-debuginfo-47.0.2526.80-35.1
chromium-47.0.2526.80-35.1
chromium-debuginfo-47.0.2526.80-35.1
chromium-debugsource-47.0.2526.80-35.1
chromium-desktop-gnome-47.0.2526.80-35.1
chromium-desktop-kde-47.0.2526.80-35.1
chromium-ffmpegsumo-47.0.2526.80-35.1
chromium-ffmpegsumo-debuginfo-47.0.2526.80-35.1
imlib2-1.4.5-2.1
imlib2-debuginfo-1.4.5-2.1
imlib2-debugsource-1.4.5-2.1
imlib2-devel-1.4.5-2.1
imlib2-filters-1.4.5-2.1
imlib2-filters-debuginfo-1.4.5-2.1
imlib2-loaders-1.4.5-2.1
imlib2-loaders-debuginfo-1.4.5-2.1
libImlib2-1-1.4.5-2.1
libImlib2-1-debuginfo-1.4.5-2.1
References:
https://www.suse.com/security/cve/CVE-2015-6764.html
https://www.suse.com/security/cve/CVE-2015-6765.html
https://www.suse.com/security/cve/CVE-2015-6766.html
https://www.suse.com/security/cve/CVE-2015-6767.html
https://www.suse.com/security/cve/CVE-2015-6768.html
https://www.suse.com/security/cve/CVE-2015-6769.html
https://www.suse.com/security/cve/CVE-2015-6770.html
https://www.suse.com/security/cve/CVE-2015-6771.html
https://www.suse.com/security/cve/CVE-2015-6772.html
https://www.suse.com/security/cve/CVE-2015-6773.html
https://www.suse.com/security/cve/CVE-2015-6774.html
https://www.suse.com/security/cve/CVE-2015-6775.html
https://www.suse.com/security/cve/CVE-2015-6776.html
https://www.suse.com/security/cve/CVE-2015-6777.html
https://www.suse.com/security/cve/CVE-2015-6778.html
https://www.suse.com/security/cve/CVE-2015-6779.html
https://www.suse.com/security/cve/CVE-2015-6780.html
https://www.suse.com/security/cve/CVE-2015-6781.html
https://www.suse.com/security/cve/CVE-2015-6782.html
https://www.suse.com/security/cve/CVE-2015-6783.html
https://www.suse.com/security/cve/CVE-2015-6784.html
https://www.suse.com/security/cve/CVE-2015-6785.html
https://www.suse.com/security/cve/CVE-2015-6786.html
https://www.suse.com/security/cve/CVE-2015-6787.html
https://www.suse.com/security/cve/CVE-2015-6788.html
https://www.suse.com/security/cve/CVE-2015-6789.html
https://www.suse.com/security/cve/CVE-2015-6790.html
https://www.suse.com/security/cve/CVE-2015-6791.html
https://bugzilla.suse.com/957519
https://bugzilla.suse.com/958481
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2015:2290-1: important: Security update for Chromium
by opensuse-security@opensuse.org 17 Dec '15
by opensuse-security@opensuse.org 17 Dec '15
17 Dec '15
openSUSE Security Update: Security update for Chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:2290-1
Rating: important
References: #957519 #958481
Cross-References: CVE-2015-6764 CVE-2015-6765 CVE-2015-6766
CVE-2015-6767 CVE-2015-6768 CVE-2015-6769
CVE-2015-6770 CVE-2015-6771 CVE-2015-6772
CVE-2015-6773 CVE-2015-6774 CVE-2015-6775
CVE-2015-6776 CVE-2015-6777 CVE-2015-6778
CVE-2015-6779 CVE-2015-6780 CVE-2015-6781
CVE-2015-6782 CVE-2015-6783 CVE-2015-6784
CVE-2015-6785 CVE-2015-6786 CVE-2015-6787
CVE-2015-6788 CVE-2015-6789 CVE-2015-6790
CVE-2015-6791
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
Chromium was updated to 47.0.2526.80 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-6788: Type confusion in extensions
* CVE-2015-6789: Use-after-free in Blink
* CVE-2015-6790: Escaping issue in saved pages
* CVE-2015-6791: Various fixes from internal audits, fuzzing and other
initiatives
The following vulnerabilities were fixed in 47.0.2526.73:
* CVE-2015-6765: Use-after-free in AppCache
* CVE-2015-6766: Use-after-free in AppCache
* CVE-2015-6767: Use-after-free in AppCache
* CVE-2015-6768: Cross-origin bypass in DOM
* CVE-2015-6769: Cross-origin bypass in core
* CVE-2015-6770: Cross-origin bypass in DOM
* CVE-2015-6771: Out of bounds access in v8
* CVE-2015-6772: Cross-origin bypass in DOM
* CVE-2015-6764: Out of bounds access in v8
* CVE-2015-6773: Out of bounds access in Skia
* CVE-2015-6774: Use-after-free in Extensions
* CVE-2015-6775: Type confusion in PDFium
* CVE-2015-6776: Out of bounds access in PDFium
* CVE-2015-6777: Use-after-free in DOM
* CVE-2015-6778: Out of bounds access in PDFium
* CVE-2015-6779: Scheme bypass in PDFium
* CVE-2015-6780: Use-after-free in Infobars
* CVE-2015-6781: Integer overflow in Sfntly
* CVE-2015-6782: Content spoofing in Omnibox
* CVE-2015-6783: Signature validation issue in Android Crazy Linker.
* CVE-2015-6784: Escaping issue in saved pages
* CVE-2015-6785: Wildcard matching issue in CSP
* CVE-2015-6786: Scheme bypass in CSP
* CVE-2015-6787: Various fixes from internal audits, fuzzing and other
initiatives.
* Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2015-912=1
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-912=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-912=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i586 x86_64):
chromedriver-47.0.2526.80-7.1
chromedriver-debuginfo-47.0.2526.80-7.1
chromium-47.0.2526.80-7.1
chromium-debuginfo-47.0.2526.80-7.1
chromium-debugsource-47.0.2526.80-7.1
chromium-desktop-gnome-47.0.2526.80-7.1
chromium-desktop-kde-47.0.2526.80-7.1
chromium-ffmpegsumo-47.0.2526.80-7.1
chromium-ffmpegsumo-debuginfo-47.0.2526.80-7.1
- openSUSE 13.2 (i586 x86_64):
chromedriver-47.0.2526.80-61.1
chromedriver-debuginfo-47.0.2526.80-61.1
chromium-47.0.2526.80-61.1
chromium-debuginfo-47.0.2526.80-61.1
chromium-debugsource-47.0.2526.80-61.1
chromium-desktop-gnome-47.0.2526.80-61.1
chromium-desktop-kde-47.0.2526.80-61.1
chromium-ffmpegsumo-47.0.2526.80-61.1
chromium-ffmpegsumo-debuginfo-47.0.2526.80-61.1
- openSUSE 13.1 (i586 x86_64):
chromedriver-47.0.2526.80-116.1
chromedriver-debuginfo-47.0.2526.80-116.1
chromium-47.0.2526.80-116.1
chromium-debuginfo-47.0.2526.80-116.1
chromium-debugsource-47.0.2526.80-116.1
chromium-desktop-gnome-47.0.2526.80-116.1
chromium-desktop-kde-47.0.2526.80-116.1
chromium-ffmpegsumo-47.0.2526.80-116.1
chromium-ffmpegsumo-debuginfo-47.0.2526.80-116.1
References:
https://www.suse.com/security/cve/CVE-2015-6764.html
https://www.suse.com/security/cve/CVE-2015-6765.html
https://www.suse.com/security/cve/CVE-2015-6766.html
https://www.suse.com/security/cve/CVE-2015-6767.html
https://www.suse.com/security/cve/CVE-2015-6768.html
https://www.suse.com/security/cve/CVE-2015-6769.html
https://www.suse.com/security/cve/CVE-2015-6770.html
https://www.suse.com/security/cve/CVE-2015-6771.html
https://www.suse.com/security/cve/CVE-2015-6772.html
https://www.suse.com/security/cve/CVE-2015-6773.html
https://www.suse.com/security/cve/CVE-2015-6774.html
https://www.suse.com/security/cve/CVE-2015-6775.html
https://www.suse.com/security/cve/CVE-2015-6776.html
https://www.suse.com/security/cve/CVE-2015-6777.html
https://www.suse.com/security/cve/CVE-2015-6778.html
https://www.suse.com/security/cve/CVE-2015-6779.html
https://www.suse.com/security/cve/CVE-2015-6780.html
https://www.suse.com/security/cve/CVE-2015-6781.html
https://www.suse.com/security/cve/CVE-2015-6782.html
https://www.suse.com/security/cve/CVE-2015-6783.html
https://www.suse.com/security/cve/CVE-2015-6784.html
https://www.suse.com/security/cve/CVE-2015-6785.html
https://www.suse.com/security/cve/CVE-2015-6786.html
https://www.suse.com/security/cve/CVE-2015-6787.html
https://www.suse.com/security/cve/CVE-2015-6788.html
https://www.suse.com/security/cve/CVE-2015-6789.html
https://www.suse.com/security/cve/CVE-2015-6790.html
https://www.suse.com/security/cve/CVE-2015-6791.html
https://bugzilla.suse.com/957519
https://bugzilla.suse.com/958481
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2168-2: important: Security update for java-1_7_1-ibm
by opensuse-security@opensuse.org 14 Dec '15
by opensuse-security@opensuse.org 14 Dec '15
14 Dec '15
SUSE Security Update: Security update for java-1_7_1-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2168-2
Rating: important
References: #941939 #955131
Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459
CVE-2015-0469 CVE-2015-0477 CVE-2015-0478
CVE-2015-0480 CVE-2015-0488 CVE-2015-0491
CVE-2015-4734 CVE-2015-4803 CVE-2015-4805
CVE-2015-4806 CVE-2015-4810 CVE-2015-4835
CVE-2015-4840 CVE-2015-4842 CVE-2015-4843
CVE-2015-4844 CVE-2015-4860 CVE-2015-4871
CVE-2015-4872 CVE-2015-4882 CVE-2015-4883
CVE-2015-4893 CVE-2015-4902 CVE-2015-4903
CVE-2015-4911 CVE-2015-5006
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
______________________________________________________________________________
An update that fixes 29 vulnerabilities is now available.
Description:
The java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several
security and non security issues:
- bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803
CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840
CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871
CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902
CVE-2015-4903 CVE-2015-4911 CVE-2015-5006
- Add backcompat symlinks for sdkdir
- bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in
_jvmprivdir
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-920=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-920=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
java-1_7_1-ibm-devel-1.7.1_sr3.20-18.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
java-1_7_1-ibm-1.7.1_sr3.20-18.1
java-1_7_1-ibm-jdbc-1.7.1_sr3.20-18.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr3.20-18.1
java-1_7_1-ibm-plugin-1.7.1_sr3.20-18.1
References:
https://www.suse.com/security/cve/CVE-2015-0204.html
https://www.suse.com/security/cve/CVE-2015-0458.html
https://www.suse.com/security/cve/CVE-2015-0459.html
https://www.suse.com/security/cve/CVE-2015-0469.html
https://www.suse.com/security/cve/CVE-2015-0477.html
https://www.suse.com/security/cve/CVE-2015-0478.html
https://www.suse.com/security/cve/CVE-2015-0480.html
https://www.suse.com/security/cve/CVE-2015-0488.html
https://www.suse.com/security/cve/CVE-2015-0491.html
https://www.suse.com/security/cve/CVE-2015-4734.html
https://www.suse.com/security/cve/CVE-2015-4803.html
https://www.suse.com/security/cve/CVE-2015-4805.html
https://www.suse.com/security/cve/CVE-2015-4806.html
https://www.suse.com/security/cve/CVE-2015-4810.html
https://www.suse.com/security/cve/CVE-2015-4835.html
https://www.suse.com/security/cve/CVE-2015-4840.html
https://www.suse.com/security/cve/CVE-2015-4842.html
https://www.suse.com/security/cve/CVE-2015-4843.html
https://www.suse.com/security/cve/CVE-2015-4844.html
https://www.suse.com/security/cve/CVE-2015-4860.html
https://www.suse.com/security/cve/CVE-2015-4871.html
https://www.suse.com/security/cve/CVE-2015-4872.html
https://www.suse.com/security/cve/CVE-2015-4882.html
https://www.suse.com/security/cve/CVE-2015-4883.html
https://www.suse.com/security/cve/CVE-2015-4893.html
https://www.suse.com/security/cve/CVE-2015-4902.html
https://www.suse.com/security/cve/CVE-2015-4903.html
https://www.suse.com/security/cve/CVE-2015-4911.html
https://www.suse.com/security/cve/CVE-2015-5006.html
https://bugzilla.suse.com/941939
https://bugzilla.suse.com/955131
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2015:2268-1: important: Security update for java-1_8_0-ibm
by opensuse-security@opensuse.org 14 Dec '15
by opensuse-security@opensuse.org 14 Dec '15
14 Dec '15
SUSE Security Update: Security update for java-1_8_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2268-1
Rating: important
References: #941939 #955131
Cross-References: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805
CVE-2015-4806 CVE-2015-4810 CVE-2015-4835
CVE-2015-4840 CVE-2015-4842 CVE-2015-4843
CVE-2015-4844 CVE-2015-4860 CVE-2015-4871
CVE-2015-4872 CVE-2015-4882 CVE-2015-4883
CVE-2015-4893 CVE-2015-4902 CVE-2015-4903
CVE-2015-4911 CVE-2015-5006
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
______________________________________________________________________________
An update that fixes 20 vulnerabilities is now available.
Description:
This update for java-1_8_0-ibm fixes the following issues:
- Version update to 8.0-2.0 (bsc#955131): CVE-2015-4734 CVE-2015-4803
CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840
CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871
CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902
CVE-2015-4903 CVE-2015-4911 CVE-2015-5006
- Add backcompat symlinks for sdkdir.
- Provide %{name} instead of %{sdklnk} only in _jvmprivdir. (bsc#941939)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-965=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-965=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
java-1_8_0-ibm-devel-1.8.0_sr2.0-4.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
java-1_8_0-ibm-1.8.0_sr2.0-4.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
java-1_8_0-ibm-alsa-1.8.0_sr2.0-4.1
java-1_8_0-ibm-plugin-1.8.0_sr2.0-4.1
References:
https://www.suse.com/security/cve/CVE-2015-4734.html
https://www.suse.com/security/cve/CVE-2015-4803.html
https://www.suse.com/security/cve/CVE-2015-4805.html
https://www.suse.com/security/cve/CVE-2015-4806.html
https://www.suse.com/security/cve/CVE-2015-4810.html
https://www.suse.com/security/cve/CVE-2015-4835.html
https://www.suse.com/security/cve/CVE-2015-4840.html
https://www.suse.com/security/cve/CVE-2015-4842.html
https://www.suse.com/security/cve/CVE-2015-4843.html
https://www.suse.com/security/cve/CVE-2015-4844.html
https://www.suse.com/security/cve/CVE-2015-4860.html
https://www.suse.com/security/cve/CVE-2015-4871.html
https://www.suse.com/security/cve/CVE-2015-4872.html
https://www.suse.com/security/cve/CVE-2015-4882.html
https://www.suse.com/security/cve/CVE-2015-4883.html
https://www.suse.com/security/cve/CVE-2015-4893.html
https://www.suse.com/security/cve/CVE-2015-4902.html
https://www.suse.com/security/cve/CVE-2015-4903.html
https://www.suse.com/security/cve/CVE-2015-4911.html
https://www.suse.com/security/cve/CVE-2015-5006.html
https://bugzilla.suse.com/941939
https://bugzilla.suse.com/955131
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0