openSUSE Updates October 2017

updates@lists.opensuse.org

2 participants
123 discussions

openSUSE-RU-2017:2906-1: moderate: Recommended update for chromium
by maintenance＠opensuse.org 30 Oct '17

30 Oct '17

openSUSE Recommended Update: Recommended update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:2906-1 Rating: moderate References: #1064298 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chromium fixes the following issues: - Chromium sandbox may crash with a black screen, Chrome apps failed (boo#1064298) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1225=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1225=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): chromedriver-62.0.3202.75-121.1 chromedriver-debuginfo-62.0.3202.75-121.1 chromium-62.0.3202.75-121.1 chromium-debuginfo-62.0.3202.75-121.1 chromium-debugsource-62.0.3202.75-121.1 - openSUSE Leap 42.2 (x86_64): chromedriver-62.0.3202.75-104.35.1 chromedriver-debuginfo-62.0.3202.75-104.35.1 chromium-62.0.3202.75-104.35.1 chromium-debuginfo-62.0.3202.75-104.35.1 chromium-debugsource-62.0.3202.75-104.35.1 References: https://bugzilla.suse.com/1064298

1 0

openSUSE-SU-2017:2905-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 29 Oct '17

29 Oct '17

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2905-1 Rating: important References: #1012382 #1020645 #1022595 #1022600 #1025461 #1028971 #1034048 #1055567 #1056427 #1059863 #1060985 #1061451 #1062520 #1062962 #1063460 #1063475 #1063501 #1063509 #1063520 #1063667 #1063695 #1064206 #1064388 #964944 #966170 #966172 #966186 #966191 #966316 #966318 #969474 #969475 #969476 #969477 #971975 Cross-References: CVE-2017-13080 CVE-2017-15265 CVE-2017-15649 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 32 fixes is now available. Description: The openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - audit: log 32-bit socketcalls (bnc#1012382). - blacklist 0e7736c6b806 powerpc/powernv: Fix data type for @r in pnv_ioda_parse_m64_window() - blacklist.conf: not fitting cleanup patch - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - bridge: netlink: register netdevice before executing changelink (bnc#1012382). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - driver core: platform: Do not read past the end of "driver_override" buffer (bnc#1012382). - drivers: firmware: psci: drop duplicate const from psci_of_match (bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - ext4: do not allow encrypted operations without keys (bnc#1012382). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - fix whitespace according to upstream commit - fs/epoll: cache leftmost node (bsc#1056427). - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hpsa: correct lun data caching bitmap definition (bsc#1028971). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382). - ib/ipoib: Replace list_del of the neigh->list with list_del_init (bnc#1012382). - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - libata: transport: Remove circular dependency at free time (bnc#1012382). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max (bnc#1012382). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (bnc#1012382). - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - rds: ib: add error handle (bnc#1012382). - rds: RDMA: Fix the composite message user notification (bnc#1012382). - README.BRANCH: Add Michal and Johannes as co-maintainers. - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971). - scsi: hpsa: bump driver version (bsc#1022600 fate#321928). - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Check for null device pointers (bsc#1028971). - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971). - scsi: hpsa: Check for vpd support before sending (bsc#1028971). - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928). - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971). - scsi: hpsa: correct logical resets (bsc#1028971). - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928). - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928). - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971). - scsi: hpsa: Determine device external status earlier (bsc#1028971). - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600 fate#321928). - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928). - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971). - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971). - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928). - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971). - scsi: hpsa: remove memory allocate failure message (bsc#1028971). - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971). - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928). - scsi: hpsa: send ioaccel requests with 0 length down raid path (bsc#1022600 fate#321928). - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600 fate#321928). - scsi: hpsa: update check for logical volume status (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update identify physical device structure (bsc#1022600 fate#321928). - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update reset handler (bsc#1022600 fate#321928). - scsi: hpsa: use designated initializers (bsc#1028971). - scsi: hpsa: use %phN for short hex dumps (bsc#1028971). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch is originally part of a larger series which can't be easily backported to SLE-12. For a reasoning why we think it's safe to apply, see bsc#1060985, comment 20. - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: mark hid-multitouch as supported (FATE#323670) - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048). - ttpci: address stringop overflow warning (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1224=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): kernel-devel-4.4.92-18.36.1 kernel-docs-4.4.92-18.36.2 kernel-docs-html-4.4.92-18.36.2 kernel-docs-pdf-4.4.92-18.36.2 kernel-macros-4.4.92-18.36.1 kernel-source-4.4.92-18.36.1 kernel-source-vanilla-4.4.92-18.36.1 - openSUSE Leap 42.2 (x86_64): kernel-debug-4.4.92-18.36.1 kernel-debug-base-4.4.92-18.36.1 kernel-debug-base-debuginfo-4.4.92-18.36.1 kernel-debug-debuginfo-4.4.92-18.36.1 kernel-debug-debugsource-4.4.92-18.36.1 kernel-debug-devel-4.4.92-18.36.1 kernel-debug-devel-debuginfo-4.4.92-18.36.1 kernel-default-4.4.92-18.36.1 kernel-default-base-4.4.92-18.36.1 kernel-default-base-debuginfo-4.4.92-18.36.1 kernel-default-debuginfo-4.4.92-18.36.1 kernel-default-debugsource-4.4.92-18.36.1 kernel-default-devel-4.4.92-18.36.1 kernel-obs-build-4.4.92-18.36.1 kernel-obs-build-debugsource-4.4.92-18.36.1 kernel-obs-qa-4.4.92-18.36.1 kernel-syms-4.4.92-18.36.1 kernel-vanilla-4.4.92-18.36.1 kernel-vanilla-base-4.4.92-18.36.1 kernel-vanilla-base-debuginfo-4.4.92-18.36.1 kernel-vanilla-debuginfo-4.4.92-18.36.1 kernel-vanilla-debugsource-4.4.92-18.36.1 kernel-vanilla-devel-4.4.92-18.36.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022600 https://bugzilla.suse.com/1025461 https://bugzilla.suse.com/1028971 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1055567 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1059863 https://bugzilla.suse.com/1060985 https://bugzilla.suse.com/1061451 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1062962 https://bugzilla.suse.com/1063460 https://bugzilla.suse.com/1063475 https://bugzilla.suse.com/1063501 https://bugzilla.suse.com/1063509 https://bugzilla.suse.com/1063520 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1063695 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/969474 https://bugzilla.suse.com/969475 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/971975

1 0

openSUSE-RU-2017:2904-1: moderate: Recommended update for pcre
by maintenance＠opensuse.org 28 Oct '17

28 Oct '17

openSUSE Recommended Update: Recommended update for pcre ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:2904-1 Rating: moderate References: #1058722 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pcre fixes the following issues: - Fixed the pcre stack frame size detection because modern compilers break it due to cloning and inlining pcre match() function (bsc#1058722) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1222=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1222=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libpcre1-8.39-11.1 libpcre1-debuginfo-8.39-11.1 libpcre16-0-8.39-11.1 libpcre16-0-debuginfo-8.39-11.1 libpcrecpp0-8.39-11.1 libpcrecpp0-debuginfo-8.39-11.1 libpcreposix0-8.39-11.1 libpcreposix0-debuginfo-8.39-11.1 pcre-debugsource-8.39-11.1 pcre-devel-8.39-11.1 pcre-devel-static-8.39-11.1 pcre-tools-8.39-11.1 pcre-tools-debuginfo-8.39-11.1 - openSUSE Leap 42.3 (noarch): pcre-doc-8.39-11.1 - openSUSE Leap 42.3 (x86_64): libpcre1-32bit-8.39-11.1 libpcre1-debuginfo-32bit-8.39-11.1 libpcre16-0-32bit-8.39-11.1 libpcre16-0-debuginfo-32bit-8.39-11.1 libpcrecpp0-32bit-8.39-11.1 libpcrecpp0-debuginfo-32bit-8.39-11.1 libpcreposix0-32bit-8.39-11.1 libpcreposix0-debuginfo-32bit-8.39-11.1 - openSUSE Leap 42.2 (i586 x86_64): libpcre1-8.39-8.3.1 libpcre1-debuginfo-8.39-8.3.1 libpcre16-0-8.39-8.3.1 libpcre16-0-debuginfo-8.39-8.3.1 libpcrecpp0-8.39-8.3.1 libpcrecpp0-debuginfo-8.39-8.3.1 libpcreposix0-8.39-8.3.1 libpcreposix0-debuginfo-8.39-8.3.1 pcre-debugsource-8.39-8.3.1 pcre-devel-8.39-8.3.1 pcre-devel-static-8.39-8.3.1 pcre-tools-8.39-8.3.1 pcre-tools-debuginfo-8.39-8.3.1 - openSUSE Leap 42.2 (noarch): pcre-doc-8.39-8.3.1 - openSUSE Leap 42.2 (x86_64): libpcre1-32bit-8.39-8.3.1 libpcre1-debuginfo-32bit-8.39-8.3.1 libpcre16-0-32bit-8.39-8.3.1 libpcre16-0-debuginfo-32bit-8.39-8.3.1 libpcrecpp0-32bit-8.39-8.3.1 libpcrecpp0-debuginfo-32bit-8.39-8.3.1 libpcreposix0-32bit-8.39-8.3.1 libpcreposix0-debuginfo-32bit-8.39-8.3.1 References: https://bugzilla.suse.com/1058722

1 0

openSUSE-RU-2017:2903-1: moderate: Recommended update for permissions
by maintenance＠opensuse.org 28 Oct '17

28 Oct '17

openSUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:2903-1 Rating: moderate References: #1028304 #1048645 #1060738 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for permissions fixes the following issues: - Allows users to install the HPC "singularity" toolkit for managing singularity containers in setuid root mode. (bsc#1028304) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1220=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1220=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): permissions-2015.09.28.1626-16.1 permissions-debuginfo-2015.09.28.1626-16.1 permissions-debugsource-2015.09.28.1626-16.1 - openSUSE Leap 42.2 (i586 x86_64): permissions-2015.09.28.1626-13.3.1 permissions-debuginfo-2015.09.28.1626-13.3.1 permissions-debugsource-2015.09.28.1626-13.3.1 References: https://bugzilla.suse.com/1028304 https://bugzilla.suse.com/1048645 https://bugzilla.suse.com/1060738

1 0

openSUSE-SU-2017:2902-1: important: Security update for chromium
by opensuse-security＠opensuse.org 28 Oct '17

28 Oct '17

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2902-1 Rating: important References: #1064066 #1065405 Cross-References: CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5130 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: Null pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1221=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1221=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): chromedriver-62.0.3202.75-118.1 chromedriver-debuginfo-62.0.3202.75-118.1 chromium-62.0.3202.75-118.1 chromium-debuginfo-62.0.3202.75-118.1 chromium-debugsource-62.0.3202.75-118.1 - openSUSE Leap 42.2 (x86_64): chromedriver-62.0.3202.75-104.32.1 chromedriver-debuginfo-62.0.3202.75-104.32.1 chromium-62.0.3202.75-104.32.1 chromium-debuginfo-62.0.3202.75-104.32.1 chromium-debugsource-62.0.3202.75-104.32.1 References: https://www.suse.com/security/cve/CVE-2017-15386.html https://www.suse.com/security/cve/CVE-2017-15387.html https://www.suse.com/security/cve/CVE-2017-15388.html https://www.suse.com/security/cve/CVE-2017-15389.html https://www.suse.com/security/cve/CVE-2017-15390.html https://www.suse.com/security/cve/CVE-2017-15391.html https://www.suse.com/security/cve/CVE-2017-15392.html https://www.suse.com/security/cve/CVE-2017-15393.html https://www.suse.com/security/cve/CVE-2017-15394.html https://www.suse.com/security/cve/CVE-2017-15395.html https://www.suse.com/security/cve/CVE-2017-15396.html https://www.suse.com/security/cve/CVE-2017-5124.html https://www.suse.com/security/cve/CVE-2017-5125.html https://www.suse.com/security/cve/CVE-2017-5126.html https://www.suse.com/security/cve/CVE-2017-5127.html https://www.suse.com/security/cve/CVE-2017-5128.html https://www.suse.com/security/cve/CVE-2017-5129.html https://www.suse.com/security/cve/CVE-2017-5130.html https://www.suse.com/security/cve/CVE-2017-5131.html https://www.suse.com/security/cve/CVE-2017-5132.html https://www.suse.com/security/cve/CVE-2017-5133.html https://bugzilla.suse.com/1064066 https://bugzilla.suse.com/1065405

1 0

openSUSE-SU-2017:2901-1: moderate: Security update for gcc48
by opensuse-security＠opensuse.org 28 Oct '17

28 Oct '17

openSUSE Security Update: Security update for gcc48 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2901-1 Rating: moderate References: #1011348 #1022062 #1028744 #1039513 #1044016 #1050947 #988274 Cross-References: CVE-2017-11671 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Fix libffi issue for armv7l. [bsc#988274] - Properly diagnose missing -fsanitize=address support on ppc64le. [bnc#1028744] - Backport patch for PR65612. [bnc#1022062] - Fixed DR#1288. [bnc#1011348] This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1223=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1223=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): cpp48-4.8.5-26.2 cpp48-debuginfo-4.8.5-26.2 gcc48-4.8.5-26.2 gcc48-ada-4.8.5-26.2 gcc48-ada-debuginfo-4.8.5-26.2 gcc48-c++-4.8.5-26.2 gcc48-c++-debuginfo-4.8.5-26.2 gcc48-debuginfo-4.8.5-26.2 gcc48-debugsource-4.8.5-26.2 gcc48-fortran-4.8.5-26.2 gcc48-fortran-debuginfo-4.8.5-26.2 gcc48-gij-4.8.5-26.2 gcc48-gij-debuginfo-4.8.5-26.2 gcc48-java-4.8.5-26.2 gcc48-java-debuginfo-4.8.5-26.2 gcc48-locale-4.8.5-26.2 gcc48-obj-c++-4.8.5-26.2 gcc48-obj-c++-debuginfo-4.8.5-26.2 gcc48-objc-4.8.5-26.2 gcc48-objc-debuginfo-4.8.5-26.2 gcc48-testresults-4.8.5-26.4 libada48-4.8.5-26.2 libada48-debuginfo-4.8.5-26.2 libasan0-4.8.5-26.2 libasan0-debuginfo-4.8.5-26.2 libffi4-gcc48-4.8.5-26.1 libffi4-gcc48-debuginfo-4.8.5-26.1 libffi48-debugsource-4.8.5-26.1 libffi48-devel-4.8.5-26.1 libgcj48-4.8.5-26.2 libgcj48-debuginfo-4.8.5-26.2 libgcj48-debugsource-4.8.5-26.2 libgcj48-devel-4.8.5-26.2 libgcj48-devel-debuginfo-4.8.5-26.2 libgcj48-jar-4.8.5-26.2 libgcj_bc1-4.8.5-26.2 libobjc4-4.8.5-26.2 libobjc4-debuginfo-4.8.5-26.2 libstdc++48-devel-4.8.5-26.2 - openSUSE Leap 42.3 (x86_64): cross-aarch64-gcc48-icecream-backend-4.8.5-26.4 cross-armv6hl-gcc48-icecream-backend-4.8.5-26.4 cross-armv7hl-gcc48-icecream-backend-4.8.5-26.4 cross-i386-gcc48-icecream-backend-4.8.5-26.4 cross-ia64-gcc48-icecream-backend-4.8.5-26.4 cross-ppc-gcc48-icecream-backend-4.8.5-26.4 cross-ppc64-gcc48-icecream-backend-4.8.5-26.4 cross-ppc64le-gcc48-icecream-backend-4.8.5-26.4 cross-s390-gcc48-icecream-backend-4.8.5-26.4 cross-s390x-gcc48-icecream-backend-4.8.5-26.4 gcc48-32bit-4.8.5-26.2 gcc48-ada-32bit-4.8.5-26.2 gcc48-fortran-32bit-4.8.5-26.2 gcc48-gij-32bit-4.8.5-26.2 gcc48-gij-debuginfo-32bit-4.8.5-26.2 gcc48-objc-32bit-4.8.5-26.2 libada48-32bit-4.8.5-26.2 libada48-32bit-debuginfo-4.8.5-26.2 libasan0-32bit-4.8.5-26.2 libasan0-32bit-debuginfo-4.8.5-26.2 libffi4-gcc48-32bit-4.8.5-26.1 libffi4-gcc48-32bit-debuginfo-4.8.5-26.1 libffi48-devel-32bit-4.8.5-26.1 libgcj48-32bit-4.8.5-26.2 libgcj48-debuginfo-32bit-4.8.5-26.2 libgcj48-devel-32bit-4.8.5-26.2 libgcj48-devel-debuginfo-32bit-4.8.5-26.2 libobjc4-32bit-4.8.5-26.2 libobjc4-32bit-debuginfo-4.8.5-26.2 libstdc++48-devel-32bit-4.8.5-26.2 - openSUSE Leap 42.3 (noarch): gcc48-info-4.8.5-26.2 libstdc++48-doc-4.8.5-26.2 - openSUSE Leap 42.2 (i586 x86_64): cpp48-4.8.5-23.3.2 cpp48-debuginfo-4.8.5-23.3.2 gcc48-4.8.5-23.3.2 gcc48-ada-4.8.5-23.3.2 gcc48-ada-debuginfo-4.8.5-23.3.2 gcc48-c++-4.8.5-23.3.2 gcc48-c++-debuginfo-4.8.5-23.3.2 gcc48-debuginfo-4.8.5-23.3.2 gcc48-debugsource-4.8.5-23.3.2 gcc48-fortran-4.8.5-23.3.2 gcc48-fortran-debuginfo-4.8.5-23.3.2 gcc48-gij-4.8.5-23.3.2 gcc48-gij-debuginfo-4.8.5-23.3.2 gcc48-java-4.8.5-23.3.2 gcc48-java-debuginfo-4.8.5-23.3.2 gcc48-locale-4.8.5-23.3.2 gcc48-obj-c++-4.8.5-23.3.2 gcc48-obj-c++-debuginfo-4.8.5-23.3.2 gcc48-objc-4.8.5-23.3.2 gcc48-objc-debuginfo-4.8.5-23.3.2 gcc48-testresults-4.8.5-23.3.4 libada48-4.8.5-23.3.2 libada48-debuginfo-4.8.5-23.3.2 libasan0-4.8.5-23.3.2 libasan0-debuginfo-4.8.5-23.3.2 libffi4-gcc48-4.8.5-23.3.1 libffi4-gcc48-debuginfo-4.8.5-23.3.1 libffi48-debugsource-4.8.5-23.3.1 libffi48-devel-4.8.5-23.3.1 libgcj48-4.8.5-23.3.2 libgcj48-debuginfo-4.8.5-23.3.2 libgcj48-debugsource-4.8.5-23.3.2 libgcj48-devel-4.8.5-23.3.2 libgcj48-devel-debuginfo-4.8.5-23.3.2 libgcj48-jar-4.8.5-23.3.2 libgcj_bc1-gcc48-4.8.5-23.3.2 libobjc4-4.8.5-23.3.2 libobjc4-debuginfo-4.8.5-23.3.2 libstdc++48-devel-4.8.5-23.3.2 - openSUSE Leap 42.2 (x86_64): cross-aarch64-gcc48-icecream-backend-4.8.5-23.3.4 cross-armv6hl-gcc48-icecream-backend-4.8.5-23.3.4 cross-armv7hl-gcc48-icecream-backend-4.8.5-23.3.4 cross-i386-gcc48-icecream-backend-4.8.5-23.3.4 cross-ia64-gcc48-icecream-backend-4.8.5-23.3.4 cross-ppc-gcc48-icecream-backend-4.8.5-23.3.4 cross-ppc64-gcc48-icecream-backend-4.8.5-23.3.4 cross-ppc64le-gcc48-icecream-backend-4.8.5-23.3.4 cross-s390-gcc48-icecream-backend-4.8.5-23.3.4 cross-s390x-gcc48-icecream-backend-4.8.5-23.3.4 gcc48-32bit-4.8.5-23.3.2 gcc48-ada-32bit-4.8.5-23.3.2 gcc48-fortran-32bit-4.8.5-23.3.2 gcc48-gij-32bit-4.8.5-23.3.2 gcc48-gij-debuginfo-32bit-4.8.5-23.3.2 gcc48-objc-32bit-4.8.5-23.3.2 libada48-32bit-4.8.5-23.3.2 libada48-32bit-debuginfo-4.8.5-23.3.2 libasan0-32bit-4.8.5-23.3.2 libasan0-32bit-debuginfo-4.8.5-23.3.2 libffi4-gcc48-32bit-4.8.5-23.3.1 libffi4-gcc48-32bit-debuginfo-4.8.5-23.3.1 libffi48-devel-32bit-4.8.5-23.3.1 libgcj48-32bit-4.8.5-23.3.2 libgcj48-debuginfo-32bit-4.8.5-23.3.2 libgcj48-devel-32bit-4.8.5-23.3.2 libgcj48-devel-debuginfo-32bit-4.8.5-23.3.2 libobjc4-32bit-4.8.5-23.3.2 libobjc4-32bit-debuginfo-4.8.5-23.3.2 libstdc++48-devel-32bit-4.8.5-23.3.2 - openSUSE Leap 42.2 (noarch): gcc48-info-4.8.5-23.3.2 libstdc++48-doc-4.8.5-23.3.2 References: https://www.suse.com/security/cve/CVE-2017-11671.html https://bugzilla.suse.com/1011348 https://bugzilla.suse.com/1022062 https://bugzilla.suse.com/1028744 https://bugzilla.suse.com/1039513 https://bugzilla.suse.com/1044016 https://bugzilla.suse.com/1050947 https://bugzilla.suse.com/988274

1 0

openSUSE-RU-2017:2900-1: Recommended update for timezone
by maintenance＠opensuse.org 28 Oct '17

28 Oct '17

openSUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:2900-1 Rating: low References: #1064571 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2017c) for your system, including following changes: - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1219=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): timezone-2017c-39.7.2 timezone-debuginfo-2017c-39.7.2 timezone-debugsource-2017c-39.7.2 - openSUSE Leap 42.2 (noarch): timezone-java-2017c-0.39.7.2 References: https://bugzilla.suse.com/1064571

1 0

openSUSE-SU-2017:2899-1: moderate: Security update for libjpeg-turbo
by opensuse-security＠opensuse.org 28 Oct '17

28 Oct '17

openSUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2899-1 Rating: moderate References: #1062937 Cross-References: CVE-2017-15232 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo to version 1.5.2 fixes the following issues: * CVE-2017-15232: NULL pointer dereference in jdpostct.c and jquant1.c (boo#1062937) This compatible version update contains the following improvements: * Improved and updated upsampling support and sampling factors * Memory handling correctness fixes * Improved robustness when decoding images This version is a dependency of Chromium 62. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1218=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1218=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libjpeg-turbo-1.5.2-38.1 libjpeg-turbo-debuginfo-1.5.2-38.1 libjpeg-turbo-debugsource-1.5.2-38.1 libjpeg62-62.2.0-38.1 libjpeg62-debuginfo-62.2.0-38.1 libjpeg62-devel-62.2.0-38.1 libjpeg62-turbo-1.5.2-38.1 libjpeg62-turbo-debugsource-1.5.2-38.1 libjpeg8-8.1.2-38.1 libjpeg8-debuginfo-8.1.2-38.1 libjpeg8-devel-8.1.2-38.1 libturbojpeg0-8.1.2-38.1 libturbojpeg0-debuginfo-8.1.2-38.1 - openSUSE Leap 42.3 (x86_64): libjpeg62-32bit-62.2.0-38.1 libjpeg62-debuginfo-32bit-62.2.0-38.1 libjpeg62-devel-32bit-62.2.0-38.1 libjpeg8-32bit-8.1.2-38.1 libjpeg8-debuginfo-32bit-8.1.2-38.1 libjpeg8-devel-32bit-8.1.2-38.1 libturbojpeg0-32bit-8.1.2-38.1 libturbojpeg0-debuginfo-32bit-8.1.2-38.1 - openSUSE Leap 42.2 (i586 x86_64): libjpeg-turbo-1.5.2-35.3.1 libjpeg-turbo-debuginfo-1.5.2-35.3.1 libjpeg-turbo-debugsource-1.5.2-35.3.1 libjpeg62-62.2.0-35.3.1 libjpeg62-debuginfo-62.2.0-35.3.1 libjpeg62-devel-62.2.0-35.3.1 libjpeg62-turbo-1.5.2-35.3.1 libjpeg62-turbo-debugsource-1.5.2-35.3.1 libjpeg8-8.1.2-35.3.1 libjpeg8-debuginfo-8.1.2-35.3.1 libjpeg8-devel-8.1.2-35.3.1 libturbojpeg0-8.1.2-35.3.1 libturbojpeg0-debuginfo-8.1.2-35.3.1 - openSUSE Leap 42.2 (x86_64): libjpeg62-32bit-62.2.0-35.3.1 libjpeg62-debuginfo-32bit-62.2.0-35.3.1 libjpeg62-devel-32bit-62.2.0-35.3.1 libjpeg8-32bit-8.1.2-35.3.1 libjpeg8-debuginfo-32bit-8.1.2-35.3.1 libjpeg8-devel-32bit-8.1.2-35.3.1 libturbojpeg0-32bit-8.1.2-35.3.1 libturbojpeg0-debuginfo-32bit-8.1.2-35.3.1 References: https://www.suse.com/security/cve/CVE-2017-15232.html https://bugzilla.suse.com/1062937

1 0

openSUSE-SU-2017:2896-1: important: Security update for hostapd
by opensuse-security＠opensuse.org 27 Oct '17

27 Oct '17

openSUSE Security Update: Security update for hostapd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2896-1 Rating: important References: #1063479 #930077 #930078 #930079 Cross-References: CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-5314 CVE-2016-4476 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for hostapd fixes the following issues: - Fix KRACK attacks on the AP side (boo#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): Hostap was updated to upstream release 2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) * extended channel switch support for VHT bandwidth changes * added support for configuring new ANQP-elements with anqp_elem=<InfoID>:<hexdump of payload> * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached * added option (-S as command line argument) to request all interfaces to be started at the same time * modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * fixed and improved various FST operations * TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * EAP-PEAP: support fast-connect crypto binding * RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated * started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake * VHT: added interoperability workaround for 80+80 and 160 MHz channels * extended VLAN support (per-STA vif, etc.) * fixed PMKID derivation with SAE * nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added initial functionality for location related operations * added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames * improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior * added command line parameter -i to override interface parameter in hostapd.conf * added command completion support to hostapd_cli * added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and "SIGNATURE <addr>" control interface command) * number of small fixes hostapd was updated to upstream release 2.5 * (CVE-2015-1863) is fixed in upstream release 2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 boo#930077) * fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 boo#930078) * fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, boo#930079) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - fixed vendor command handling to check OUI properly * fixed hlr_auc_gw build with OpenSSL * hlr_auc_gw: allow Milenage RES length to be reduced * disable HT for a station that does not support WMM/QoS * added support for hashed password (NtHash) in EAP-pwd server * fixed and extended dynamic VLAN cases * added EAP-EKE server support for deriving Session-Id * set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * increases maximum value accepted for cwmin/cwmax * added support for CCMP-256 and GCMP-256 as group ciphers with FT * added Fast Session Transfer (FST) module * removed optional fields from RSNE when using FT with PMF (workaround for interoperability issues with iOS 8.4) * added EAP server support for TLS session resumption * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added mechanism to track unconnected stations and do minimal band steering * number of small fixes Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1201=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1201=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): hostapd-2.6-8.1 hostapd-debuginfo-2.6-8.1 hostapd-debugsource-2.6-8.1 - openSUSE Leap 42.2 (i586 x86_64): hostapd-2.6-5.3.1 hostapd-debuginfo-2.6-5.3.1 hostapd-debugsource-2.6-5.3.1 References: https://www.suse.com/security/cve/CVE-2015-1863.html https://www.suse.com/security/cve/CVE-2015-4141.html https://www.suse.com/security/cve/CVE-2015-4142.html https://www.suse.com/security/cve/CVE-2015-4143.html https://www.suse.com/security/cve/CVE-2015-4144.html https://www.suse.com/security/cve/CVE-2015-4145.html https://www.suse.com/security/cve/CVE-2015-5314.html https://www.suse.com/security/cve/CVE-2016-4476.html https://www.suse.com/security/cve/CVE-2017-13078.html https://www.suse.com/security/cve/CVE-2017-13079.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-13081.html https://www.suse.com/security/cve/CVE-2017-13087.html https://www.suse.com/security/cve/CVE-2017-13088.html https://bugzilla.suse.com/1063479 https://bugzilla.suse.com/930077 https://bugzilla.suse.com/930078 https://bugzilla.suse.com/930079

1 0

openSUSE-SU-2017:2895-1: moderate: Security update for SDL2
by opensuse-security＠opensuse.org 27 Oct '17

27 Oct '17

openSUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2895-1 Rating: moderate References: #1062784 Cross-References: CVE-2017-2888 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL2 fixes the following issues: - CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (bsc#1062784) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1217=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1217=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): SDL2-debugsource-2.0.3-14.1 libSDL2-2_0-0-2.0.3-14.1 libSDL2-2_0-0-debuginfo-2.0.3-14.1 libSDL2-devel-2.0.3-14.1 - openSUSE Leap 42.3 (x86_64): libSDL2-2_0-0-32bit-2.0.3-14.1 libSDL2-2_0-0-debuginfo-32bit-2.0.3-14.1 libSDL2-devel-32bit-2.0.3-14.1 - openSUSE Leap 42.2 (i586 x86_64): SDL2-debugsource-2.0.3-9.5.1 libSDL2-2_0-0-2.0.3-9.5.1 libSDL2-2_0-0-debuginfo-2.0.3-9.5.1 libSDL2-devel-2.0.3-9.5.1 - openSUSE Leap 42.2 (x86_64): libSDL2-2_0-0-32bit-2.0.3-9.5.1 libSDL2-2_0-0-debuginfo-32bit-2.0.3-9.5.1 libSDL2-devel-32bit-2.0.3-9.5.1 References: https://www.suse.com/security/cve/CVE-2017-2888.html https://bugzilla.suse.com/1062784

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates October 2017