----------------------------------------- Version 0.2.19-Build1.25 2020-08-22T07:55:56 ----------------------------------------- Patch: SUSE-2015-337 Released: Mon Jul 13 18:31:18 2015 Summary: Security update for krb5 Severity: moderate References: 910457,910458,918595,CVE-2014-5353,CVE-2014-5354,CVE-2014-5355 Description: krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). ----------------------------------------- Patch: SUSE-2015-331 Released: Tue Jul 14 17:49:42 2015 Summary: Recommended update for sles-manuals_en Severity: moderate References: 936211 Description: This update provides the following changes to the SLED manuals: - Document how to get packages from older SLE 11 SPs for SLE 11 SP4 (FATE#318262) - Make clear that the registration has to be re-entered for Add-Ons (bnc#936211) ----------------------------------------- Patch: SUSE-2015-362 Released: Fri Jul 17 11:59:18 2015 Summary: Security update for xorg-x11-libX11 Severity: moderate References: 927220,CVE-2013-7439 Description: xorg-x11-libX11 was updated to fix one security issue. This security issue was fixed: - CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allowed remote attackers to have unspecified impact via a crafted request, which triggered a buffer overflow (bsc#927220). ----------------------------------------- Patch: SUSE-2015-434 Released: Wed Jul 22 11:30:53 2015 Summary: Recommended update for udev Severity: moderate References: 922702,931863 Description: udev was updated to fix two bugs: * libudev: fix udev_queue_get_seqnum_sequence_is_finished() with empty queue file (bsc#922702). * libudev: fix for move_later in udev_enumerate_get_list_entry (bsc#931863). ----------------------------------------- Patch: SUSE-2015-388 Released: Mon Jul 27 23:12:52 2015 Summary: Recommended update for sysconfig Severity: moderate References: 929191 Description: This update for sysconfig fixes the following issue in ifup(8): - Use gratuitous arp requests instead of replies. (bnc#929191) ----------------------------------------- Patch: SUSE-2015-347 Released: Tue Jul 28 15:49:46 2015 Summary: Security update for bind Severity: important References: 939567,CVE-2015-5477 Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. ----------------------------------------- Patch: SUSE-2015-348 Released: Tue Jul 28 22:27:03 2015 Summary: Initial release of SUSE Manager Client Tools for SLE 11-SP4 Severity: low References: 931873 Description: This update provides SUSE Manager Client Tools 2.1 for SUSE Linux Enterprise 11-SP4. ----------------------------------------- Patch: SUSE-2015-479 Released: Wed Jul 29 17:20:07 2015 Summary: Recommended update for openldap2 Severity: moderate References: 924496,932773,937766,CVE-2015-4000 Description: openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing '-' separator. ----------------------------------------- Patch: SUSE-2015-431 Released: Fri Jul 31 20:02:36 2015 Summary: Security update for glibc Severity: important References: 830257,851280,918187,920338,927080,928723,932059,933770,933903,935286,CVE-2013-2207,CVE-2014-8121,CVE-2015-1781 Description: This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286) ----------------------------------------- Patch: SUSE-2015-379 Released: Mon Aug 3 19:24:15 2015 Summary: Recommended update for open-iscsi Severity: moderate References: 869278,929855,939923 Description: This update for open-iscsi provides the following fixes: - Allow non-tcp transport for discovery daemon. (bsc#939923) - The iBFT 'origin' field is now evaluated to determine if iBFT IP address came from DHCP. (bsc#929855) - Added iscsi_fw_login helper script and new udev rule to call script when iBFT/iscsi boot targets added. (bsc#869278) ----------------------------------------- Patch: SUSE-2015-435 Released: Tue Aug 4 02:16:14 2015 Summary: Recommended update for udev Severity: moderate References: 789825,793936,934307 Description: This update for udev provides the following fixes: - Blacklist tdmp devices in 60-persistent-storage.rules. (bsc#934307) - Make 'reload' and 'force-reload' LSB compliant. (bsc#793936) - Implement the conversion of udev db as a %post script. (bsc#789825) ----------------------------------------- Patch: SUSE-2015-516 Released: Tue Aug 4 09:29:22 2015 Summary: Security update for gnutls Severity: moderate References: 925499,932026,CVE-2015-4000 Description: This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch ----------------------------------------- Patch: SUSE-2015-455 Released: Wed Aug 5 15:37:32 2015 Summary: Recommended update for release-notes-sles Severity: low References: 936166,936375,936376,938417 Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4. - Updated: Fix support statement (SP3: 2016-01-31). - Updated: Add /tmp symlink attack protection. (fate#314496) - New: Installing the open-fcoe Package Manually. (fate#319239) - New: Infiniband driver configuration. (bsc#936166 via fate#319120) - New: Note about having registration key available. (bsc#936375 via fate#319123) - New: Power8 support. (fate#317619) ----------------------------------------- Patch: SUSE-2015-466 Released: Thu Aug 6 11:52:00 2015 Summary: Recommended update for openssl Severity: moderate References: 937492,CVE-2015-0287 Description: This update of openssl fixes a regression caused by the security fix for CVE-2015-0287, after which DSA keys could occasionaly not loaded from disk. (bsc#937492) ----------------------------------------- Patch: SUSE-2015-417 Released: Tue Aug 11 18:01:47 2015 Summary: Recommended update for timezone Severity: low References: 941249 Description: This update provides the latest timezone information (2015f) for your system, including the following changes: - North Korea switches to +0830 on 2015-08-15. The abbreviation remains 'KST'. - Uruguay no longer observes DST. - Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2015-August/000033.html ----------------------------------------- Patch: SUSE-2015-425 Released: Wed Aug 12 17:15:06 2015 Summary: Security update for tiff Severity: moderate References: 914890,916927,CVE-2014-8127,CVE-2014-8128,CVE-2014-8129,CVE-2014-8130,CVE-2014-9655 Description: tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). ----------------------------------------- Patch: SUSE-2015-410 Released: Wed Aug 12 20:26:22 2015 Summary: Recommended update for cpio Severity: low References: 938930 Description: This update ensures cpio(1) will return a proper error code when errors happen in pass-through mode. ----------------------------------------- Patch: SUSE-2015-590 Released: Mon Aug 17 10:29:25 2015 Summary: Security update for libgcrypt Severity: moderate References: 920057,CVE-2014-3591,CVE-2015-0837 Description: This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] ----------------------------------------- Patch: SUSE-2015-482 Released: Tue Aug 25 21:55:05 2015 Summary: Optional update for quota Severity: low References: 941765 Description: The quota package has been rebuilt to increase its release number, which was lower than the latest builds from SLE 11-SP3. ----------------------------------------- Patch: SUSE-2015-532 Released: Tue Aug 25 22:25:34 2015 Summary: Recommended update for sed Severity: low References: 933022 Description: This update for sed fixes handling of the --follow-symlinks option. ----------------------------------------- Patch: SUSE-2015-477 Released: Wed Sep 2 14:02:50 2015 Summary: Security update for bind Severity: important References: 944066,CVE-2015-5722 Description: The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). ----------------------------------------- Patch: SUSE-2015-536 Released: Thu Sep 3 13:56:53 2015 Summary: Recommended update for usbutils Severity: low References: 941820 Description: This update for usbutils adds new IDs to the devices' database. ----------------------------------------- Patch: SUSE-2015-639 Released: Wed Sep 9 01:42:08 2015 Summary: Security update for kernel-source Severity: moderate References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917830,917968,919463,920016,920110,920250,920733,921430,923002,923245,923431,924701,925705,925881,925903,926240,926953,927355,928988,929076,929142,929143,930092,930934,931620,932350,932458,932882,933429,933721,933896,933904,933907,933936,934944,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6252 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). * CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun. (bsc#933429) * CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). * CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). * CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) * CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). * CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid of the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - Ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - NFS: never queue requests with rq_cong set on the sending queue (bsc#932458). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (fate#314486, bnc#884333)(bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - Apparmor: fix file_permission if profile is updated (bsc#917968). - block: Discard bios do not have data (bsc#928988). - cifs: Fix missing crypto allocation (bnc#937402). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails (FATE#317582). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (FATE#317582). - drm: ast,cirrus,mgag200: use drm_can_sleep (FATE#317582, bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (fate#317831,bnc#891116)). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (FATE#309111, bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi: Correctly set the scsi host/msg/status bytes (bnc#933936). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - scsi: Moved iscsi kabi patch to patches.kabi (bsc#923002) - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: enable sch_mqprio (bsc#932882) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (bsc#920250). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, bnc#936925, LTC#126491). ----------------------------------------- Patch: SUSE-2015-565 Released: Wed Sep 9 19:51:24 2015 Summary: Recommended update for mcelog Severity: low References: 942670 Description: This update for mcelog adds support for Intel's Skylake platform. ----------------------------------------- Patch: SUSE-2015-551 Released: Fri Sep 11 03:50:46 2015 Summary: Recommended update for release-notes-sles Severity: low References: 938757,938880,940594,942090,943479 Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4. - Updated: Support for 10GbE RoCE Express. (bsc#942090, fate#319065) - Updated: List more kernel modules which were updated. (fate#318442) - Updated: Adjust XEN VM guest memory limit. (bsc#938757) - Obsoleted: Migrating SUSE Linux Enterprise Server with WebYaST installed via Wagon. (bsc#940594) - Obsoleted: SMT 11 SP2 to SP3 migration, and other update related entries. (bsc#940594) - Fix minor spelling issues. (bsc#943479) ----------------------------------------- Patch: SUSE-2015-658 Released: Fri Sep 18 09:01:09 2015 Summary: Security update for rpcbind Severity: moderate References: 940191,946204,CVE-2015-7236 Description: A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. ----------------------------------------- Patch: SUSE-2015-723 Released: Thu Sep 24 14:55:49 2015 Summary: Recommended update for postfix Severity: low References: 838165,863350 Description: This update for Postfix fixes an issue in the SuSEconfig.postfix script which could cause misleading warnings when the package was updated. ----------------------------------------- Patch: SUSE-2015-734 Released: Thu Oct 1 18:11:27 2015 Summary: Optional update for gcc5, binutils and gdb Severity: low References: 776968,877566,891040,896586,936050,943792,945634,CVE-2012-3509 Description: The core toolchain components were updated to newer version to bring various features, improved performance and usability, and also bugfixes. This GNU Compiler Collection feature update is provided for the Intel/AMD x86_64, IBM zSeries and IBM PowerPC 64bit architectures. The GNU Compiler Collection 5.2 is provided new with this update. Changes to previously released GCC 4.8 series are documented on: https://gcc.gnu.org/gcc-4.9/changes.html and https://gcc.gnu.org/gcc-5/changes.html Major features: * AddressSanitzer, UndefinedBehaviour and PointerBoundsChecker checking frameworks were added. * Lots of Register Allocation, Link Time, Interprocedural and Feedback Directed optimization improvements were done. * Architecture support for IBM zSeries z13. * The new libstdc++ CXX11 ABI is available, (The old ABI is still used by default.) The binutils suite was updated to version 2.25.0, bringing new platform support, features and and bugfixes, including: * IBM zSeries z13 hardware support (fate#318036, bnc#936050). * various IBM Power8 improvements (fate#318238, bnc#926412). * AVX512 support on the Intel EM64T platform (fate#318520). * CVE-2012-3509: Fixed a integer overflow in libiberty. The GNU Debugger gdb was updated to version 7.9.1, bringing new platform support, features and bugfixes. The gdb update also includes IBM zSeries z13 support. ----------------------------------------- Patch: SUSE-2015-683 Released: Fri Oct 2 19:18:15 2015 Summary: Recommended update for timezone Severity: low References: 948227,948568 Description: This update provides the latest timezone information (2015g) for your system, including the following changes: - Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25. - Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. - Fiji's 2016 fall-back transition is scheduled for January 17, not 24. - Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. Add new zone America/Fort_Nelson. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2015-October/022728.html ----------------------------------------- Patch: SUSE-2015-650 Released: Mon Oct 5 19:52:45 2015 Summary: Security update for openssh Severity: moderate References: 903649,932483,936695,938746,939932,943006,943010,945484,945493,947458,CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564 Description: OpenSSH was updated to fix several security issues and bugs. Please note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. (bsc#936695) * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (bsc#938746) * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM. (bsc#932483) * Hardening patch to fix sftp RCE. (bsc#903649) * CVE-2015-6563: The monitor component in sshd accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Additional a bug was fixed that could lead to openssh not working in chroot (bsc#947458). ----------------------------------------- Patch: SUSE-2015-794 Released: Tue Oct 6 10:03:29 2015 Summary: Recommended update for yast2-fcoe-client Severity: moderate References: 838739 Description: The YaST module for fiber channel over ethernet was updated to increase number of retries for fipvlan to try harder to connect (bnc#838739) ----------------------------------------- Patch: SUSE-2015-686 Released: Wed Oct 7 03:15:17 2015 Summary: Recommended update for gconf2 Severity: low References: 909045 Description: This update for gconf2 modifies gconftool to use fdatasync() instead of fsync(), as the latter comes with a significant performance penalty. Additionally, when the tool detects that the operating system is being installed, explicit calls to data synchronization functions are skipped. ----------------------------------------- Patch: SUSE-2015-719 Released: Wed Oct 7 12:33:46 2015 Summary: Security update for gtk2 Severity: moderate References: 922741,942801,948791,CVE-2015-4491,CVE-2015-7674 Description: gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). ----------------------------------------- Patch: SUSE-2015-688 Released: Fri Oct 9 04:03:15 2015 Summary: Recommended update for glibc Severity: moderate References: 942317,945779 Description: glibc was updated to fix a regression in a previous security fix, where users from large groups could go missing (bsc#945779, GLIBC BZ #18991). Also on PowerPC links to Power7 libraries are created for Power8 platform (bsc#942317) ----------------------------------------- Patch: SUSE-2015-726 Released: Fri Oct 9 14:26:44 2015 Summary: Security update for augeas Severity: moderate References: 925225,CVE-2014-8119 Description: This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output ----------------------------------------- Patch: SUSE-2015-769 Released: Fri Oct 9 20:42:30 2015 Summary: Recommended update for mkinitrd Severity: moderate References: 932042,938470 Description: This update for mkinitrd provides the following fixes: - Ignore non-existent extra dependencies. (bsc#932042) - Find driver for nvme devices. (bsc#938470) ----------------------------------------- Patch: SUSE-2015-717 Released: Wed Oct 14 16:20:19 2015 Summary: Recommended update for ksh Severity: moderate References: 887320,924043,924318,926172,934437 Description: This update for the Korn Shell (ksh) provides the following fixes: - Close the correct file descriptor when renumbering and avoid extra fork. (bsc#926172, bsc#934437) - Fix freeing memory twice if an array is turned into a compound variable and then unset. (bsc#924043) - Fix potential hangs in command substitution with large output. (bsc#887320) - Fix potential job list corruption that could lead to segmentation fault. (bsc#924318) - Fix segmentation fault with 'typeset -RF'. ----------------------------------------- Patch: SUSE-2015-728 Released: Wed Oct 14 23:46:56 2015 Summary: Recommended update for release-notes-sles Severity: low References: 943017,947139,948760 Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4. - New: NTP 4.2.8. (bsc#943017, fate#319526) - New: TLS 1.2 for OpenVPN. (fate#319013) - Fix typo (LTSS for SLES 11 SP3). (bsc#948760) ----------------------------------------- Patch: SUSE-2015-724 Released: Thu Oct 15 15:25:10 2015 Summary: Security update for icu Severity: moderate References: 917129,CVE-2014-9654 Description: icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bsc#917129). ----------------------------------------- Patch: SUSE-2015-818 Released: Fri Oct 16 03:39:06 2015 Summary: Recommended update for rsh Severity: low References: 723593,926954 Description: This update for rsh fixes an attempt to free invalid memory in rshd. ----------------------------------------- Patch: SUSE-2015-809 Released: Thu Oct 22 08:47:45 2015 Summary: Recommended update for openssl Severity: moderate References: 947833 Description: OpenSSL was updated to fix a bug in TLS session renegotiation. This renegotiation is for instance used with Apache2 client certificate handling, which would fail if ECDHE key exchange is used, which is happening more often after the last openssl update. ----------------------------------------- Patch: SUSE-2015-816 Released: Tue Nov 3 17:30:32 2015 Summary: Recommended update for SuSEfirewall2 Severity: moderate References: 940825,942106 Description: SuSEfirewall2 was updated to use the conntrack table instead of the state table to avoid warnings with newer versions of iptables. ----------------------------------------- Patch: SUSE-2015-843 Released: Fri Nov 13 13:43:28 2015 Summary: Recommended update for krb5 Severity: important References: 954270 Description: This update fixes a potential segmentation fault introduced with a previous security fix. ----------------------------------------- Patch: SUSE-2015-847 Released: Mon Nov 16 14:21:12 2015 Summary: Recommended update for ConsoleKit Severity: moderate References: 942421 Description: This update for ConsoleKit provides the following fixes: - Properly unset reference to the dbus proxy when finalizing the session, avoiding a leak that could result in a loop using 100% CPU. (bsc#942421) ----------------------------------------- Patch: SUSE-2015-853 Released: Wed Nov 18 10:39:13 2015 Summary: Security update for libpng12-0 Severity: moderate References: 952051,954980,CVE-2015-7981,CVE-2015-8126 Description: The libpng12-0 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). ----------------------------------------- Patch: SUSE-2015-856 Released: Wed Nov 18 12:21:13 2015 Summary: Recommended update for gcc5 Severity: important References: 954002 Description: This update for gcc5 and its runtime libraries adjusts the build flags on the s390x architecture to be compatible with IBM z9 and z10 systems. ----------------------------------------- Patch: SUSE-2015-871 Released: Fri Nov 20 10:21:18 2015 Summary: Security update for ntp Severity: moderate References: 905885,910063,936327,942441,942587,944300,951608,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871 Description: This ntp update provides the following security and non security fixes: - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Fix the comment regarding addserver in ntp.conf (bnc#910063). - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove 'kod' from the restrict line in ntp.conf (bsc#944300). - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Require perl-Socket6 (bsc#942441). - Fix incomplete backporting of 'rcntp ntptimemset'. ----------------------------------------- Patch: SUSE-2015-875 Released: Fri Nov 20 14:06:25 2015 Summary: Recommended update for yast2-update Severity: low References: 941132 Description: This update for yast2-update provides the following fixes: - Allow root partitions formatted with btrfs to be selected for system upgrades. (bsc#941132) ----------------------------------------- Patch: SUSE-2015-880 Released: Mon Nov 23 15:53:05 2015 Summary: Recommended update for supportutils Severity: low References: 875831,890604,918641,931390,939079,941773,950432,951218,952024 Description: This update for supportutils includes the following fixes: - Fixed DNS hang. (bsc#951218) - Fixed find error in YaST. (bsc#952024) - Fixed kernel taint flags. (bsc#941773) - Fixed s390-tools reference. (bsc#931390) - Fixed volmn DFS hang with timer. (bsc#950432) - Added OPTION_NIT for novell-nit.txt. (bsc#939079) - Fixed DNS hang on files. (bsc#918641) - Added crm config show. (bsc#875831) - Fixed drbd check using drbd.conf. (bsc#890604) ----------------------------------------- Patch: SUSE-2015-893 Released: Wed Nov 25 13:32:09 2015 Summary: Recommended update for syslog-ng Severity: moderate References: 883403 Description: This update for syslog-ng provides the following fixes: - Do not fail to start if a remote log server name cannot be resolved. (bsc#883403) ----------------------------------------- Patch: SUSE-2015-898 Released: Thu Nov 26 12:09:03 2015 Summary: Recommended update for yast2-slp-server Severity: low References: 878892,954494 Description: This update for yast2-slp-server fixes handling of comments on slp.conf. ----------------------------------------- Patch: SUSE-2015-905 Released: Fri Nov 27 11:02:55 2015 Summary: Recommended update for pciutils-ids Severity: low References: 911528,944104,944436 Description: The system's PCI IDs database has been updated to version 2015.10.07. Additionally, the merge-pciids.pl script was fixed to not print warnings about conflicting definitions by default. ----------------------------------------- Patch: SUSE-2015-916 Released: Mon Nov 30 15:44:24 2015 Summary: Recommended update for crash Severity: low References: 940720 Description: This update for crash provides the following fixes: - Fix mis-labeled per-cpu exception stacks. (bsc#940720) ----------------------------------------- Patch: SUSE-2015-917 Released: Mon Nov 30 18:26:53 2015 Summary: Recommended update for libsoup Severity: moderate References: 935201 Description: This update for libsoup disables support for SSLv3 connections. For security reasons, only TLS 1.x and newer will be used. ----------------------------------------- Patch: SUSE-2015-924 Released: Wed Dec 2 13:46:58 2015 Summary: Security update for gpg2 Severity: moderate References: 918089,918090,CVE-2015-1606,CVE-2015-1607 Description: This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch ----------------------------------------- Patch: SUSE-2015-927 Released: Wed Dec 2 16:48:27 2015 Summary: Recommended update for yast2-users Severity: low References: 805275 Description: This update for yast2-users fixes validation of AutoYaST profiles. ----------------------------------------- Patch: SUSE-2015-932 Released: Thu Dec 3 12:46:32 2015 Summary: Recommended update for lvm2 Severity: moderate References: 938419,942888 Description: This update for lvm2 provides the following fixes: - Fix segmentation fault when extending a LV with a smaller number of stripes than originally used. (bsc#942888) - Fix vgchange to check if there are no mounted file systems preventing deactivation of the volume group. (bsc#938419) ----------------------------------------- Patch: SUSE-2015-944 Released: Thu Dec 3 19:13:46 2015 Summary: Recommended update for yast2-kdump Severity: low References: 805275 Description: This update for yast2-kdump fixes validation of AutoYaST profiles. ----------------------------------------- Patch: SUSE-2015-948 Released: Mon Dec 7 15:08:09 2015 Summary: Security update for libmspack Severity: moderate References: 934524,934525,934526,934527,934528,934529,CVE-2014-9732,CVE-2015-4467,CVE-2015-4469,CVE-2015-4470,CVE-2015-4471,CVE-2015-4472 Description: libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) ----------------------------------------- Patch: SUSE-2015-925 Released: Mon Dec 7 15:11:59 2015 Summary: Security update for dhcpcd Severity: important References: 955762,CVE-2012-6698,CVE-2012-6699,CVE-2012-6700 Description: dhcpcd was updated to fix three security issues. These security issues were fixed: - CVE-2012-6698: A potential out of bounds write was fixed, which could lead to memory corruption, triggerable by network local attackers. - CVE-2012-6699: A loop error was fixed that could lead out of bound reads, triggerable by network local attackers. - CVE-2012-6700: An incorrect free could lead to crashes, triggerable by network local attackers. ----------------------------------------- Patch: SUSE-2015-970 Released: Tue Dec 15 16:32:13 2015 Summary: Recommended update for ethtool Severity: low References: 927309 Description: The list of advertised speed modes recognized by Ethtool has been updated to include the following full-duplex modes: 56000baseKR4, 56000baseCR4, 56000baseSR4, 56000baseLR4 and 10000baseKX4. ----------------------------------------- Patch: SUSE-2015-976 Released: Tue Dec 15 21:29:18 2015 Summary: Security update for openssl Severity: moderate References: 952099,957812,CVE-2015-3195 Description: This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) ----------------------------------------- Patch: SUSE-2015-981 Released: Wed Dec 16 11:11:12 2015 Summary: Recommended update for yast2-ntp-client Severity: low References: 805275,940881,954442 Description: This update for yast2-ntp-client provides the following fixes: - Also remove the 'restrict' server option from /etc/ntp.conf when a server is removed or changed, do not leave unused values. (bsc#954442) - Always use a server from pool.ntp.org as default. (bsc#940881) - Fix validation of AutoYaST profiles. (bsc#805275) ----------------------------------------- Patch: SUSE-2015-318 Released: Thu Dec 17 05:55:02 2015 Summary: Recommended update for inst-source-utils Severity: low References: 937385 Description: The inst-source-utils package was updated to allow building medias with specific EULA. ----------------------------------------- Patch: SUSE-2015-984 Released: Thu Dec 17 12:11:26 2015 Summary: Security update for krb5 Severity: moderate References: 954270,954470,CVE-2015-2695 Description: The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). ----------------------------------------- Patch: SUSE-2015-990 Released: Fri Dec 18 12:23:40 2015 Summary: Recommended update for yast2-network Severity: low References: 805275,951330 Description: This update for yast2-network provides the following fixes: - Fix validation of AutoYaST profiles. (bsc#805275) - Drop entry from /etc/hosts when deleting NIC configuration. (bsc#951330) ----------------------------------------- Patch: SUSE-2015-1007 Released: Tue Dec 22 12:36:41 2015 Summary: Security update for the Linux Kernel Severity: important References: 814440,879378,879381,900610,904348,904965,921081,926774,930145,930770,930788,930835,932805,935123,935757,937256,937444,938706,939826,939926,939955,940017,940913,940946,941202,942938,943786,944296,944677,944831,944837,944989,944993,945691,945825,945827,946078,946214,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949936,949981,950298,950750,950998,951440,952084,952384,952579,952976,953527,953799,953980,954404,954628,954950,954984,955673,956709,CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7509,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: add special crash handler (bnc#930770). - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: prefer '^A' notification chain to 'panic'. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673). - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - ipvs: drop first packet to dead server (bsc#946078). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - memory-failure: do code refactor of soft_offline_page() (bnc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950). - mm: remove GFP_THISNODE (bsc#954950). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS). - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984). - s390/pci: handle events for unused functions (bnc#946214). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214). - s390/pci: improve state check when processing hotplug events (bnc#946214). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sg: fix read() error reporting (bsc#926774). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). ----------------------------------------- Patch: SUSE-2015-1010 Released: Tue Dec 22 13:04:17 2015 Summary: Security update for bind Severity: important References: 923281,958861,CVE-2015-8000 Description: This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). ----------------------------------------- Patch: 1482 Released: Wed Dec 23 10:31:03 2015 Summary: Security update for libksba Severity: moderate References: 926826 Description: The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). ----------------------------------------- Patch: SUSE-2015-1014 Released: Wed Dec 23 14:19:01 2015 Summary: Recommended update for parted Severity: low References: 932116 Description: This update improves handling of busy extended partitions in libparted. ----------------------------------------- Patch: SUSE-2015-1017 Released: Fri Dec 25 11:49:25 2015 Summary: Recommended update for ksh Severity: moderate References: 951430,953533,954856,955221 Description: This update for ksh fixes the following issues: - File descriptor leak when doing redirects in a subshell. (bsc#954856) - Hangs when processing commands in backticks that output too much data. (bsc#953533, bsc#955221, bsc#951430) ----------------------------------------- Patch: SUSE-2015-1023 Released: Mon Dec 28 17:42:36 2015 Summary: Security update for xfsprogs Severity: moderate References: 911866,939367,CVE-2012-2150 Description: xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition ----------------------------------------- Patch: SUSE-2015-1030 Released: Tue Dec 29 13:55:34 2015 Summary: Recommended update for xorg-x11-libs Severity: moderate References: 958383,CVE-2015-1804 Description: This update for xorg-x11-libs fixes the following issues: - The original fix for CVE-2015-1804 prevented DWIDTH to be negative. However, the spec states that 'DWIDTH [...] is a vector indicating the position of the next glyph's origin relative to the origin of this glyph'. Consequently, negative DWIDTH values should be allowed. (bsc#958383) ----------------------------------------- Patch: SUSE-2016-14 Released: Tue Jan 5 14:10:55 2016 Summary: Recommended update for yast2-bootloader Severity: low References: 805275,937108 Description: This update for yast2-bootloader provides the following fixes: - Fix validation of AutoYaST profiles. (bsc#805275) - Unify Xen names to fix removal of duplicated entries at the end of installation. (bsc#937108) ----------------------------------------- Patch: SUSE-2016-21 Released: Tue Jan 5 16:21:16 2016 Summary: Security update for libxml2 Severity: moderate References: 928193,951734,951735,956018,956021,956260,957105,957106,957107,957109,957110,CVE-2015-1819,CVE-2015-5312,CVE-2015-7497,CVE-2015-7498,CVE-2015-7499,CVE-2015-7500,CVE-2015-7941,CVE-2015-7942,CVE-2015-8241,CVE-2015-8242,CVE-2015-8317 Description: This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] ----------------------------------------- Patch: SUSE-2016-23 Released: Wed Jan 6 11:38:30 2016 Summary: Recommended update for yast2-ldap-client Severity: low References: 805275 Description: This update for yast2-ldap-client fixes validation of AutoYaST profiles. ----------------------------------------- Patch: SUSE-2016-45 Released: Fri Jan 8 12:20:09 2016 Summary: Recommended update for sg3_utils Severity: moderate References: 943817 Description: This update for sg3_utils fixes the following issues: - Fix regular expression in rescan-scsi-bus.sh to not produce strings with white spaces. (bsc#943817) ----------------------------------------- Patch: SUSE-2016-47 Released: Fri Jan 8 14:49:21 2016 Summary: Recommended update for open-iscsi Severity: moderate References: 950441 Description: This update for open-iscsi provides the following fixes: - Convert iscsiadm's '-r' argument to an integer before checking if it is a path. (bsc#950441) ----------------------------------------- Patch: SUSE-2016-49 Released: Fri Jan 8 15:50:58 2016 Summary: Security update for libpng12-0 Severity: moderate References: 954980,CVE-2015-8126 Description: - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] ----------------------------------------- Patch: SUSE-2016-50 Released: Fri Jan 8 16:13:46 2016 Summary: Recommended update for yast2-printer Severity: low References: 805275 Description: This update for yast2-printer provides the following fixes: - Add X-SuSE-YaST-AutoInstSchema declaration so printer.rnc could be included in yast2-schema package. ----------------------------------------- Patch: SUSE-2016-54 Released: Mon Jan 11 16:39:26 2016 Summary: Security update for gnutls Severity: moderate References: 924828,947271,957568,CVE-2015-2806,CVE-2015-8313 Description: This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) ----------------------------------------- Patch: SUSE-2016-57 Released: Tue Jan 12 11:32:10 2016 Summary: Recommended update for yast2-audit-laf Severity: low References: 702654,805275 Description: This update for yast2-audit-laf provides the following fixes: - Add X-SuSE-YaST-AutoInstSchema declaration so audit-laf.rnc could be included in yast2-schema package. (bsc#805275) - Typos corrected in help text. (bsc#702654) ----------------------------------------- Patch: SUSE-2016-63 Released: Tue Jan 12 16:38:01 2016 Summary: Security update for openldap2 Severity: moderate References: 945582,CVE-2015-6908 Description: This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). ----------------------------------------- Patch: SUSE-2016-64 Released: Tue Jan 12 17:04:14 2016 Summary: Recommended update for deltarpm Severity: low References: 948504 Description: This update for deltarpm provides the following fixes: - Fix off-by-one error in delta generation code which could lead to a segmentation fault in some rare circumstances. (bsc#948504) - Return error rather than crashing if memory allocation fails. - Add newline in missing prelink error. - Do not finish applydeltarpm jobs when in the middle of a request. - Fix failing applydeltarpm with gzip -9 compression. - Add a couple of man pages. ----------------------------------------- Patch: SUSE-2016-73 Released: Wed Jan 13 12:51:14 2016 Summary: Recommended update for release-notes-sles Severity: low References: 950143,955779 Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4: - Remove misleading statement about zypper. (bsc#955779) - Document availability of updated toolchain for SLES 11 SP4. (fate#319015) - List YaST modules deprecated on SLE 12. (fate#319469) ----------------------------------------- Patch: SUSE-2016-84 Released: Thu Jan 14 16:32:18 2016 Summary: Security update for openssh Severity: critical References: 961642,961645,CVE-2016-0777,CVE-2016-0778 Description: This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. ----------------------------------------- Patch: SUSE-2016-106 Released: Tue Jan 19 09:48:53 2016 Summary: Security update for samba Severity: important References: 295284,912457,934299,936909,948244,949022,953382,958582,958583,958584,958586,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330 Description: This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: 'key length too large' (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) ----------------------------------------- Patch: SUSE-2016-115 Released: Tue Jan 19 22:15:35 2016 Summary: Recommended update for yast2-schema Severity: low References: 805275 Description: This update for yast2-schema fixes validation of AutoYaST profiles. ----------------------------------------- Patch: SUSE-2016-116 Released: Wed Jan 20 09:59:11 2016 Summary: Security update for rsync Severity: moderate References: 900914,915410,CVE-2014-8242,CVE-2014-9512 Description: This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) ----------------------------------------- Patch: SUSE-2016-123 Released: Wed Jan 20 16:36:03 2016 Summary: Recommended update for release-notes-sles Severity: low References: 954889,958635,960322 Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4: - Clarify IBM Java 1.7.1 support status. (bsc#954889, fate#317600) - Fix Security Module description. (bsc#958635) - Document support for OpenSSH in the SLE 11 Security module. (fate#318862) ----------------------------------------- Patch: SUSE-2016-125 Released: Thu Jan 21 13:31:47 2016 Summary: Security update for libxml2 Severity: moderate References: 960674,CVE-2015-8710 Description: This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) ----------------------------------------- Patch: SUSE-2016-135 Released: Fri Jan 22 11:23:00 2016 Summary: Security update for bind Severity: important References: 962189,CVE-2015-8704 Description: This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) ----------------------------------------- Patch: SUSE-2016-159 Released: Tue Jan 26 16:09:31 2016 Summary: Recommended update for mdadm Severity: moderate References: 930417,939124,952644,958597 Description: This update for mdadm fixes the following issues: - Fix corruption of DDF anchor. (bsc#930417) - Fix problem with adding spare to degraded array. (bsc#958597) - Fix regression in 'mdadm /dev/mdXX --remove failed' handling. (bsc#952644) - Fix crash when running --detail on a dm device which contains an md device. (bsc#939124) ----------------------------------------- Patch: SUSE-2016-164 Released: Wed Jan 27 13:41:51 2016 Summary: Recommended update for udev Severity: moderate References: 958208 Description: This update for udev adjusts the persistent network device name rules to skip Mellanox virtual devices. ----------------------------------------- Patch: SUSE-2016-175 Released: Fri Jan 29 12:43:18 2016 Summary: Security update for gdk2 Severity: moderate References: 958963,960155,CVE-2015-7552 Description: This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero ----------------------------------------- Patch: SUSE-2016-178 Released: Fri Jan 29 17:19:16 2016 Summary: Recommended update for zypper Severity: moderate References: 793424,893833 Description: This update for zypper fixes the following issues: - Fix different data returned in xml and text output of lu/lp commands. (bsc#793424, bsc#893833) - Also report needed but locked patches in 'pchk'. ----------------------------------------- Patch: SUSE-2016-211 Released: Fri Feb 5 14:51:06 2016 Summary: Security update for curl Severity: moderate References: 926511,962983,962996,CVE-2016-0755 Description: This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures ----------------------------------------- Patch: SUSE-2016-216 Released: Fri Feb 5 17:26:23 2016 Summary: Recommended update for perl-Bootloader Severity: moderate References: 956885,958608 Description: This update for perl-Bootloader fixes the following issues: - Strip superfluous '/boot' parts of path if there's a symbolic link 'boot' pointing to '.' (bsc#956885) - Correctly handle quoting in /etc/fstab (bsc#958608) ----------------------------------------- Patch: SUSE-2016-217 Released: Fri Feb 5 17:41:59 2016 Summary: Security update for tiff Severity: moderate References: 960341,964225,CVE-2015-7554,CVE-2015-8781,CVE-2015-8782,CVE-2015-8783 Description: This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) ----------------------------------------- Patch: SUSE-2016-242 Released: Thu Feb 11 11:50:38 2016 Summary: Security update for krb5 Severity: moderate References: 963968,963975,CVE-2015-8629,CVE-2015-8631 Description: This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) ----------------------------------------- Patch: SUSE-2016-254 Released: Fri Feb 12 15:16:47 2016 Summary: Recommended update for timezone Severity: low References: 963921 Description: This update provides the latest timezone information (2016a) for your system, including the following changes: - America/Cayman will not observe daylight saving this year. - Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00. - Asia/Tehran now has DST predictions for the year 2038 and later. - America/Metlakatla switched from PST all year to AKST/AKDT on 2015-11-01 at 02:00. - America/Santa_Isabel has been removed, and replaced with a backward compatibility link to America/Tijuana. - Asia/Karachi's two transition times in 2002 were off by a minute. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2016-January/023106.html ----------------------------------------- Patch: SUSE-2016-268 Released: Tue Feb 16 13:43:59 2016 Summary: Recommended update for sg3_utils Severity: moderate References: 943168,955222 Description: This update for sg3_utils provides several fixes: rescan-scsi-bus.sh: - Enhanced the udevadm_settle function, and changed calls to udevadm trigger to only use sd devices, to prevent it from hanging when a udev event is stuck on a dm-multipath device in recovery mode. - Enhanced findremapped and findmultipath to handle another case where udev might have already updated the scsi id, but multipath has not. - Added retries when flushing removed multipaths, as it can sometimes fail transiently. - Enhanced findresized to print the before and after sizes of multipath devices. - When passing the flag to find remapped LUNs, it will now also try to update the size. sg_inq: - Fixed display of software version and date, and added decoding of additional features for rdac page c2. - Updated decoding of rdac c9 page to be current. sg_rdac: - Added support for rdac extended page 2c and mode select(10) to all functionality. - Fixed mode select(6) logic, as there was an invalid parameter preventing it from working. - Updated feature decoding in print_rdac_mode to be current. - Added -6 flag to force to use 6 byte CDBs. sg_vpd_vendor: - vp_arr[] data structure had rdac incorrectly listed as an EMC array. - Updated rdac page names. - Fixed rdac page c0 decoding to get correct number of bytes for board identifier. - Same fixes and enhancements for decoding as in sg_inq for pages c2 and c9. - Updated rdac pages c3 and c4 decoding to decode additional information. - Updated rdac page c8 to decode initiator transport IDs for FC, SAS, iSCSI, and SRP. ----------------------------------------- Patch: SUSE-2016-274 Released: Tue Feb 16 16:39:06 2016 Summary: Security update for glibc Severity: important References: 930721,942317,950944,956988,961721,962736,962737,962738,962739,CVE-2014-9761,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779 Description: This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr ----------------------------------------- Patch: SUSE-2016-275 Released: Tue Feb 16 17:03:43 2016 Summary: Recommended update for yast2-kdump Severity: low References: 480466,962008,962341 Description: This update for yast2-kdump fixes the following issues: - Preserve existing content of XEN_APPEND in /etc/sysconfig/bootloader. (bsc#962008) - Avoid exporting unknown settings when cloning a system. (bsc#962341, bsc#480466) ----------------------------------------- Patch: SUSE-2016-278 Released: Tue Feb 16 18:33:20 2016 Summary: Security update for dhcp Severity: moderate References: 880984,919959,926159,928390,936923,947780,961305,CVE-2015-8605 Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly ----------------------------------------- Patch: SUSE-2016-283 Released: Thu Feb 18 11:25:07 2016 Summary: Recommended update for kdump Severity: moderate References: 932339,934581,941834,943214,962103 Description: This update for kdump provides the following fixes: - Create a bind mount from /root to /kdump/root. (bsc#962103) - Update kdump initial ram disk at runlevels 3 or 5. (bsc#943214) - Refresh initrd if /etc/hosts is changed. (bsc#943214) - Create symlinks to /root instead of bind mounts. (bsc#941834) - Reload kdump only once if multiple udev events happen in parallel. (bsc#934581) - Fix an endianity issue. (bsc#932339) - Use kernel config to check if a kernel is relocatable. (bsc#932339) ----------------------------------------- Patch: SUSE-2016-347 Released: Mon Feb 29 19:37:58 2016 Summary: Optional update for libsatsolver Severity: low References: Description: Release libsatsolver to the SUSE:SLE-11-SP2:Update codestream to sync versions in ppc and s390. ----------------------------------------- Patch: SUSE-2016-358 Released: Tue Mar 1 16:05:20 2016 Summary: Security update for openssl Severity: important References: 952871,963415,967787,968046,968047,968048,968051,968053,968374,CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0705,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800 Description: This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) ----------------------------------------- Patch: SUSE-2016-428 Released: Mon Mar 14 13:34:23 2016 Summary: Recommended update for zypper Severity: moderate References: 948566,961719,961724,967673,968006 Description: This update for zypper provides the following fixes: - Fix repository import to honor enable and auto-refresh flags. (bsc#967673) - Return error code 106 (ZYPPER_EXIT_INF_REPOS_SKIPPED) if repos were skipped due to a failing refresh. (bsc#968006) - Fix misaligned TAB stops in colored prompts. (bsc#948566) - Return non-zero on unexpected exceptions. (bsc#961724) - Propagate repository refresh errors even if main action succeeded. (bsc#961719) ----------------------------------------- Patch: SUSE-2016-461 Released: Wed Mar 16 14:26:24 2016 Summary: Optional update for wget and wget-openssl1 Severity: low References: 968724 Description: This update delivers an additional a wget version built against openssl1 to enable TLS 1.2 support for https downloads. (FATE#320164 bsc#968724) The main wget package is also updated to use update-alternatives to switch between the version built against openssl 0.9.8j and the one using openssl 1.0.1. The original wget package includes /usr/bin/wget.openssl0 and /usr/bin/wget links to this binary by default. A new package wget-openssl1 is supplied via the SECURITY module, including a /usr/bin/wget.openssl1 binary. To switch /usr/bin/wget to use openssl 1.0.1 and so support TLS 1.2 in https connections use: update-alternatives --set wget /usr/bin/wget.openssl1 to switch back, use: update-alternatives --set wget /usr/bin/wget.openssl0 to display the current state use: update-alternatives --display wget ----------------------------------------- Patch: SUSE-2016-469 Released: Wed Mar 16 21:37:46 2016 Summary: Recommended update for autofs Severity: low References: 952438 Description: This update adds support for sssd lookups to AutoFS. ----------------------------------------- Patch: SUSE-2016-482 Released: Fri Mar 18 16:32:14 2016 Summary: Security update for bind Severity: important References: 970072,970073,CVE-2016-1285,CVE-2016-1286 Description: This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) ----------------------------------------- Patch: SUSE-2016-486 Released: Mon Mar 21 11:05:26 2016 Summary: Security update for samba Severity: important References: 967017,968222,CVE-2015-7560 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). ----------------------------------------- Patch: SUSE-2016-499 Released: Wed Mar 23 13:34:42 2016 Summary: Recommended update for timezone Severity: low References: 971377 Description: This update provides the latest timezone information (2016b) for your system, including the following changes: - New zones Europe/Astrakhan and Europe/Ulyanovsk for Astrakhan and Ulyanovsk Oblasts, Russia, both of which will switch from +03 to +04 on 2016-03-27 at 02:00 local time. - New zone Asia/Barnaul for Altai Krai and Altai Republic, Russia, which will switch from +06 to +07 on the same date and local time. - Asia/Sakhalin moves from +10 to +11 on 2016-03-27 at 02:00. - As a trial of a new system that needs less information to be made up, the new zones use numeric time zone abbreviations like '+04' instead of invented abbreviations like 'ASTT'. - Haiti will not observe DST in 2016. - Palestine's spring-forward transition on 2016-03-26 is at 01:00, not 00:00. - tzselect's diagnostics and checking, and checktab.awk's checking, have been improved. - tzselect now tests Julian-date TZ settings more accurately. ----------------------------------------- Patch: SUSE-2016-502 Released: Wed Mar 23 15:44:58 2016 Summary: Optional update for KIWI build requirements Severity: low References: Description: Release perl-File-Slurp, perl-JSON and perl-Test-Unit-Lite to the SUSE:SLE-11-SP3:Update codestream to satisfy KIWI build dependencies. ----------------------------------------- Patch: SUSE-2016-507 Released: Thu Mar 24 08:59:58 2016 Summary: Optional update for cyrus-sasl Severity: low References: 970494 Description: This update for cyrus-sasl fixes the following issues: - Some missing cyrus-sasl plugins were added. bsc#970494 ----------------------------------------- Patch: SUSE-2016-511 Released: Thu Mar 24 15:43:22 2016 Summary: Recommended update for timezone Severity: low References: 972433 Description: This update provides the latest timezone information (2016c) for your system, including the following changes: - Azerbaijan no longer observes DST (Asia/Baku) - Chile reverts from permanent to seasonal DST This release also includes changes affecting past time stamps and documentation. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2016-March/000037.html ----------------------------------------- Patch: SUSE-2016-519 Released: Wed Mar 30 11:58:36 2016 Summary: Security update for the Linux Kernel Severity: important References: 758040,904035,912738,915183,924919,933782,937444,940017,940946,942082,947128,948330,949298,951392,951815,952976,953369,954992,955308,955654,955837,955925,956084,956375,956514,956708,956949,957986,957988,957990,958000,958463,958886,958906,958912,958951,959190,959312,959399,959649,959705,961500,961509,961516,961658,962965,963276,963561,963765,963767,964201,964818,966094,966137,966437,966693,967042,967972,967973,967974,967975,968011,968012,968013,969307,CVE-2013-7446,CVE-2015-7515,CVE-2015-7550,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen: - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767). - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693). - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes. (bsc#967972). - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013). The following non-security bugs were fixed: - alsa: hda - Add one more node in the EAPD supporting candidate list (bsc#963561). - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137). - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137). - alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137). - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658). - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - nvme: default to 4k device page size (bsc#967042). - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too (bsc#951815). - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also address bsc#966094). - sunrpc: restore fair scheduling to priority queues (bsc#955308). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: pl2303: clean up line-status handling (bnc#959649). - usb: pl2303: only wake up MSR queue on changes (bnc#959649). - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - xen: Update Xen config files (enable upstream block frontend). - ec2: Update kabi files and start tracking ec2 - xen: consolidate and simplify struct xenbus_driver instantiation (bsc#961658 fate#320200). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#933782). - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658 fate#320200). - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818). - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369). - bnx2x: fix DMA API usage (bsc#953369). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#961658 fate#320200). - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#961658 fate#320200). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - ext3: fix data=journal fast mount/umount hang (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no external, 3rd party modules use the symbol and the bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver. (bsc#953369) - kbuild: create directory for dir/file.o (bsc#959312). - llist/xen-blkfront: implement safe version of llist_for_each_entry (bsc#961658 fate#320200). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - pci: Update VPD size with correct length (bsc#958906). - pl2303: fix TIOCMIWAIT (bnc#959649). - pl2303: introduce private disconnect method (bnc#959649). - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514). - s390/cio: collect format 1 channel-path description data (bnc#958000, LTC#136434). - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434). - s390/cio: fix measurement characteristics memleak (bnc#958000, LTC#136434). - s390/cio: update measurement characteristics (bnc#958000, LTC#136434). - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000, LTC#136143). - s390/sclp: Move declarations for sclp_sdias into separate header file (bnc#958000, LTC#136143). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - supported.conf: Add xen-blkfront. - tg3: 5715 does not link up when autoneg off (bsc#904035). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix netpoll race condition (bsc#958912). - xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#961658 fate#320200). - xen-blkfront: Handle discard requests (bsc#961658 fate#320200). - xen-blkfront: If no barrier or flush is supported, use invalid operation (bsc#961658 fate#320200). - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments (bsc#961658 fate#320200). - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658 fate#320200). - xen-blkfront: allow building in our Xen environment (bsc#961658 fate#320200). - xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (bsc#961658 fate#320200). - xen-blkfront: do not add indirect pages to list when !feature_persistent (bsc#961658 fate#320200). - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658 fate#320200). - xen-blkfront: fix a deadlock while handling discard response (bsc#961658 fate#320200). - xen-blkfront: fix accounting of reqs when migrating (bsc#961658 fate#320200). - xen-blkfront: free allocated page (bsc#961658 fate#320200). - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658 fate#320200). - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200). - xen-blkfront: improve aproximation of required grants per request (bsc#961658 fate#320200). - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658 fate#320200). - xen-blkfront: plug device number leak in xlblk_init() error path (bsc#961658 fate#320200). - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200). - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200). - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658 fate#320200). - xen-blkfront: restore the non-persistent data path (bsc#961658 fate#320200). - xen-blkfront: revoke foreign access for grants not mapped by the backend (bsc#961658 fate#320200). - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658 fate#320200). - xen-blkfront: switch from llist to list (bsc#961658 fate#320200). - xen-blkfront: use a different scatterlist for each request (bsc#961658 fate#320200). - xen-block: implement indirect descriptors (bsc#961658 fate#320200). - xen/blk[front|back]: Enhance discard support with secure erasing support (bsc#961658 fate#320200). - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard together (bsc#961658 fate#320200). - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658 fate#320200). - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200). - xen/blkfront: Fix crash if backend does not follow the right states (bsc#961658 fate#320200). - xen/blkfront: do not put bdev right after getting it (bsc#961658 fate#320200). - xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#961658 fate#320200). - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658 fate#320200). - xen/x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bnc#963767). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183). - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479). ----------------------------------------- Patch: SUSE-2016-520 Released: Wed Mar 30 12:02:23 2016 Summary: Optional update for curl-openssl1 Severity: low References: 968726 Description: This update for curl fixes the following issue: A new curl-openssl1 package is supplied in the 11-SECURITY Module, that provides a TLS 1.2 enabled curl binary in alternative to the current curl binary. (FATE#320210 bsc#968726) The new binary is built against openssl1 to support TLS 1.2. To switch /usr/bin/curl to use openssl 1.0.1 and so support TLS 1.2 in https connections use: update-alternatives --set curl /usr/bin/curl.openssl1 to switch back to the old version, use: update-alternatives --set curl /usr/bin/curl.openssl0 to display the current state use: update-alternatives --display curl ----------------------------------------- Patch: SUSE-2016-521 Released: Wed Mar 30 12:04:44 2016 Summary: Recommended update for openldap2 Severity: moderate References: 970085 Description: This update for the openssl1 enabled openldap2 supplies the client binaries also built against openssl1 (ldapsearch, ldapmodify, ldapadd ... ) This enables TLS 1.2 to be used from these LDAP client binaries. These additional binaries are located in /opt/suse/bin, you can change e.g. $PATH to also include /opt/suse/bin or use them explicitly from this location. ----------------------------------------- Patch: SUSE-2016-524 Released: Wed Mar 30 17:05:01 2016 Summary: Security update for gcc5 Severity: moderate References: 939460,945842,953831,955382,962765,964468,966220,968771,CVE-2015-5276 Description: The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The following non-security issues have been fixed: - Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220) - Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468) - Fix HTM built-ins on PowerPC. (bsc#955382) - Fix libgo certificate lookup. (bsc#953831) - Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460) - Revert accidental libffi ABI breakage on aarch64. (bsc#968771) - On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586. - Add experimental File System TS library. ----------------------------------------- Patch: SUSE-2016-549 Released: Mon Apr 4 18:54:05 2016 Summary: Recommended update for release-notes-sles Severity: low References: 961078,961562,962785,966222,970928 Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4: - Document that pmtools/dmidecode is not available on s390x. (bsc#966222) - KMS Graphics Drivers for Matrox G200, AST and Cirrus Chips. (bsc#961078, fate#320344) ----------------------------------------- Patch: SUSE-2016-574 Released: Thu Apr 7 15:44:52 2016 Summary: Recommended update for at Severity: low References: 945124,963434 Description: This update for at fixes the following issues: - Don't loop on corrupted files and prevent their creation. (bsc#945124) - Fix 'time_or_not date inc_or_dec' parsing problems. (bsc#963434) ----------------------------------------- Patch: SUSE-2016-585 Released: Fri Apr 8 15:19:00 2016 Summary: Recommended update for multipath-tools Severity: moderate References: 888378,933282,935312,940431,941405,941954,943157,947845,948929,956349 Description: This update for multipath-tools provides the following fixes: - Do not switch paths on empty multipath tables. (bsc#956349) - Fix hang in 'multipath -f'. (bsc#941954) - Add LIO-ORG/SUSE RBD backend hardware defaults. (bsc#947845) - Do not treat 'transport-offline' paths as 'offline'. (bsc#888378) - Call get_uid() for all paths in libmultipath. (bsc#935312) - Revert patch 'Handle blocked FC rports'. (bsc#941405, bsc#940431) - Reset alias if renaming fails. (bsc#943157) - Wrong sysfs attribute used for iSCSI settings. (bsc#948929) - Fix 'DM_DEVICE_RELOAD' handling in libmultipath. (bsc#933282) ----------------------------------------- Patch: SUSE-2016-603 Released: Tue Apr 12 20:36:15 2016 Summary: Security update for samba Severity: important References: 936862,967017,971965,973031,973032,973033,973034,973036,CVE-2015-5370,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2115,CVE-2016-2118 Description: samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link ----------------------------------------- Patch: SUSE-2016-614 Released: Thu Apr 14 14:39:34 2016 Summary: Recommended update for openssl-certs Severity: moderate References: 973042 Description: The SSL Root Certificate store openssl-certs was updated to version 2.7 of the Mozilla NSS certificate store. (bsc#973042) - Newly added CAs: * CA WoSign ECC Root * Certification Authority of WoSign * Certification Authority of WoSign G2 * Certinomis - Root CA * Certum Trusted Network CA 2 * CFCA EV ROOT * COMODO RSA Certification Authority * DigiCert Assured ID Root G2 * DigiCert Assured ID Root G3 * DigiCert Global Root G2 * DigiCert Global Root G3 * DigiCert Trusted Root G4 * Entrust Root Certification Authority - EC1 * Entrust Root Certification Authority - G2 * GlobalSign * GlobalSign * IdenTrust Commercial Root CA 1 * IdenTrust Public Sector Root CA 1 * OISTE WISeKey Global Root GB CA * QuoVadis Root CA 1 G3 * QuoVadis Root CA 2 G3 * QuoVadis Root CA 3 G3 * Staat der Nederlanden EV Root CA * Staat der Nederlanden Root CA - G3 * S-TRUST Universal Root CA * SZAFIR ROOT CA2 * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 * USERTrust ECC Certification Authority * USERTrust RSA Certification Authority * 沃通根证书 - Removed CAs: * AOL CA * A Trust nQual 03 * Buypass Class 3 CA 1 * CA Disig * Digital Signature Trust Co Global CA 1 * Digital Signature Trust Co Global CA 3 * E Guven Kok Elektronik Sertifika Hizmet Saglayicisi * NetLock Expressz (Class C) Tanusitvanykiado * NetLock Kozjegyzoi (Class A) Tanusitvanykiado * NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado * NetLock Uzleti (Class B) Tanusitvanykiado * SG TRUST SERVICES RACINE * Staat der Nederlanden Root CA * TC TrustCenter Class 2 CA II * TC TrustCenter Universal CA I * TDC Internet Root CA * UTN DATACorp SGC Root CA * Verisign Class 1 Public Primary Certification Authority - G2 * Verisign Class 3 Public Primary Certification Authority * Verisign Class 3 Public Primary Certification Authority - G2 - Removed server trust from: * AC Raíz Certicámara S.A. * ComSign Secured CA * NetLock Uzleti (Class B) Tanusitvanykiado * NetLock Business (Class B) Root * NetLock Expressz (Class C) Tanusitvanykiado * TC TrustCenter Class 3 CA II * TURKTRUST Certificate Services Provider Root 1 * TURKTRUST Certificate Services Provider Root 2 * Equifax Secure Global eBusiness CA-1 * Verisign Class 4 Public Primary Certification Authority G3 - Enable server trust for: * Actalis Authentication Root CA ----------------------------------------- Patch: SUSE-2016-633 Released: Fri Apr 15 17:21:46 2016 Summary: Security update for openssl Severity: important References: 952871,963415,967787,968046,968047,968048,968051,968053,968374,CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0705,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800 Description: This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) ----------------------------------------- Patch: SUSE-2016-635 Released: Mon Apr 18 09:17:07 2016 Summary: Security update for krb5 Severity: moderate References: 971942,CVE-2016-3119 Description: This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) ----------------------------------------- Patch: SUSE-2016-638 Released: Mon Apr 18 12:31:29 2016 Summary: Security update for icu Severity: moderate References: 952260,CVE-2014-9654 Description: This update for icu fixes the following issue: The previous patch for CVE-2014-9654 was incorrect and lead to non-working regular expressions. This update fixes this problem (bsc#952260) ----------------------------------------- Patch: SUSE-2016-641 Released: Tue Apr 19 09:18:55 2016 Summary: Initial release of python-azure-agent Severity: low References: 973427 Description: This update adds the new package python-azure-agent to the Public Cloud 12 Module. The azure-agent supports provisioning and running of Linux VMs in the Microsoft Azure Public Cloud and Microsoft Azure Stack private cloud. This package should be installed on Linux disk images that are built to run within the Microsoft Azure framework. ----------------------------------------- Patch: SUSE-2016-642 Released: Tue Apr 19 09:22:02 2016 Summary: Recommended update for bzip2 Severity: low References: 970260 Description: This update for bzip2 fixes the following issues: - Fix bzgrep wrapper that always returns 0 as exit code when working on multiple archives, even when the pattern is not found. ----------------------------------------- Patch: SUSE-2016-656 Released: Thu Apr 21 07:28:22 2016 Summary: Recommended update for aaa_base Severity: low References: 957794,967377,971567 Description: This update for aaa_base fixes the following issues: - Add /var/log/btmp to package to prevent errors from pam_lastlog. (bsc#967377, bsc#957794) - Fix chkconfig(8) to return 1 when attempting to show status of service that doesn't exist. (bsc#971567) ----------------------------------------- Patch: SUSE-2016-662 Released: Fri Apr 22 15:32:15 2016 Summary: Recommended update for timezone Severity: low References: 975875 Description: This update provides the latest timezone information (2016d) for your system, including the following changes: - Venezuela (America/Caracas) switches from -0430 to -04 on 2016-05-01 at 02:30. - Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00. - New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29 at 02:00. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2016-April/023563.html ----------------------------------------- Patch: SUSE-2016-674 Released: Mon Apr 25 17:38:08 2016 Summary: Security update for freetype2 Severity: moderate References: 945849,947966,CVE-2014-9745,CVE-2014-9747 Description: This update of the freetype2 library fixes two security issues: - An infinite loop in parse_encoding in t1load.c (CVE-2014-9745, bsc#945849) - Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (CVE-2014-9747, bsc#947966) ----------------------------------------- Patch: SUSE-2016-676 Released: Mon Apr 25 18:00:25 2016 Summary: Recommended update for postfix Severity: low References: 947519,947707,972346 Description: This update for postfix fixes the following issues: - Incorrect path to smtp_tls_session_cache_database in SuSEconfig.postfix script. (bsc#972346) - Mail generated by Amavis prevented from being re-addressed by /etc/postfix/virtual. (bsc#947707) - SuSEconfig.postfix should enforce umask 022. (bsc#947519) ----------------------------------------- Patch: SUSE-2016-692 Released: Thu Apr 28 13:42:26 2016 Summary: Recommended update for supportutils Severity: moderate References: 965692,973803 Description: This update for supportutils fixes the following issues: - Fixed service request number length (bsc#973803) - Changed rpm to check for novell_ncp_info (bsc#965692) ----------------------------------------- Patch: SUSE-2016-695 Released: Thu Apr 28 15:45:50 2016 Summary: Security update for ntp Severity: important References: 782060,784760,916617,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981,CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Description: ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - bsc#784760: Remove local clock from default configuration ----------------------------------------- Patch: SUSE-2016-700 Released: Thu Apr 28 16:05:25 2016 Summary: Recommended update for hwinfo Severity: low References: 974737 Description: This update for hwinfo adjusts the DMI parser to read memory size according to the latest SMBIOS spec. (bsc#974737) ----------------------------------------- Patch: SUSE-2016-710 Released: Tue May 3 16:21:54 2016 Summary: Security update for libxml2 Severity: moderate References: 972335,975947,CVE-2016-3627 Description: This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) ----------------------------------------- Patch: SUSE-2016-750 Released: Wed May 11 14:25:29 2016 Summary: Recommended update for avahi Severity: low References: 941761,947140 Description: This update for avahi fixes the following issues: - Do not log errors for every invalid packet received. ----------------------------------------- Patch: SUSE-2016-751 Released: Wed May 11 14:37:31 2016 Summary: Security update for ntp Severity: important References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464,CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Description: This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 Bugs fixed: - Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226). ----------------------------------------- Patch: SUSE-2016-754 Released: Wed May 11 15:18:26 2016 Summary: Recommended update for cyrus-sasl-openssl1 Severity: low References: 961377 Description: This update supplies the cyrus-sasl openssl1 based libraries for Teradata. ----------------------------------------- Patch: SUSE-2016-763 Released: Thu May 12 16:56:45 2016 Summary: Security update for openssl Severity: important References: 889013,968050,976942,976943,977614,977615,977617,CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling ----------------------------------------- Patch: SUSE-2016-804 Released: Thu May 19 22:39:11 2016 Summary: Recommended update for nfs-utils Severity: low References: 931308,945937,947852,948346 Description: This update for nfs-utils fixes the following issues: - Improve gss correctness when client/server clocks are scewed (bsc#931308) - Fix NFS server problems when large numbers of netgroups are used (bsc#948346) - mount.nfs should fail if statd is being slow to start due to DNS issues (bsc#945937) - nfs.init: pass $RPC_PIPEFS_DIR to idmap when 'try-restart' or 'condrestart' called (bsc#947852) ----------------------------------------- Patch: SUSE-2016-846 Released: Fri May 27 11:57:52 2016 Summary: Recommended update for glib2 Severity: moderate References: 846912,929542,931445,956599,970694 Description: This update for glib2 provides the following fixes: - Fix file descriptor leak when GSocketClient fails to connect asynchronously. (bsc#956599) - Add -lrt and PCRE libraries to link flags in glib-2.0.pc.in. (bsc#929542) - Add glibconfig.h to the -devel-32bit packages and ship them for x86_64 and s390x. (bsc#970694) - Relax g_thread_init() requirements so it can be called multiple times. (bsc#931445, bsc#846912) ----------------------------------------- Patch: SUSE-2016-851 Released: Fri May 27 18:39:02 2016 Summary: Recommended update for wget Severity: moderate References: 935935,977425 Description: This update for wget fixes the following issues: For wget-openssl1: - Allow enforcing tls 1.1 and 1.2 via commandline options. (bsc#977425) --secure-protocol=tlsv1_1 or --secure-protocol=tlsv1_2 - Make the wget-openssl1 a higher prioritized alternative than the wget-openssl0 build. This will enabled the TLS 1.2 wget as soon as the wget-openssl1 package is installed. (bsc#977425) For both wget and wget-openssl1: - Support the TLS SNI (Server Name Indication) extension (bsc#935935) ----------------------------------------- Patch: SUSE-2016-852 Released: Fri May 27 18:41:46 2016 Summary: Recommended update for curl, curl-openssl1 Severity: moderate References: 977409 Description: This update for curl fixes the following issues: - Report the correct TLS version in use when using verbose mode (-v). (bsc#977409) For the TLS 1.2 enabled version to be found in curl-openssl1 (in the SECURITY Module): - Allow enforcing TLS 1.1 or 1.2 on the curl commandline, using --tlsv1.1 or --tlsv1.2. (bsc#977409) ----------------------------------------- Patch: SUSE-2016-873 Released: Wed Jun 1 17:37:36 2016 Summary: Recommended update for multipath-tools Severity: important References: 980933 Description: This update for multipath-tools fixes a regression introduced with the previous update. After a single path loss, multipath could loose the complete map. ----------------------------------------- Patch: SUSE-2016-899 Released: Tue Jun 7 10:57:29 2016 Summary: Security update for libksba Severity: moderate References: 979261,979906,CVE-2016-4574,CVE-2016-4579 Description: This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. ----------------------------------------- Patch: SUSE-2016-902 Released: Tue Jun 7 13:42:12 2016 Summary: Security update for expat Severity: important References: 979441,980391,CVE-2015-1283,CVE-2016-0718 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) ----------------------------------------- Patch: SUSE-2016-904 Released: Tue Jun 7 15:17:41 2016 Summary: Security update for supportutils Severity: moderate References: 980670,CVE-2016-1602 Description: supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). ----------------------------------------- Patch: SUSE-2016-906 Released: Wed Jun 8 12:46:04 2016 Summary: Security update for openssh Severity: moderate References: 729190,932483,948902,960414,961368,961494,962313,965576,970632,975865,CVE-2015-8325,CVE-2016-1908,CVE-2016-3115 Description: openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions (bsc#970632). - CVE-2016-1908: Possible fallback from untrusted to trusted X11 forwarding (bsc#962313). - CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes (bsc#975865). These non-security issues were fixed: - Correctly parse GSSAPI KEX algorithms (bsc#961368) - More verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - Fix PRNG re-seeding (bsc#960414, bsc#729190) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow empty Match blocks (bsc#961494) ----------------------------------------- Patch: SUSE-2016-908 Released: Wed Jun 8 13:48:02 2016 Summary: Recommended update for irqbalance Severity: moderate References: 949276 Description: This update for irqbalance fixes the following issues: - Add parameter IRQBALANCE_ARGS to sysconfig file, allowing users to pass arbitrary parameters to the daemon. (bsc#949276) - Balance correctly IRQs reappearing. (bsc#949276) - Classify PCI Sub-Class for better performance. (bsc#949276) - Continuously balance single socket systems. (bsc#949276) - Fix CPU hotplug segmentation fault. (bsc#949276) - NUMA is not available fix. (bsc#949276) - Follow latest PCI class code spec. (bsc#949276) - Make irqbalance work with Xen PV guest. (bsc#949276) - Re-calibrate some IRQ classes and levels. (bsc#949276) ----------------------------------------- Patch: SUSE-2016-910 Released: Wed Jun 8 13:57:30 2016 Summary: Recommended update for glib2, pango Severity: low References: 978972,981957 Description: This update for glib2 and pango provides the following fixes: - Ignore postun/postin errors in 32bit case too. (bsc#978972) - Add missing pcre-devel dependency to glib2-devel. (bsc#981957) ----------------------------------------- Patch: SUSE-2016-919 Released: Fri Jun 10 11:34:12 2016 Summary: Security update for bind Severity: important References: 970072,970073,CVE-2016-1285,CVE-2016-1286 Description: This update for bind fixes two assertion failures that could lead to a remote denial of service attack: - CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) - CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) ----------------------------------------- Patch: SUSE-2016-939 Released: Wed Jun 15 10:36:07 2016 Summary: Security update for ntp Severity: important References: 979302,981422,982056,982064,982065,982066,982067,982068,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957 Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. ----------------------------------------- Patch: SUSE-2016-948 Released: Thu Jun 16 15:32:20 2016 Summary: Security update for libtasn1 Severity: moderate References: 929414,961491,982779,CVE-2015-3622,CVE-2016-4008 Description: This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) ----------------------------------------- Patch: SUSE-2016-952 Released: Fri Jun 17 11:20:41 2016 Summary: Security update for libxml2 Severity: important References: 963963,965283,978395,981040,981041,981108,981109,981111,981112,981114,981115,981548,981549,981550,CVE-2015-8806,CVE-2016-1762,CVE-2016-1833,CVE-2016-1834,CVE-2016-1835,CVE-2016-1837,CVE-2016-1838,CVE-2016-1839,CVE-2016-1840,CVE-2016-2073,CVE-2016-3705,CVE-2016-4447,CVE-2016-4448,CVE-2016-4449,CVE-2016-4483 Description: This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. ----------------------------------------- Patch: SUSE-2016-978 Released: Tue Jun 21 12:32:11 2016 Summary: Security update for pam Severity: moderate References: 854480,934920,962220,CVE-2013-7041,CVE-2015-3238 Description: This update for pam fixes two security issues. These security issues were fixed: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920). - CVE-2013-7041: Compare password hashes case-sensitively (bsc#854480). This non-security issue was fixed: - bsc#962220: Don't fail when /var/log/btmp is corrupted ----------------------------------------- Patch: SUSE-2016-994 Released: Fri Jun 24 12:33:41 2016 Summary: Security update for the Linux Kernel Severity: important References: 676471,866130,898592,936530,940413,944309,946122,949752,953369,956491,956852,957986,957988,957990,959381,960458,960857,961512,961518,963762,963998,965319,965860,965923,966245,967863,967914,968010,968018,968141,968500,968566,968670,968687,969149,969391,969571,970114,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,971433,971446,971729,971944,971947,971989,972363,973237,973378,973556,973570,974646,974787,975358,975772,975945,976739,976868,978401,978821,978822,979213,979274,979347,979419,979548,979595,979867,979879,980371,980725,980788,980931,981231,981267,982532,982691,983143,983213,984107,CVE-2015-7566,CVE-2015-8816,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4913,CVE-2016-5244 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable changes in this kernel: - It is now possible to mount a NFS export on the exporting host directly. The following security bugs were fixed: - CVE-2016-5244: A kernel information leak in rds_inc_info_copy was fixed that could leak kernel stack memory to userspace (bsc#983213). - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacked a bulk-out endpoint (bnc#961512). The following non-security bugs were fixed: - acpi / PCI: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: hrtimer: Handle start/stop more properly (bsc#973378). - alsa: oxygen: add Xonar DGX support (bsc#982691). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying and updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.patch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hid-elo: kill not flush the work (bnc#982532). - hpsa: fix issues with multilun devices (bsc#959381). - hv: Assign correct ->can_queue value in hv_storvsc (bnc#969391) - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - Import kabi files from kernel 3.0.101-71 - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - ipvs: count pre-established TCP states as active (bsc#970114). - isofs: Revert 'get_rock_ridge_filename(): handle malformed NM entries' This reverts commit cb6ce3ec7a964e56da9ba9cd3c9f0e708b5c3b2c. It should have never landed in the tree (we already have the patch via c63531c60ff that came through CVE branch), but I messed up the merge. - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - llist: Add llist_next(). - make vfree() safe to call from interrupt contexts . - memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one 'from' address not marked synced (bsc#971433). - NFS4: treat lock owners as opaque values (bnc#968141). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFSd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - NFSd: do not fail unchecked creates of non-special files (bsc#973237). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFS: use smaller allocations for 'struct idmap' (bsc#965923). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nvme: fix max_segments integer truncation (bsc#676471). - NVMe: Unify controller probe and resume (bsc#979347). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - PCI: Move pci_ari_enabled() to global header (bsc#968566). - RDMA/ucma: Fix AB-BA deadlock (bsc#963998). - Restore kabi after lock-owner change (bnc#968141). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - SCSI mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - Tidy series.conf, p5 Only one last patch which can be moved easily. There are some more x86-related things left at the end but moving them won't be that trivial. - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592). ----------------------------------------- Patch: SUSE-2016-995 Released: Fri Jun 24 14:35:13 2016 Summary: Recommended update for xfsprogs Severity: moderate References: 966084 Description: This update for xfsprogs provides the following fixes: - Adjust superblock buffers to be sector sized. This fixes a potential crash in xfs_repair. (bsc#966084) ----------------------------------------- Patch: SUSE-2016-1050 Released: Wed Jul 13 15:16:10 2016 Summary: Recommended update for timezone Severity: moderate References: 982833,987720 Description: This update provides the latest timezone information (2016f) for your system, including the following changes: - Egypt (Africa/Cairo) DST change 2016-07-07 cancelled (bsc#982833, bsc#987720) - Asia/Novosibirsk switches from +06 to +07 on 2016-07-24 02:00 - Asia/Novokuznetsk and Asia/Novosibirsk now use numeric time zone abbreviations instead of invented ones - Europe/Minsk's 1992-03-29 spring-forward transition was at 02:00 not 00:00 Changes from timezone update 2016e are also included: - Changes affecting past timestamps in arctic and antarctic locations while uninhabited - Adjust Asia/Baku's 1992 DST transition - zic now outputs a dummy transition at time 2**31 - 1 in zones whose POSIX-style TZ strings contain a '<', working around Qt bug 53071 ----------------------------------------- Patch: SUSE-2016-1053 Released: Thu Jul 14 11:22:31 2016 Summary: Recommended update for pango Severity: low References: 978972 Description: This update for glib2 and pango provides the following fixes: - Ignore postun/postin errors in 32bit case too. (bsc#978972) ----------------------------------------- Patch: SUSE-2016-1069 Released: Mon Jul 18 16:35:57 2016 Summary: Recommended update for e2fsprogs Severity: moderate References: 982717 Description: This update for e2fsprogs fixes the following issues: - Fix overflow when computing number of reserved groups (bsc#982717) ----------------------------------------- Patch: SUSE-2016-1077 Released: Wed Jul 20 14:16:04 2016 Summary: Recommended update for libzypp, zypper Severity: moderate References: 933760,964932,971637,980263,984494,986694 Description: This update for libzypp and zypper provides the following fixes: libzypp: - Fix bug in removeRepository which may keep an empty .repo file rather than deleting it. (bsc#984494) - Fix credential file parser losing entries with known URL but different user name. (bsc#933760) - RepoManager: Allow extraction of multiple baseurls for service repositories. (bsc#964932) - Use PluginExecutor for commit- and system-hooks. (bsc#971637) zypper: - Ignore unknown package names in non interactive remove-command. (bsc#980263) - Fix Brazilian Portuguese translation of options' prompt. (bsc#986694) ----------------------------------------- Patch: SUSE-2016-1079 Released: Wed Jul 20 15:05:46 2016 Summary: Recommended update for libtirpc Severity: low References: 981429 Description: This update for libtirpc fixes the following issues: - Close all file descriptors when the connection closes. (bsc#981429) ----------------------------------------- Patch: SUSE-2016-1081 Released: Wed Jul 20 18:27:00 2016 Summary: Recommended update for device-mapper Severity: low References: 960344 Description: This update for device-mapper fixes the following issues: - Do not output error message inside retry loops to avoid noisy error message being output inside retry loops in case of remove failure because device busy. (bsc#960344) ----------------------------------------- Patch: SUSE-2016-1093 Released: Mon Jul 25 11:14:24 2016 Summary: Security update for rsync Severity: moderate References: 915410,CVE-2014-9512 Description: rsync was updated to fix one security issue. - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410). ----------------------------------------- Patch: SUSE-2016-1105 Released: Wed Jul 27 11:36:57 2016 Summary: Recommended update for python-azure-agent Severity: low References: 974899,980789,980790,988743,989789,990424,990489 Description: This update provides python-azure-agent version 2.1.5 and fixes the following issues: - Fix a bug for internal extension version resolving. - Removed tests from /usr/lib/python2.7/site-packages/tests. (bsc#974899) - Removed conflict with NetworkManager. (bsc#988743) - Replace Conflicts with WALinuxAgent with Provides, Obsoletes pair (bsc#990424, bsc#990489) For a detailed description of all fixes and improvements, please refer to the changelog. ----------------------------------------- Patch: SUSE-2016-1135 Released: Tue Aug 2 13:40:40 2016 Summary: Security update for bsdtar Severity: important References: 920870,984990,985609,985669,985675,985682,985698,CVE-2015-2304,CVE-2015-8918,CVE-2015-8920,CVE-2015-8921,CVE-2015-8924,CVE-2015-8929,CVE-2016-4809 Description: bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). ----------------------------------------- Patch: SUSE-2016-1136 Released: Tue Aug 2 15:28:44 2016 Summary: Recommended update for pmtools Severity: low References: 955705,974862 Description: This update for pmtools fixes the following issues: - Skip the SMBIOS version comparison in quiet mode. (bsc#974862) - Add support for DDR4 memory type. (bsc#955705) ----------------------------------------- Patch: SUSE-2016-1144 Released: Wed Aug 3 16:52:05 2016 Summary: Recommended update for freetype2 and libqt4 Severity: low References: 865241,967455 Description: This update for freetype2 and libqt4 fixes the following issues: - Fix memory leaks as well as font handling issues (bsc#967455). - Fix issue of showing the user badly defined fonts by removing xlfd fonts support since that set of fonts is old and unmaintained (bsc#967455). ----------------------------------------- Patch: SUSE-2016-1194 Released: Tue Aug 9 17:22:53 2016 Summary: Security update for the Linux Kernel Severity: important References: 909589,954847,971030,974620,979915,982544,983721,984755,986362,986572,988498,CVE-2016-4470,CVE-2016-4997,CVE-2016-5829 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589). - RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589). - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589). - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589). - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589). - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589). - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589). - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589). - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544). - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240). - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: Fix DIF failures on ext3 filesystems (bsc#971030). - net/qlge: Avoids recursive EEH error (bsc#954847). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626). - s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). ----------------------------------------- Patch: SUSE-2016-1196 Released: Wed Aug 10 09:03:22 2016 Summary: Security update for sqlite3 Severity: moderate References: 987394,CVE-2016-6153 Description: This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) ----------------------------------------- Patch: SUSE-2016-1198 Released: Wed Aug 10 13:38:17 2016 Summary: Security update for dhcp Severity: moderate References: 969820,CVE-2016-2774 Description: This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). ----------------------------------------- Patch: SUSE-2016-1200 Released: Thu Aug 11 13:23:31 2016 Summary: Recommended update for python-azure-agent Severity: low References: 992796,992797 Description: The initialization code for Azure uses the 'eject' command to send a SCSI bus command to the framework, indicating that the mounted ISO file used as the configuration passing mechanism is no longer needed. This update adds the 'eject' package as a dependency of python-azure-agent to ensure eject(1) will be always available. ----------------------------------------- Patch: SUSE-2016-1262 Released: Wed Aug 24 13:54:58 2016 Summary: Security update for dosfstools Severity: moderate References: 980364,980377,CVE-2015-8872,CVE-2016-4804 Description: dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an 'off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). ----------------------------------------- Patch: SUSE-2016-1268 Released: Wed Aug 24 16:39:36 2016 Summary: Recommended update for timezone Severity: low References: 988184 Description: This update for timezone adds a positive leap second at the end of 2016-12-31. ----------------------------------------- Patch: SUSE-2016-1272 Released: Thu Aug 25 15:03:55 2016 Summary: Security update for glibc Severity: moderate References: 931399,965699,969727,973010,973164,973179,980483,980854,986302,CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429 Description: This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) ----------------------------------------- Patch: SUSE-2016-1275 Released: Thu Aug 25 23:58:27 2016 Summary: Recommended update for krb5 Severity: moderate References: 954470 Description: This update for krb5 fixes a few memory leaks: - If the system runs out of memory, gssint_convert_name_to_union_name() did not set the output error status and potentially caused callers to misbehave. - Function gss_accept_sec_context() calculated the display name from return value of gssint_convert_name_to_union_name(), however it did not always release the name. ----------------------------------------- Patch: SUSE-2016-1280 Released: Fri Aug 26 16:27:43 2016 Summary: Recommended update for autofs Severity: moderate References: 955477,968791,968918 Description: This update for AutoFS provides the following fixes and enhancements: - Add a new configuration option ($USE_HOSTNAME_FOR_MOUNTS) to enable the use of fully qualified domain names in mounts. (bsc#968791) - Link the LDAP lookup module against the reentrant version of the LDAP library (libldap_r), fixing some rare race conditions that could lead to segmentation faults. (bsc#955477) - Fix spurious ELOOP errors caused by incorrect error handling in the NSS lookup module. (bsc#968918) ----------------------------------------- Patch: SUSE-2016-1291 Released: Tue Aug 30 09:30:54 2016 Summary: Security update for fontconfig Severity: low References: 992534,CVE-2016-5384 Description: This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] ----------------------------------------- Patch: SUSE-2016-1307 Released: Fri Sep 2 09:01:19 2016 Summary: Security update for cracklib Severity: moderate References: 928923,992966,CVE-2016-6318 Description: This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) ----------------------------------------- Patch: SUSE-2016-1317 Released: Tue Sep 6 11:26:33 2016 Summary: Security update for perl Severity: moderate References: 929027,967082,987887,988311,CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185 Description: This update for perl fixes the following issues: - CVE-2016-6185: xsloader looking at a '(eval)' directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [bsc#967082] - perl panic with utf8_mg_pos_cache_update [bsc#929027] ----------------------------------------- Patch: SUSE-2016-1329 Released: Fri Sep 9 08:12:28 2016 Summary: Security update for python Severity: moderate References: 984751,985348,989523,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5699 Description: This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) ----------------------------------------- Patch: SUSE-2016-1333 Released: Fri Sep 9 15:41:01 2016 Summary: Security update for openssh Severity: moderate References: 948902,981654,989363,992533,CVE-2016-6210,CVE-2016-6515 Description: This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) - CVE-2016-6515: Limiting the accepted password length to prevent possible DoS (bsc#992533) Bug fixes: - avoid complaining about unset DISPLAY variable (bsc#981654) ----------------------------------------- Patch: SUSE-2016-1340 Released: Mon Sep 12 12:02:51 2016 Summary: Security update for libidn Severity: moderate References: 923241,990189,990190,990191,CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Description: This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) ----------------------------------------- Patch: SUSE-2016-1343 Released: Tue Sep 13 10:59:33 2016 Summary: Recommended update for yast2-ntp-client Severity: low References: 960455 Description: This update for yast2-ntp-client fixes the following issues: - Sntp uses '-K /dev/null' if the kod file doesn't exist. (bsc#960455) ----------------------------------------- Patch: SUSE-2016-1345 Released: Tue Sep 13 19:59:45 2016 Summary: Recommended update for samba Severity: moderate References: 975131,978898 Description: This update for samba provides the following fixes: - Honor smb.conf socket options in winbind. (bsc#975131) - Fix crash with net rpc join. (bsc#978898) - Fix a regression verifying the security trailer. (bsc#978898) - Fix updating netlogon credentials. (bsc#978898) ----------------------------------------- Patch: SUSE-2016-1354 Released: Thu Sep 15 14:50:53 2016 Summary: Recommended update for pciutils Severity: low References: 990050 Description: This update for pciutils fixes the following issues: - lspci(8) used to replace long names with 'pci_lookup_name: buffer too small'. Instead of that, it will now truncate the name and append '...' at the end. ----------------------------------------- Patch: SUSE-2016-1371 Released: Wed Sep 21 13:52:33 2016 Summary: Security update for libgcrypt Severity: moderate References: 994157,CVE-2016-6313 Description: This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) ----------------------------------------- Patch: SUSE-2016-1376 Released: Thu Sep 22 22:40:24 2016 Summary: Recommended update for aaa_base Severity: moderate References: 996442 Description: This update for aaa_base fixes the following issues: - Fix regression from previous change: wrong return code of chkconfig (bsc#996442) ----------------------------------------- Patch: SUSE-2016-1377 Released: Fri Sep 23 11:48:29 2016 Summary: Security update for yast2-storage Severity: moderate References: 937942,984245,986971,996208,CVE-2016-5746 Description: This update for yast2-storage provides the following fixes: Security issues fixed: - Use standard IPC, and not temporary files, to pass passwords between processes. (bsc#986971, CVE-2016-5746) Non security bugs fixed: - Fix usage of complete multipath disk as LVM physical volume. (bsc#984245) - Load the correct multipath module (dm-multipath). (bsc#937942) - Improve message for creating volumes with a filesystem but without a mount point. (bsc#996208) ----------------------------------------- Patch: SUSE-2016-1380 Released: Fri Sep 23 14:54:48 2016 Summary: Security update for wget Severity: moderate References: 958342,984060,995964,CVE-2016-4971,CVE-2016-7098 Description: This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) ----------------------------------------- Patch: SUSE-2016-1389 Released: Tue Sep 27 13:25:10 2016 Summary: Optional update for several packages Severity: low References: 995609 Description: The following packages have been rebuilt in order to increase their release numbers to the same level as the corresponding updates released for SLES 11-SP1-LTSS. These updates contain no code changes. - Mesa - e2fsprogs - multipath-tools - mysql - quagga - quota - udev - xorg-x11-libX11 - xorg-x11-libXext - xorg-x11-libXfixes - xorg-x11-libXp - xorg-x11-libXrender - xorg-x11-libXt - xorg-x11-libXv - xorg-x11-libxcb - xorg-x11-proto-devel ----------------------------------------- Patch: SUSE-2016-1392 Released: Tue Sep 27 15:19:45 2016 Summary: Recommended update for lsof Severity: moderate References: 995061 Description: This update for lsof provides the following fixes: - Prevent 'lsof -b' from hanging when NFS server is unavailable. (bsc#995061) ----------------------------------------- Patch: SUSE-2016-1401 Released: Tue Sep 27 18:17:40 2016 Summary: Security update for bind Severity: critical References: 1000362,CVE-2016-2776 Description: The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) ----------------------------------------- Patch: SUSE-2016-1408 Released: Thu Sep 29 13:12:52 2016 Summary: Recommended update for libxml2 Severity: moderate References: 996079,CVE-2014-0191 Description: This update for libxml2 fixes an issue when processing external entities introduced with the fix for CVE-2014-0191. ----------------------------------------- Patch: SUSE-2016-1414 Released: Thu Sep 29 17:17:02 2016 Summary: Recommended update for irqbalance Severity: moderate References: 1000291,996056 Description: This update for irqbalance fixes the following issues: - A potential segmentation fault due to incorrect error handling. (bsc#996056) - A memory leak on systems without PCI devices like AWS EC2 PV VMs. (bsc#1000291) ----------------------------------------- Patch: SUSE-2016-1426 Released: Tue Oct 4 13:45:12 2016 Summary: Security update for curl Severity: moderate References: 991389,991390,997420,CVE-2016-5419,CVE-2016-5420,CVE-2016-7141 Description: This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). ----------------------------------------- Patch: SUSE-2016-1432 Released: Wed Oct 5 14:15:36 2016 Summary: Security update for openssl Severity: important References: 979475,982575,983249,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306 Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) ----------------------------------------- Patch: SUSE-2016-1453 Released: Mon Oct 10 13:53:51 2016 Summary: Recommended update for python-azure-agent Severity: moderate References: 994592 Description: This update for python-azure-agent provides the following fixes and enhancements: - Correctly assign IP address to the high speed network interface on Azure's A8 instances. (bsc#994592) - Improved RDMA support. - Extension state migration. - Disabled auto-update. - Enforce http proxy support for calls to storage. - Stop disabling SELinux during provisioning. - Fix partition table race condition. - Fix latest version selection. - Fix extension substatus structure. - Fix shlex related update bug in Python 2.6. - Correct behavior of register-service. - AzureStack fixes. - Support xfs filesystem. - Correct service start/restart behavior. - Support for disabling provisioning. - Stop spamming journal with pidof dhclient related messages. - Add goal state processor to the version output. - Fix walinuxagent.service's Want, After. - Ensure to load latest agents. - Correct proxy port type. ----------------------------------------- Patch: SUSE-2016-1455 Released: Mon Oct 10 16:33:55 2016 Summary: Recommended update for timezone Severity: low References: 997830 Description: This update provides the latest timezone information for your system, including the following changes: - Turkey will remain on UTC+03 after 2016-10-30. (bsc#997830) ----------------------------------------- Patch: SUSE-2016-1472 Released: Thu Oct 13 13:58:44 2016 Summary: Security update for tiff Severity: moderate References: 973340,974449,974614,974618,975069,984808,984831,984837,984842,987351,CVE-2016-3186,CVE-2016-3622,CVE-2016-3623,CVE-2016-3945,CVE-2016-3990,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875 Description: This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831) - CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837) - CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842) - CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808) - CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340) ----------------------------------------- Patch: SUSE-2016-1477 Released: Thu Oct 13 17:56:04 2016 Summary: Security update for gtk2 Severity: moderate References: 966682,988745,991450,CVE-2013-7447,CVE-2016-6352 Description: This update for gtk2 fixes the following security issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). ----------------------------------------- Patch: SUSE-2016-1498 Released: Wed Oct 19 11:12:00 2016 Summary: Recommended update for ksh Severity: moderate References: 964966,982423,988213 Description: This update for ksh provides the following fixes: - Fix locking error in spawn implementation. (bsc#988213) - Fix editor prediction code garbling input. (bsc#964966) - Fix leak in optimize processing. (bsc#982423) ----------------------------------------- Patch: SUSE-2016-1507 Released: Wed Oct 19 21:03:19 2016 Summary: Recommended update for crash Severity: low References: 1001596 Description: This update for crash provides the following fixes: - Fix backtrace command output on ppc64. On big-endian machines the output was just a one-line error. (bsc#1001596) ----------------------------------------- Patch: SUSE-2016-1516 Released: Fri Oct 21 13:52:30 2016 Summary: Security update for the Linux Kernel Severity: important References: 1004418,CVE-2016-5195 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). ----------------------------------------- Patch: SUSE-2016-1556 Released: Wed Oct 26 14:39:59 2016 Summary: Security update for libxml2 Severity: moderate References: 1005544,CVE-2016-4658 Description: This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). ----------------------------------------- Patch: SUSE-2016-1583 Released: Mon Oct 31 16:49:30 2016 Summary: Optional update for glibc Severity: low References: 1007553 Description: This update for glibc contains no source changes. The package has been rebuilt to include glibc.nosrc.rpm, which was not included in previous updates. ----------------------------------------- Patch: SUSE-2016-1585 Released: Tue Nov 1 10:31:13 2016 Summary: Recommended update for wget Severity: low References: 1005091 Description: This update for wget provides the following fixes: - Don't call xfree() on string returned by usr_error(). Fixes a segmentation fault. (bsc#1005091) ----------------------------------------- Patch: SUSE-2016-1597 Released: Wed Nov 2 17:38:13 2016 Summary: Security update for bind Severity: important References: 1007829,965748,CVE-2016-8864 Description: This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) ----------------------------------------- Patch: SUSE-2016-1600 Released: Thu Nov 3 11:57:27 2016 Summary: Security update for curl Severity: important References: 1005633,1005634,1005635,1005637,1005638,1005642,1005645,1005646,998760,CVE-2016-7167,CVE-2016-8615,CVE-2016-8616,CVE-2016-8617,CVE-2016-8618,CVE-2016-8619,CVE-2016-8620,CVE-2016-8621,CVE-2016-8622,CVE-2016-8623,CVE-2016-8624 Description: This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) ----------------------------------------- Patch: SUSE-2016-1604 Released: Thu Nov 3 20:24:36 2016 Summary: Recommended update for parted Severity: moderate References: 1001967,964012,968302 Description: This update for parted provides the following fixes: - Don't warn if the HDIO_GET_IDENTITY ioctl isn't supported. (bsc#964012, bsc#1001967) - Avoid the HDIO_GETGEO ioctl when possible. (bsc#968302) ----------------------------------------- Patch: SUSE-2016-1637 Released: Thu Nov 10 17:26:51 2016 Summary: Recommended update for timezone Severity: low References: 1007725,1007726 Description: This update provides the latest timezone information (2016i) for your system, including the following changes: - Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on 2017-01-15 at 03:00. (bsc#1007725) - Northern Cyprus is now +03 year round, causing a split in Cyprus time zones starting 2016-10-30 at 04:00. This creates a zone Asia/Famagusta. (bsc#1007726) - Antarctica/Casey switched from +08 to +11 on 2016-10-22. - Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not 2016-10-21 at 00:00. - Asia/Colombo now uses numeric time zone abbreviations. ----------------------------------------- Patch: SUSE-2016-1664 Released: Thu Nov 17 12:55:55 2016 Summary: Recommended update for yast2-core Severity: moderate References: 429326 Description: This update for yast2-core provides the following fixes: - Do not fail to parse when an Optional syntax meets EOF. In some circumstances (e.g. fstab without a trailing newline), YaST could write the file incorrectly, loosing lines. (bsc#429326) ----------------------------------------- Patch: SUSE-2016-1687 Released: Wed Nov 23 15:34:20 2016 Summary: Security update for sudo Severity: moderate References: 1007501,1007766,1008043,948973,966755,CVE-2016-7032,CVE-2016-7076 Description: This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionally crash sudo with an 'internal error'. This issue has been fixed. [bsc#948973] - The SSSD plugin would occasionally apply @netgroups rules from LDAP to all users rather than the @netgroup. This issue is now fixed. [bsc#966755] - When the SSSD plugin was used and a local user ran sudo, an e-mail used to be sent to administrator because SSSD did not support sudo rules for local users. This message did not signify an error, however, it was only noise. [bsc#1008043] ----------------------------------------- Patch: SUSE-2016-1706 Released: Fri Nov 25 16:00:18 2016 Summary: Recommended update for sg3_utils Severity: low References: 958369,981452 Description: This update for sg3_utils fixes the following issues: - In some circumstances, the rescan-scsi-bus.sh script failed to identify new LUNs that have been added to the server. (bsc#958369) - The rescan-scsi-bus.sh script used to print all existing LUNs and scan all new LUNs instead of only those specified with the --luns command line option. (bsc#981452) ----------------------------------------- Patch: SUSE-2016-1720 Released: Tue Nov 29 13:11:33 2016 Summary: Security update for vim Severity: important References: 1010685,CVE-2016-1248 Description: This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability (bsc#1010685) ----------------------------------------- Patch: SUSE-2016-1730 Released: Wed Nov 30 14:58:51 2016 Summary: Recommended update for timezone Severity: low References: 1011797 Description: This update provides the latest timezone information (2016j) for your system, including the following changes: - Saratov, Russia switches from +03 to +04 on 2016-12-04 at 02:00. This change introduces a new zone Europe/Saratov split from Europe/Volgograd. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2016-November/000044.html ----------------------------------------- Patch: SUSE-2016-1739 Released: Fri Dec 2 11:23:40 2016 Summary: Recommended update for aaa_base Severity: low References: 1011548,996442 Description: This update for aaa_base fixes the following issues: - Use full path to lsinitrd(1), as /sbin might not be in the default $PATH. (bsc#1011548) - Do not list xinetd based services twice. (bsc#996442) ----------------------------------------- Patch: SUSE-2016-1745 Released: Fri Dec 2 12:03:41 2016 Summary: Security update for the Linux Kernel Severity: important References: 1000189,1001419,1002165,1003077,1003344,1003568,1003677,1003866,1003925,1004517,1004520,1005857,1005896,1005903,1006917,1006919,1007944,763198,771065,799133,803320,839104,843236,860441,863873,865783,871728,907611,908458,908684,909077,909350,909484,909618,909994,911687,915183,920016,922634,922947,928138,929141,934760,951392,956514,960689,963655,967716,968010,968014,971975,971989,973203,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986337,986362,986365,986445,987565,988440,989152,989261,989764,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,995968,996329,996664,997708,998399,998689,999584,999600,999907,999932,CVE-2013-4312,CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-3841,CVE-2016-4997,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. (FATE#319026) The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104 bsc#922947 bsc#968014). The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg (fate#319286). - ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (fate#319286). - alsa: hda - Add Intel Lewisburg device IDs Audio (fate#319286). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - avoid dentry crash triggered by NFS (bsc#984194). - bigmem: Add switch to configure bigmem patches (bsc#928138,fate#319026). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bnx2x: fix lockdep splat (bsc#908684 FATE#317539). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() (FATE#313903). - dm thin: fix race condition when destroying thin pool workqueue (FATE#313903). - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - drivers: hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - drivers: hv: vmbus: handle various crash scenarios (bnc#986337). - drivers: hv: vmbus: remove code duplication in message handling (bnc#986337). - drivers: hv: vss: run only on supported host versions (bnc#986337). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - i2c: i801: add Intel Lewisburg device IDs (fate#319286). - i40e: fix an uninitialized variable bug (bsc#909484 FATE#317397). - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - introduce SIZE_MAX (bsc#1000189). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi: Import kabi files from 3.0.101-80 - kabi-fix for flock_owner addition (bsc#998689). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: sanity check cpu number extracted from xid (bsc#988440). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - bigmem: make bigmem patches configurable (bsc#928138,fate#319026). - md: check command validity early in md_ioctl() (bsc#1004520). - md: Drop sending a change uevent when stopping (bsc#1003568). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - md: lockless I/O submission for RAID1 (bsc#982783). - md/raid10: always set reshape_safe when initializing reshape_position (fate#311379). - md/raid10: Fix memory leak when raid10 reshape completes (fate#311379). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - Move patches that create ppc64-bigmem to the powerpc section. Add comments that outline the procedure and warn the unsuspecting. - move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - oom: print nodemask in the oom report (bnc#1003866). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - pciback: return proper values during BAR sizing. - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models (fate#321400). - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - ppp: defer netns reference release for ppp channel (bsc#980371). - qlcnic: fix a timeout loop (bsc#909350 FATE#317546) - random32: add prandom_u32_max (bsc#989152). - remove problematic preprocessor constructs (bsc#928138,fate#319026). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - rpm/package-descriptions: add -bigmem description - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - sata: Adding Intel Lewisburg device IDs for SATA (fate#319286). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scripts/bigmem-generate-ifdef-guard: auto-regen patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: Include this script to regenerate patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: make executable - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618 FATE#317521). - sort hyperv patches properly in series.conf - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458 FATE#317507). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, a.o.). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: do not deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support (fate#321400). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors (fate#321400). - x86/gart: Check for GART support before accessing GART registers (fate#321400). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - zfcp: close window with unblocked rport during rport gone (bnc#1003677, LTC#144310). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677, LTC#144312). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677, LTC#144308). - zfcp: fix payload trace length for SAN request&response (bnc#1003677, LTC#144312). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677, LTC#144312). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677, LTC#144312). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677, LTC#144312). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677, LTC#144312). - zfcp: trace on request for open and close of WKA port (bnc#1003677, LTC#144312). ----------------------------------------- Patch: SUSE-2016-1769 Released: Wed Dec 7 16:44:42 2016 Summary: Security update for w3m Severity: moderate References: 1011269,1011270,1011271,1011272,1011283,1011284,1011285,1011286,1011287,1011288,1011289,1011290,1011291,1011292,1011293,1012020,1012021,1012022,1012023,1012024,1012025,1012026,1012027,1012028,1012029,1012030,1012031,1012032,CVE-2010-2074,CVE-2016-9422,CVE-2016-9423,CVE-2016-9424,CVE-2016-9425,CVE-2016-9434,CVE-2016-9435,CVE-2016-9436,CVE-2016-9437,CVE-2016-9438,CVE-2016-9439,CVE-2016-9440,CVE-2016-9441,CVE-2016-9442,CVE-2016-9443,CVE-2016-9621,CVE-2016-9622,CVE-2016-9623,CVE-2016-9624,CVE-2016-9625,CVE-2016-9626,CVE-2016-9627,CVE-2016-9628,CVE-2016-9629,CVE-2016-9630,CVE-2016-9631,CVE-2016-9632,CVE-2016-9633 Description: This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) ----------------------------------------- Patch: SUSE-2016-1776 Released: Thu Dec 8 11:07:03 2016 Summary: Security update for xorg-x11-libX11 Severity: moderate References: 1002991,CVE-2016-7942 Description: This update for xorg-x11-libX11 fixes the following issues: - plug a memory leak (bsc#1002991, CVE-2016-7942) - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (bsc#1002991, CVE-2016-7942) ----------------------------------------- Patch: SUSE-2016-1789 Released: Fri Dec 9 21:26:33 2016 Summary: Recommended update for dbus-1 Severity: moderate References: 1010769 Description: This update for dbus-1 fixes a rare race condition that could lead to dbus-launch(1) killing unrelated processes. ----------------------------------------- Patch: SUSE-2016-1810 Released: Tue Dec 13 12:52:06 2016 Summary: Security update for xorg-x11-libXv Severity: moderate References: 1003017,CVE-2016-5407 Description: This update for xorg-x11-libXv fixes the following issues: - insufficient validation of data from the X server can cause memory corruption (bsc#1003017, CVE-2016-5407) ----------------------------------------- Patch: SUSE-2016-1811 Released: Tue Dec 13 12:54:03 2016 Summary: Security update for xorg-x11-libXrender Severity: moderate References: 1003002,CVE-2016-7949,CVE-2016-7950 Description: This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) ----------------------------------------- Patch: SUSE-2016-1826 Released: Wed Dec 14 16:35:03 2016 Summary: Recommended update for xorg-x11-libXrender Severity: important References: 1015442 Description: This update for xorg-x11-libXrender fixes a regression caused by the previous security update (bsc#1003002), which prevented YaST2 GUI from starting (bsc#1015442) ----------------------------------------- Patch: SUSE-2016-1838 Released: Fri Dec 16 11:01:37 2016 Summary: Security update for xorg-x11-libXfixes Severity: moderate References: 1002995,CVE-2016-7944 Description: This update for xorg-x11-libXfixes fixes the following issues: - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995, CVE-2016-7944) ----------------------------------------- Patch: SUSE-2016-1847 Released: Fri Dec 16 18:05:25 2016 Summary: Security update for xorg-x11-libs Severity: moderate References: 1002998,1003000,1003012,1003023,CVE-2016-7945,CVE-2016-7946,CVE-2016-7947,CVE-2016-7948,CVE-2016-7951,CVE-2016-7952,CVE-2016-7953 Description: This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) ----------------------------------------- Patch: SUSE-2016-1851 Released: Mon Dec 19 17:07:17 2016 Summary: Security update for ntp Severity: moderate References: 1009434,1011377,1011390,1011395,1011398,1011404,1011406,1011411,1011417,943216,956365,981252,988028,992038,992606,CVE-2015-5219,CVE-2015-8139,CVE-2015-8140,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311 Description: This update for ntp fixes the following issues: - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Security issues fixed (update to 4.2.8p9): - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) ----------------------------------------- Patch: SUSE-2016-1862 Released: Tue Dec 20 18:24:49 2016 Summary: Security update for the Linux Kernel Severity: important References: 1013533,1013604,CVE-2016-9576,CVE-2016-9794 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). ----------------------------------------- Patch: SUSE-2016-1869 Released: Wed Dec 21 16:24:43 2016 Summary: Security update for zlib Severity: moderate References: 1003577,1003579,1003580,1013882,CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843 Description: This update for zlib fixes the following issues: * Incompatible declarations for external linkage function deflate (bnc#1003577) * CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) * CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) * CVE-2016-9843: Big-endian out-of-bounds pointer ----------------------------------------- Patch: SUSE-2016-1874 Released: Wed Dec 21 17:38:52 2016 Summary: Optional update for mailx, mailx-openssl1 Severity: low References: 1012814 Description: This update delivers an additional mailx version built against openssl1 to enable TLS 1.2 support for SMTP, IMAP and POP3 connections. The main mailx package is also updated to use update-alternatives, easing the switch between the version built against openssl 0.9.8j and the one using openssl 1.0.1. The original mailx package includes /usr/bin/mailx.openssl0 and /usr/bin/mailx links to this binary by default. A new package mailx-openssl1 is supplied via the SECURITY module, including the /usr/bin/mailx.openssl1 binary. To switch /usr/bin/mailx to use openssl 1.0.1 and so support TLS 1.2 in encrypted connections use: update-alternatives --set mailx /usr/bin/mailx.openssl1 to switch back, use: update-alternatives --set mailx /usr/bin/mailx.openssl0 to display the current state use: update-alternatives --display mailx ----------------------------------------- Patch: SUSE-2016-1909 Released: Fri Dec 23 15:34:26 2016 Summary: Optional update for libesmtp5-openssl1 Severity: low References: 1005909,1012814 Description: This update for libesmtp provides a libesmtp library that offers TLS 1.2 support. The additional library lives in the new libesmtp5-openssl1 package and is in /opt/suse/lib64/. ----------------------------------------- Patch: SUSE-2016-1926 Released: Thu Dec 29 11:30:31 2016 Summary: Recommended update for release-notes-sles Severity: low References: 975899,979501 Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document: - Btrfs supported features (bsc#979501). - Basic support for the Zeppelin platform (fate#321400). - Change in the deadlock behavior of loop-back mounted NFS (fate#320631). - Support for absolute Placement Mode for Touchscreens in the evdev-driver. (fate#319647). ----------------------------------------- Patch: SUSE-2016-1929 Released: Thu Dec 29 13:50:06 2016 Summary: Recommended update for hwinfo Severity: low References: 1010276 Description: This update for hwinfo fixes the following issues: - Look for SMBIOS entry point also in EFI settings. (bsc#1010276) - Look for DMI table also in sysfs. (bsc#1010276) ----------------------------------------- Patch: SUSE-2016-1934 Released: Thu Dec 29 20:45:08 2016 Summary: Security update for samba Severity: moderate References: 1003731,1009711,1014441,1014442,993692,997833,CVE-2016-2125,CVE-2016-2126 Description: This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441) - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442) Non security issues fixed: - Allow SESSION KEY setup without signing. (bsc#1009711) - Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731) - Don't fail when using default domain with user@domain.com format. (bsc#997833) - Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692) ----------------------------------------- Patch: SUSE-2017-4 Released: Mon Jan 2 14:33:08 2017 Summary: Recommended update for libzypp, zypper Severity: low References: 1010096,899510,945169,964932 Description: This update for libzypp and zypper fixes the following issues: libzypp: - Suppress MediaChangeReport while testing multiple baseurls. (bsc#899510) - Support parsing multiple baseurls from a repo file. (bsc#899510) - Fix parsing of multi-line url entries. (bsc#964932) zypper: - Add new option 'psCheckAccessDeleted' to zypper.conf that can be used to prevent 'lsof' calls after commit (bsc#945169, bsc#1010096, fate#322060) - Suppress MediaChangeReport while testing multiple baseurls. (bsc#899510) ----------------------------------------- Patch: SUSE-2017-17 Released: Thu Jan 5 11:31:00 2017 Summary: Recommended update for irqbalance Severity: low References: 998399 Description: This update for irqbalance increases the maximum number of files that can be opened simultaneously to 4096. ----------------------------------------- Patch: SUSE-2017-34 Released: Mon Jan 9 14:11:16 2017 Summary: Recommended update for lvm2 Severity: low References: 960344,971150,985892 Description: This update for lvm2 provides the following fixes: - Redirect non-critical warnings when generating boot ramdisk to /dev/null. (bsc#971150) - Do not print error message inside retry loops to avoid multiple error messages when attempting to remove a busy device. (bsc#960344) - When stopping the lvm service, boot.udev must still be running. (bsc#985892) ----------------------------------------- Patch: SUSE-2017-55 Released: Wed Jan 11 22:58:40 2017 Summary: Security update for bind Severity: important References: 1018699,1018700,1018701,1018702,CVE-2016-9131,CVE-2016-9147,CVE-2016-9444 Description: This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] ----------------------------------------- Patch: SUSE-2017-75 Released: Mon Jan 16 16:23:33 2017 Summary: Security update for libxml2 Severity: moderate References: 1010675,1014873,CVE-2016-9318 Description: This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) ----------------------------------------- Patch: SUSE-2017-106 Released: Fri Jan 20 12:54:07 2017 Summary: Recommended update for suse-build-key Severity: low References: 1014151 Description: This update for suse-build-key fixes the following issues: - Updated gpg signing key for the SLE12 build@suse.de key (bsc#1014151) - Added the current security@suse.de key to the keyring - Changed SuSE to SUSE in texts ----------------------------------------- Patch: SUSE-2017-137 Released: Mon Jan 23 12:28:48 2017 Summary: Security update for icu Severity: moderate References: 1012224,CVE-2014-9911 Description: This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911). ----------------------------------------- Patch: SUSE-2017-158 Released: Fri Jan 27 18:23:11 2017 Summary: Security update for gnutls Severity: important References: 1005879,1018832,961491,CVE-2016-8610,CVE-2017-5335,CVE-2017-5336,CVE-2017-5337 Description: This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). ----------------------------------------- Patch: SUSE-2017-160 Released: Fri Jan 27 18:26:03 2017 Summary: Security update for bash Severity: moderate References: 1000396,1001299,959755,971410,CVE-2016-0634,CVE-2016-7543 Description: This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. (bsc#1000396) The following bugs were fixed: - bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps. - bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not. ----------------------------------------- Patch: SUSE-2017-169 Released: Mon Jan 30 18:39:04 2017 Summary: Recommended update for kexec-tools Severity: low References: 1009970,981339 Description: This update for kexec-tools fixes a segmentation fault that could happen on IBM Power 64 systems with more than 32TB of memory installed. ----------------------------------------- Patch: SUSE-2017-206 Released: Tue Feb 7 13:17:28 2017 Summary: Security update for expat Severity: moderate References: 1022037,983215,983216,CVE-2012-6702,CVE-2016-5300 Description: This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) ----------------------------------------- Patch: SUSE-2017-224 Released: Thu Feb 9 16:37:13 2017 Summary: Security update for the Linux Kernel Severity: important References: 1003813,1005877,1007615,1008557,1008645,1008831,1008833,1008893,1009875,1010150,1010175,1010201,1010467,1010501,1010507,1010711,1010713,1010716,1011685,1011820,1012183,1012411,1012422,1012832,1012851,1012852,1012917,1013018,1013038,1013042,1013070,1013531,1013542,1014410,1014454,1014746,1015561,1015752,1015760,1015796,1015803,1015817,1015828,1015844,1015848,1015878,1015932,1016320,1016505,1016520,1016668,1016688,1016824,1016831,1017686,1017710,1019079,1019148,1019165,1019348,1019783,1020214,1021258,748806,786036,790588,795297,800999,821612,824171,851603,853052,871728,901809,909350,909491,913387,914939,919382,924708,925065,953233,961589,962846,969340,973691,987333,987576,989152,989680,989896,990245,992991,993739,993832,996541,996557,997401,999101,CVE-2004-0230,CVE-2012-6704,CVE-2013-6368,CVE-2015-1350,CVE-2015-8962,CVE-2015-8964,CVE-2016-10088,CVE-2016-5696,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - KABI fix (bsc#1014410). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387). - dm: do not call dm_sync_table() when creating new devices (bnc#901809). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - ibmveth: calculate gso_segs for large packets (bsc#1019165). - ibmveth: set correct gso_size and gso_type (bsc#1019165). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491 FATE#317388). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297 FATE#313656). - igb: Fix oops caused by missing queue pairing (bsc#909491 FATE#317388). - igb: Fix oops on changing number of rings (bsc#909491 FATE#317388). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491 FATE#317388). - igb: Unpair the queues when changing the number of queues (bsc#909491 FATE#317388). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: Fix error flow when sending mads under SRIOV (bsc#786036 FATE#314304). - mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036 FATE#314304). - mlx4: Fix memory leak if QP creation failed (bsc#786036 FATE#314304). - mlx4: Fix potential deadlock when sending mad to wire (bsc#786036 FATE#314304). - mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036 FATE#314304). - mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036 FATE#314304). - mlx4: add missing braces in verify_qp_parameters (bsc#786036 FATE#314304). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036 FATE#314304). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382 FATE#317529). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036 FATE#314304). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bsc#919382 FATE#317529). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036 FATE#314304). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382 FATE#317529). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382 FATE#317529). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382 FATE#317529). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036 FATE#314304). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036 FATE#314304). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382 FATE#317529). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382 FATE#317529). - netfront: do not truncate grant references. - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201). - printk/sched: Introduce special printk_sched() for those awkward (bsc#996541). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350 FATE#317546). - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999 FATE#313899). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/zcrypt: kernel: Fix invalid domain response handling (bsc#1016320). - scsi: Fix erratic device offline during EH (bsc#993832). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Fix temperature reporting (bnc#790588 FATE#313912). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - xenbus: do not invoke is_ready() for most device states (bsc#987333). ----------------------------------------- Patch: SUSE-2017-239 Released: Tue Feb 14 20:09:47 2017 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1023977,978501 Description: This update for the libusb 1.0 library libusb-1_0 fixes the following issues and brings new features: - Fix race condition causing delayed completion of sync transfers. (bsc#978501) - Numerous bug fixes and improvements - Add libusb_get_device_speed() - Add libusb_has_capability() - Add libusb_error_name() - Add libusb_get_version() ----------------------------------------- Patch: SUSE-2017-242 Released: Wed Feb 15 12:02:29 2017 Summary: Security update for icu Severity: moderate References: 1023033,CVE-2014-9911 Description: This update for icu fixes the following issues: - CVE-2014-9911: The fix was updated to not crash (NULL ptr deref) when resPath is NULL (bsc#1023033). ----------------------------------------- Patch: SUSE-2017-243 Released: Wed Feb 15 12:12:08 2017 Summary: Security update for xorg-x11-libXpm Severity: moderate References: 1021315,CVE-2016-10164 Description: This update for xorg-x11-libXpm fixes the following security issue: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) ----------------------------------------- Patch: SUSE-2017-307 Released: Wed Mar 1 16:52:12 2017 Summary: Security update for openssl Severity: moderate References: 1000677,1001912,1004499,1005878,1019334,1021641,984663,CVE-2016-2108,CVE-2016-7056,CVE-2016-8610 Description: This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) ----------------------------------------- Patch: SUSE-2017-311 Released: Thu Mar 2 15:26:49 2017 Summary: Security update for bind Severity: moderate References: 1024130,CVE-2017-3135 Description: This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) ----------------------------------------- Patch: SUSE-2017-318 Released: Fri Mar 3 17:46:19 2017 Summary: Security update for openssh Severity: moderate References: 1005480,1005893,1006221,1016366,1016369,CVE-2016-10009,CVE-2016-10011,CVE-2016-8858 Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed: - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) ----------------------------------------- Patch: SUSE-2017-325 Released: Mon Mar 6 11:24:53 2017 Summary: Security update for unzip Severity: moderate References: 1013992,1013993,950110,950111,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844 Description: This update for unzip fixes the following issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) ----------------------------------------- Patch: SUSE-2017-352 Released: Thu Mar 9 10:30:23 2017 Summary: Security update for xorg-x11-libX11 Severity: moderate References: 1019642,CVE-2013-1997 Description: This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 (bnc#824294). Keyboard mappings for special characters on Non-English keyboards might have been broken. (bnc#1019642) ----------------------------------------- Patch: SUSE-2017-355 Released: Thu Mar 9 11:37:37 2017 Summary: Recommended update for timezone Severity: low References: 1024676,1024677 Description: This update provides the latest timezone information (2017a) for your system, including the following changes: - Mongolia no longer observes DST. (bsc#1024676) - Chile's Region of Magallanes moves from -04/-03 to -03 year-round starting 2017-05-13 23:00. Split from America/Santiago creating a new zone America/Punta_Arenas. Also affects Antarctica/Palmer. (bsc#1024677) - Fixes to historical time stamps: Spain, Ecuador, Atyrau, Oral. - Switch to numeric, or commonly used time zone abbreviations. - zic(8) no longer mishandles some transitions in January 2038. - date and strftime now cause %z to generate '-0000' instead of '+0000' when the UT offset is zero and the time zone abbreviation begins with '-'. ----------------------------------------- Patch: SUSE-2017-363 Released: Fri Mar 10 14:36:15 2017 Summary: Security update for tcpdump Severity: moderate References: 1020940,CVE-2016-7922,CVE-2016-7923,CVE-2016-7925,CVE-2016-7926,CVE-2016-7927,CVE-2016-7928,CVE-2016-7931,CVE-2016-7934,CVE-2016-7935,CVE-2016-7936,CVE-2016-7937,CVE-2016-7939,CVE-2016-7940,CVE-2016-7973,CVE-2016-7974,CVE-2016-7975,CVE-2016-7983,CVE-2016-7984,CVE-2016-7992,CVE-2016-7993,CVE-2016-8574,CVE-2017-5202,CVE-2017-5203,CVE-2017-5204,CVE-2017-5483,CVE-2017-5484,CVE-2017-5485,CVE-2017-5486 Description: This update for tcpdump fixes the following issues: Security issues fixed (bsc#1020940): - CVE-2016-7922: Corrected buffer overflow in AH parser print-ah.c:ah_print(). - CVE-2016-7923: Corrected buffer overflow in ARP parser print-arp.c:arp_print(). - CVE-2016-7925: Corrected buffer overflow in compressed SLIP parser print-sl.c:sl_if_print(). - CVE-2016-7926: Corrected buffer overflow in the Ethernet parser print-ether.c:ethertype_print(). - CVE-2016-7927: Corrected buffer overflow in the IEEE 802.11 parser print-802_11.c:ieee802_11_radio_print(). - CVE-2016-7928: Corrected buffer overflow in the IPComp parser print-ipcomp.c:ipcomp_print(). - CVE-2016-7931: Corrected buffer overflow in the MPLS parser print-mpls.c:mpls_print(). - CVE-2016-7936: Corrected buffer overflow in the UDP parser print-udp.c:udp_print(). - CVE-2016-7934,CVE-2016-7935,CVE-2016-7937: Corrected segmentation faults in function udp_print(). - CVE-2016-7939: Corrected buffer overflows in GRE parser print-gre.c:(multiple functions). - CVE-2016-7940: Corrected buffer overflows in STP parser print-stp.c:(multiple functions). - CVE-2016-7973: Corrected buffer overflow in AppleTalk parser print-atalk.c. - CVE-2016-7974: Corrected buffer overflow in IP parser print-ip.c:(multiple functions). - CVE-2016-7975: Corrected buffer overflow in TCP parser print-tcp.c:tcp_print(). - CVE-2016-7983,CVE-2016-7984: Corrected buffer overflow in TFTP parser print-tftp.c:tftp_print(). - CVE-2016-7992: Corrected buffer overflow in Classical IP over ATM parser print-cip.c. - CVE-2016-7993: Corrected buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, etc.). - CVE-2016-8574: Corrected buffer overflow in FRF.15 parser print-fr.c:frf15_print(). - CVE-2017-5202: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). - CVE-2017-5203: Corrected buffer overflow in BOOTP parser print-bootp.c:bootp_print(). - CVE-2017-5204: Corrected buffer overflow in IPv6 parser print-ip6.c:ip6_print(). - CVE-2017-5483: Corrected buffer overflow in SNMP parser print-snmp.c:asn1_parse(). - CVE-2017-5484: Corrected buffer overflow in ATM parser print-atm.c:sig_print(). - CVE-2017-5485: Corrected buffer overflow in ISO CLNS parser addrtoname.c:lookup_nsap(). - CVE-2017-5486: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). ----------------------------------------- Patch: SUSE-2017-381 Released: Wed Mar 15 13:01:21 2017 Summary: Recommended update for python-azure-agent Severity: moderate References: 1018369,1029223,1029224 Description: This update for python-azure-agent provides version 2.2.6 and brings the following fixes and improvements: - Improve logging when interface detection fails. - Retry when get thumbprint fails. - Ensure host plugin calls fail gracefully. - Handle interface resets more gracefully. - Wait for partition before mounting. - Correct check for heartbeat freshness. - Fix RDMA reboot issue. - Changed permissions for log directory. - Fix potential sync issue with incarnation number and cache. - Extend VM health status. - Improve mount call and logging. - Cleanup SUSE configuration. - Update RDMA configuration. - Add a log message when primary nic is not found. - Add telemetry event for host plugin usage. - Prevent duplicates in sysinfo. - Add support for Match blocks in sshd configuration. - Support offline hostname changes. - Ensure configuration file is updated correctly. - Support NetworkManager leases. - Fix password encoding. - Fix for hostnamectl. - Fix password encrypting failure in python 2.*. - Handle interrupt signal. - Fix the issues for mounting resourcedisk. - Support for F5 Networks BIG-IP. - Fix sfdisk options. - Fix for fetch manifest. - Fix issue with xfs swapon. - Handle deprovisioning interruption. - Reduce goal state logging. - Increase polling rate. - Support OnHold flag. - Fix for decode_config. - Azure stack certificate fix. - Enable over-provisioning support. - Enable host plugin scenarios. ----------------------------------------- Patch: SUSE-2017-405 Released: Fri Mar 17 14:09:27 2017 Summary: Recommended update for release-notes-sles Severity: low References: 1016450,1017579,1028458 Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document: - Maximum RAM certified of '1.5TB' for POWER. (bsc#1028458) - Samba support to operate as an Active Directory style domain controller. (bsc#1017579, fate#322422) ----------------------------------------- Patch: SUSE-2017-453 Released: Wed Mar 22 15:59:10 2017 Summary: Security update for wget Severity: moderate References: 1028301,CVE-2017-6508 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). ----------------------------------------- Patch: SUSE-2017-467 Released: Tue Mar 28 16:33:30 2017 Summary: Security update for samba Severity: important References: 1027147,CVE-2017-2619 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). ----------------------------------------- Patch: SUSE-2017-469 Released: Tue Mar 28 17:15:27 2017 Summary: Recommended update for timezone Severity: low References: 1030417 Description: This update provides the latest timezone information (2017b) for your system, including following changes: - Haiti resumed observance of DST in 2017. - Liberia changed from -004430 to +00 on 1972-01-07, not 1972-05-01. - Use 'MMT' to abbreviate Liberia's time zone before 1972. ----------------------------------------- Patch: SUSE-2017-515 Released: Fri Mar 31 11:47:27 2017 Summary: Security update for libpng12-0 Severity: moderate References: 1017646,958791,CVE-2015-8540,CVE-2016-10087 Description: This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) ----------------------------------------- Patch: SUSE-2017-534 Released: Mon Apr 3 17:43:34 2017 Summary: Security update for the Linux Kernel Severity: important References: 1027565,CVE-2017-2636 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) ----------------------------------------- Patch: SUSE-2017-539 Released: Tue Apr 4 18:03:17 2017 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1004096,1030012,1030827,1030919,683914,932393,985390 Description: This update for libzypp and zypper fixes the following issues: libzypp: - Add support for repository authentication using SSL client certificates. (bsc#683914) - Fix SSL client certificate authentication via URL option ssl_clientcert/ssl_clientkey. (bsc#932393, bsc#1030012) - Fix X-libcurl-Empty-Header-Workaround. (bsc#1030919, bsc#1030827) - Let 'dup --from' leave updateTestcase logs in /var/log. (bsc#1004096) zypper: - Add parseable XML output to 'zypper locks'. (bsc#985390) - Add --matches and --solvables options to 'zypper locks'. ----------------------------------------- Patch: SUSE-2017-550 Released: Thu Apr 6 11:38:56 2017 Summary: Security update for ruby Severity: moderate References: 926974,959495,986630,CVE-2015-1855,CVE-2015-7551 Description: This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) ----------------------------------------- Patch: SUSE-2017-565 Released: Mon Apr 10 12:52:48 2017 Summary: Recommended update for libssh2_org Severity: low References: 1027264,933336,967787,974691 Description: This update provides libssh2_org 1.4.3, which brings several fixes and enhancements: - Add support for zlib@openssh.com compression. - Return error if a too large package arrives. - Do not leak memory when handling OpenSSL errors. - Improved handling of disabled MD5 algorithm in OpenSSL. - Fail when parsing unknown keys in known_hosts file. - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner. - Always do 'forced' window updates to avoid corner case stalls. - Finish in-progress key exchange before sending data. - Verify the packet before accepting it. - Use safer snprintf rather then sprintf in several places. - Advance offset correctly for buffered copies. For a comprehensive list of changes please refer to the package's change log. ----------------------------------------- Patch: SUSE-2017-575 Released: Wed Apr 12 09:02:07 2017 Summary: Recommended update for openslp Severity: low References: 1012814 Description: This update for openslp fixes the following issues: Provide a variant of libslp1 built against openssl1 for building sblim-sfcb or other libslp.so.1 users against openssl1 (bsc#1012814) ----------------------------------------- Patch: SUSE-2017-583 Released: Thu Apr 13 02:36:37 2017 Summary: Security update for bind Severity: important References: 1033466,1033467,1033468,987866,989528,CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138 Description: This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ----------------------------------------- Patch: SUSE-2017-590 Released: Thu Apr 13 13:13:58 2017 Summary: Recommended update for libtool Severity: moderate References: 1010802 Description: This update for libtool prevents a segmentation fault caused by insufficient error handling on out-of-memory situations. ----------------------------------------- Patch: SUSE-2017-601 Released: Tue Apr 18 02:54:04 2017 Summary: Security update for bind Severity: important References: 1034162,CVE-2017-3137 Description: This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) ----------------------------------------- Patch: SUSE-2017-608 Released: Tue Apr 18 11:26:47 2017 Summary: Security update for curl Severity: moderate References: 1015332,1032309,CVE-2016-9586,CVE-2017-7407 Description: This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). ----------------------------------------- Patch: SUSE-2017-613 Released: Tue Apr 18 16:06:41 2017 Summary: Security update for ntp Severity: moderate References: 1014172,1030050,1031085,CVE-2016-9042,CVE-2017-6451,CVE-2017-6458,CVE-2017-6460,CVE-2017-6462,CVE-2017-6463,CVE-2017-6464 Description: This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - Fixing ppc and ppc64 linker issue (bsc#1031085). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. ----------------------------------------- Patch: SUSE-2017-628 Released: Thu Apr 20 19:07:56 2017 Summary: Recommended update for mkinitrd Severity: low References: 1006705,1027452,926440,958722,968863,995634 Description: This update for mkinitrd fixes the following issues: - Prevent false error messages from setup-network.sh when optional configuration files don't exist in the system. (bsc#1027452) - Explicitly load usb modules in single user mode. (bsc#1006705) - Only copy /etc/group to the initrd and do not call getent. (bsc#995634) - Clear the GREP_OPTIONS variable. (bsc#968863) - Do not run fsck if fastboot is given on the kernel command line. (bsc#958722) - Include only required SCSI modules. (bsc#926440) ----------------------------------------- Patch: SUSE-2017-648 Released: Fri Apr 28 08:58:53 2017 Summary: Recommended update for crash Severity: low References: 1022962 Description: This update for crash provides the following fixes: - Fix analyzing fadump (and qemu) dumps on PPC64 systems with 32TB of memory. (bsc#1022962) ----------------------------------------- Patch: SUSE-2017-688 Released: Wed May 3 18:36:21 2017 Summary: Recommended update for release-notes-sles Severity: low References: 1027264,1028467 Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document: - Availability of libssh2_org version update. (bsc#1027264, fate#320942) ----------------------------------------- Patch: SUSE-2017-689 Released: Wed May 3 18:37:09 2017 Summary: Recommended update for boost Severity: low References: 1035216 Description: This update for boost fixes the following issues: - Backport upstream fix for a change in how Python interpreter handles __doc__ section in compiled modules. (bsc#1035216) ----------------------------------------- Patch: SUSE-2017-694 Released: Thu May 4 17:53:34 2017 Summary: Recommended update for python-azure-agent Severity: low References: 1035419 Description: This update for python-azure-agent provides version 2.2.10 and brings the following fixes and improvements: - Clean up extension directories. - Provisioning logging improvements. - Override decode custom data. - Networking logging cleanup. - Keygen logging cleanup. - Reduce the monitoring loop wait time. - Improve host plugin failure handling. - Add telemetry for put status failures. - Improve extension handler logging. - Reduce guest agent update logging. - Add basic 32-bit support to interface detection. - Better heartbeat exception handling. - Better unhandled exception logging. - Improve NSG state management. - Better handling and cleanup of old events. - Pass environment variables to subprocess. - Improve RDMA package matching. - Better handling of resource disk mounting. - Data disks udev rule. - Enabled PageBlob support through HostGAPlugin. ----------------------------------------- Patch: SUSE-2017-718 Released: Mon May 8 17:30:00 2017 Summary: Security update for samba Severity: important References: 1027147,1036283,CVE-2017-2619 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). ----------------------------------------- Patch: SUSE-2017-724 Released: Tue May 9 15:24:38 2017 Summary: Recommended update for SuSEfirewall2 Severity: low References: 785299,798468,906136 Description: This update for SuSEfirewall2 provides the following fixes: - No longer call fillup during postinstall to prevent multiline configuration values being broken. (bsc#798468) - Ignore the bootlock when incremental updates for hotplugged or virtual devices are coming in during boot. This prevents lockups for example when drbd is used with FB_BOOT_FULL_INIT. (bsc#785299) - Only apply FW_KERNEL_SECURITY proc settings, if not overriden by the administrator in /etc/sysctl.conf. This allows you to benefit from some of the kernel security settings, while overwriting others. (bsc#906136) ----------------------------------------- Patch: SUSE-2017-736 Released: Wed May 10 18:34:53 2017 Summary: Recommended update for openldap2 Severity: low References: 1012894,1033210 Description: This update for openldap2 provides the following feature and bug fix: A new openldap2-openssl1 package is added for the SECURITY Module, which contains a TLS 1.2 enabled slapd. The openldap2-openssl1 package can be additionally installed and starting the 'ldap' sysvinit service will then use this. (FATE#320397 bsc#1033210) Bug fixed: - Fix a deadlock in connection handling (bsc#1012894) ----------------------------------------- Patch: SUSE-2017-755 Released: Fri May 12 12:55:51 2017 Summary: Recommended update for autofs Severity: low References: 1031533,998078 Description: This update for autofs fixes the following issues: - Do not add wildcard key to negative cache. (bsc#1031533) - Fix typo in DEFAULT_AUTH_CONFIG_FILE definition. (bsc#998078) ----------------------------------------- Patch: SUSE-2017-759 Released: Mon May 15 16:44:03 2017 Summary: Security update for libxslt Severity: moderate References: 1005591,1035905,934119,952474,CVE-2015-7995,CVE-2015-9019,CVE-2016-4738,CVE-2017-5029 Description: This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) ----------------------------------------- Patch: SUSE-2017-762 Released: Mon May 15 17:06:03 2017 Summary: Security update for the Linux Kernel Severity: important References: 1005651,1008374,1008893,1013018,1013070,1013800,1013862,1016489,1017143,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1028415,1028880,1029212,1029770,1030213,1030573,1031003,1031052,1031440,1031579,1032141,1033336,1033771,1033794,1033804,1033816,1034026,909486,911105,931620,979021,982783,983212,985561,988065,989056,995542,999245,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-5243,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7616 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features: - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bsc#979021). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application (bnc#1027066) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c (bsc#1008374). The following non-security bugs were fixed: - NFSD: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783, bsc#1026260). - SUNRPC: Clean up the slot table allocation (bsc#1013862). - SUNRPC: Initalise the struct xprt upon allocation (bsc#1013862). - USB: cdc-acm: fix broken runtime suspend (bsc#1033771). - USB: cdc-acm: fix open and suspend race (bsc#1033771). - USB: cdc-acm: fix potential urb leak and PM imbalance in write (bsc#1033771). - USB: cdc-acm: fix runtime PM for control messages (bsc#1033771). - USB: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771). - USB: cdc-acm: fix shutdown and suspend race (bsc#1033771). - USB: cdc-acm: fix write and resume race (bsc#1033771). - USB: cdc-acm: fix write and suspend race (bsc#1033771). - USB: hub: Fix crash after failure to read BOS descriptor - USB: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794). - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - USB: serial: mos7720: fix NULL-deref at open (bsc#1033816). - USB: serial: mos7720: fix parallel probe (bsc#1033816). - USB: serial: mos7720: fix parport use-after-free on probe errors (bsc#1033816). - USB: serial: mos7720: fix use-after-free on probe errors (bsc#1033816). - USB: serial: mos7840: fix NULL-deref at open (bsc#1034026). - USB: xhci-mem: use passed in GFP flags instead of GFP_KERNEL (bsc#1023014). - Update metadata for serial fixes (bsc#1013070) - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - clocksource: Remove 'weak' from clocksource_default_clock() declaration (bnc#1013018). - dlm: backport 'fix lvb invalidation conditions' (bsc#1005651). - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81) - enic: set skb->hash type properly (bsc#911105). - ext4: fix mballoc breakage with 64k block size (bsc#1013018). - ext4: fix stack memory corruption with 64k block size (bsc#1013018). - ext4: reject inodes with negative size (bsc#1013018). - fuse: initialize fc->release before calling it (bsc#1013018). - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (bsc#985561). - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561). - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561). - i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561). - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561). - i40e: Impose a lower limit on gso size (bsc#985561). - i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561). - i40e: avoid null pointer dereference (bsc#909486). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - kABI: mask struct xfs_icdinode change (bsc#1024788). - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508). - kabi: fix (bsc#1008893). - lockd: use init_utsname for id encoding (bsc#1033804). - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md/linear: shutup lockdep warnning (bsc#1018446). - mm/mempolicy.c: do not put mempolicy before using its nodemask (bnc#931620). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1013018). - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800). - ocfs2: fix error return code in ocfs2_info_handle_freefrag() (bsc#1013018). - ocfs2: null deref on allocation error (bsc#1013018). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: use pci_physfn() (bsc#999245). - posix-timers: Fix stack info leak in timer_create() (bnc#1013018). - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting smt_snooze_delay (bsc#1023163). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489). - powerpc/vdso64: Use double word compare on pointers (bsc#1016489). - rcu: Call out dangers of expedited RCU primitives (bsc#1008893). - rcu: Direct algorithmic SRCU implementation (bsc#1008893). - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893). - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893). - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893). - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893). - s390/kmsg: add missing kmsg descriptions (bnc#1025702). - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702). - s390/zcrypt: Introduce CEX6 toleration - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018). - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems (bnc#1013018). - scsi: zfcp: do not trace pure benign residual HBA responses at default level (bnc#1025702). - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702). - scsi: zfcp: fix use-after-'free' in FC ingress path after TMF (bnc#1025702). - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send (bnc#1025702). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913). - vfs: split generic splice code from i_mutex locking (bsc#1024788). - virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xfs: Fix lock ordering in splice write (bsc#1024788). - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: kill xfs_itruncate_start (bsc#1024788). - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788). - xfs: remove the i_size field in struct xfs_inode (bsc#1024788). - xfs: remove xfs_itruncate_data (bsc#1024788). - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508). - xfs: split xfs_itruncate_finish (bsc#1024788). - xfs: split xfs_setattr (bsc#1024788). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). ----------------------------------------- Patch: SUSE-2017-802 Released: Thu May 18 12:24:08 2017 Summary: Security update for bash Severity: low References: 1010845,1031729,976776,CVE-2016-9401 Description: This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address (bsc#1010845). This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history (bsc#1031729) ----------------------------------------- Patch: SUSE-2017-832 Released: Fri May 19 14:48:29 2017 Summary: Recommended update for xorg-x11-libX11 Severity: moderate References: 1031337 Description: This update for xorg-x11-libX11 fixes a memory leak that's visible when using gnome-panel. ----------------------------------------- Patch: SUSE-2017-850 Released: Tue May 23 16:05:50 2017 Summary: Recommended update for SuSEfirewall2 Severity: low References: 1039281 Description: This update for SuSEfirewall2 fixes the following issues: - Correctly install /etc/sysconfig/SuSEfirewall2 (bsc#1039281) ----------------------------------------- Patch: SUSE-2017-851 Released: Tue May 23 16:13:39 2017 Summary: Recommended update for multipath-tools Severity: moderate References: 1005255,1007202,1019798,1025602,984957,991432,995633 Description: This update for multipath-tools provides the following fixes: - Fix check for new path states. (bsc#1019798) - Set DI_SERIAL in 'multipath -ll' output. (bsc#1007202) - Remove calls to dm_udev_complete. (bsc#1025602) - Add support for read-only bindings. (bsc#995633) - Fix issues with user_friendly_names initramfs bindings. (bsc#1005255) - Add HP MSA 2040 to hardware table. (bsc#984957) - Add 'wwn' and 'serial' keyword to weightedpath prioritizer. (bsc#991432) ----------------------------------------- Patch: SUSE-2017-855 Released: Wed May 24 10:23:44 2017 Summary: Security update for samba Severity: important References: 1038231,CVE-2017-7494 Description: This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] ----------------------------------------- Patch: SUSE-2017-899 Released: Wed May 31 16:44:50 2017 Summary: Security update for libtirpc, rpcbind Severity: important References: 1037559,CVE-2017-8779 Description: This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) ----------------------------------------- Patch: SUSE-2017-921 Released: Wed Jun 7 15:15:53 2017 Summary: Recommended update for tcpd Severity: low References: 1019574,899185,914527 Description: This update for tcpd provides the following fixes: - Fixes for breakage of IPv6 address handling (bsc#914527, bsc#899185, bsc#1019574) - Use O_CLOEXEC whenever necessary, otherwise fd leaks will follow. ----------------------------------------- Patch: SUSE-2017-954 Released: Tue Jun 13 15:19:02 2017 Summary: Security update for libxml2 Severity: moderate References: 1010675,1013930,1039063,1039064,1039066,1039069,1039661,CVE-2016-9318,CVE-2017-9047,CVE-2017-9048,CVE-2017-9049,CVE-2017-9050 Description: This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). ----------------------------------------- Patch: SUSE-2017-960 Released: Wed Jun 14 14:40:22 2017 Summary: Recommended update for gcc5 Severity: low References: 1043580 Description: This update for gcc5 fixes the version of libffi in its pkg-config configuration file. ----------------------------------------- Patch: SUSE-2017-982 Released: Mon Jun 19 10:56:28 2017 Summary: Recommended update for python-azure-agent Severity: moderate References: 1042202,1042203 Description: This update for python-azure-agent provides version 2.2.13 and brings the following fixes and improvements: - Fix for host plugin response encoding. - Fix for GAiA public key handling. - Fix for host plugin channel initialization. - Fix for AzureStack protocol error handling. - Removal of iptables rules from AzureStack protocol. - There are too many log print to /var/log/waagent.log. - Questionable split call in common/conf.py. - Remove extension logs during de-provision. - Reset of RDMA drivers not taking effect. - WALA de-provision process not clean up all cloudinit files. - Ensure the transport certificate expires in no more than two years enhancement. - Emit goal state processing performance metrics enhancement. - Align with the Azure Stack protocol enhancement. - Location of configuration file should be editable. - Add new OS.SshDir in waagent.conf. - De-provision cloud-init data. - Enable FIPS support. - Enable auto-update for AzureStack. - Default route is not added if it already exists. - Change option order for mkfs. - Enable customer-supported cloud-init. - Agent should purge /var/lib/waagent/events if it gets full. - Remove superseded extension folders / zip files. - Agent should remove unused extension directories and zip files. - Agent should not issue an HTTP HEAD to determine status blob type. - Correct HandlerState status check and clean-up reported events. - Reduce polling time for extension processing. - Emit event if re-provisioning without a de-provision. ----------------------------------------- Patch: SUSE-2017-997 Released: Mon Jun 19 21:21:07 2017 Summary: Security update for glibc Severity: important References: 1039357,CVE-2017-1000366 Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] ----------------------------------------- Patch: SUSE-2017-1003 Released: Tue Jun 20 19:31:15 2017 Summary: Security update for the Linux Kernel Severity: critical References: 1018074,1035920,1039348,1042921,1043234,CVE-2017-1000364 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). ----------------------------------------- Patch: SUSE-2017-1006 Released: Wed Jun 21 09:00:23 2017 Summary: Recommended update for openldap2 Severity: moderate References: 1043101 Description: This update for openldap2 fixes the following issues: A seperate openldap2-client-openssl1 package is being split out, which contains the ldap commandline client tools in TLS 1.2 enabled variants. These previously lived directly in the library package, which lead to confusion. (bsc#1043101) These binaries can be found in /opt/suse/bin/ldap* ----------------------------------------- Patch: SUSE-2017-1046 Released: Mon Jun 26 15:12:13 2017 Summary: Security update for kernel-source Severity: important References: 1045340,1045406,CVE-2017-1000364 Description: This Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] ----------------------------------------- Patch: SUSE-2017-1070 Released: Thu Jun 29 16:04:31 2017 Summary: Security update for net-snmp Severity: low References: 1011601,1019450 Description: This update for net-snmp ships an additional library package built against openssl1 to allow linking libsnmp against other binaries that link against openssl1. (bsc#1011601 fate#322032) The Net-SNMP server and commandline clients themselves do not use TLS, so are not duplicated with openssl1 builds. ----------------------------------------- Patch: SUSE-2017-1081 Released: Thu Jun 29 22:21:47 2017 Summary: Security update for bind Severity: important References: 1046554,1046555,CVE-2017-3142,CVE-2017-3143 Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] ----------------------------------------- Patch: SUSE-2017-1103 Released: Tue Jul 4 16:12:55 2017 Summary: Security update for vim Severity: moderate References: 1024724,CVE-2017-5953 Description: This update for vim fixes the following issues: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) ----------------------------------------- Patch: SUSE-2017-1114 Released: Thu Jul 6 11:32:55 2017 Summary: Recommended update for ncurses Severity: important References: 1046853,1046858,CVE-2017-10684,CVE-2017-10685 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) ----------------------------------------- Patch: SUSE-2017-1115 Released: Thu Jul 6 11:35:12 2017 Summary: Security update for libgcrypt Severity: moderate References: 1046607,CVE-2017-7526 Description: This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added (bsc#1046607) ----------------------------------------- Patch: SUSE-2017-1120 Released: Fri Jul 7 11:24:46 2017 Summary: Security update for libxml2 Severity: moderate References: 1024989,1044337,1044887,1044894,CVE-2017-0663,CVE-2017-5969,CVE-2017-7375,CVE-2017-7376 Description: This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) * CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) ----------------------------------------- Patch: SUSE-2017-1123 Released: Fri Jul 7 15:56:25 2017 Summary: Recommended update for yast2-ldap-client Severity: low References: 1043915 Description: This update for yast2-ldap-client provides the following fix: - AutoYaST: Reading default values from /etc/nsswitch.conf before writing settings to system (bsc#1043915) ----------------------------------------- Patch: SUSE-2017-1128 Released: Mon Jul 10 16:26:42 2017 Summary: Recommended update for release-notes-sles Severity: low References: 1035915 Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document that lxc-attach(1) is not supported. ----------------------------------------- Patch: SUSE-2017-1139 Released: Wed Jul 12 13:30:39 2017 Summary: Recommended update for pango Severity: low References: 978972 Description: This update for glib2 and pango provides the following fixes: - Ignore postun/postin errors. (bsc#978972) ----------------------------------------- Patch: SUSE-2017-1145 Released: Wed Jul 12 16:40:00 2017 Summary: Security update for xorg-x11-libICE Severity: moderate References: 1025068,CVE-2017-2626 Description: This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) ----------------------------------------- Patch: SUSE-2017-1155 Released: Fri Jul 14 17:15:36 2017 Summary: Security update for xorg-x11-libXdmcp Severity: moderate References: 1025046,CVE-2017-2625 Description: This update for xorg-x11-libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) ----------------------------------------- Patch: SUSE-2017-1156 Released: Fri Jul 14 17:16:21 2017 Summary: Recommended update for autoyast2 Severity: low References: 1038797,935066,937942,986124,996839 Description: This update for autoyast2 fixes the following issues: - Add correct yast2-storage requirement (bsc#1038797) - Exporting '/dev/nfs' containers for nfs volumes correctly (bsc#986124) - Software raid using dm-devices fails (bsc#996839) - Bring up multipath during installation (bsc#937942) - Syncing hardware time before starting installation via ntp (bsc#935066) ----------------------------------------- Patch: SUSE-2017-1159 Released: Fri Jul 14 17:18:49 2017 Summary: Recommended update for yast2-samba-client Severity: moderate References: 1035099 Description: This update fixes yast2-samba-client to allow client ipc signing parameter specified in smb.conf to be used by YaST when performing 'net ads join' to join the domain. ----------------------------------------- Patch: SUSE-2017-1161 Released: Sat Jul 15 09:50:23 2017 Summary: Security update for gnutls Severity: moderate References: 1034173,1038337,1040621,CVE-2017-6891,CVE-2017-7869 Description: This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) ----------------------------------------- Patch: SUSE-2017-1176 Released: Wed Jul 19 23:10:02 2017 Summary: Recommended update for release-notes-sles Severity: low References: 1031375,1048537 Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document the support status of xl/libxl and libvirt/libxl tool stacks on Xen systems. ----------------------------------------- Patch: SUSE-2017-1278 Released: Mon Aug 7 14:46:12 2017 Summary: Security update for ncurses Severity: moderate References: 1046853,1046858,1047964,1047965,1049344,CVE-2017-10684,CVE-2017-10685,CVE-2017-11112,CVE-2017-11113 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) ----------------------------------------- Patch: SUSE-2017-1314 Released: Wed Aug 9 16:31:29 2017 Summary: Security update for libxml2 Severity: moderate References: 1038444,CVE-2017-8872 Description: This update for libxml2 fixes the following issues: - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444) ----------------------------------------- Patch: SUSE-2017-1321 Released: Fri Aug 11 16:21:45 2017 Summary: Recommended update for xfsprogs Severity: moderate References: 1045597 Description: This update for xfsprogs provides the following fixes: - Clear bad flags observed on PowerPC64 systems after a file system corruption. (bsc#1045597) ----------------------------------------- Patch: SUSE-2017-1339 Released: Wed Aug 16 12:55:10 2017 Summary: Recommended update for sed Severity: low References: 954661 Description: This update for sed provides the following fixes: - Don't terminate with a segmentation fault if close of last file descriptor fails. (bsc#954661) ----------------------------------------- Patch: SUSE-2017-1353 Released: Fri Aug 18 18:41:42 2017 Summary: Recommended update for bash Severity: moderate References: 1025645 Description: This update for bash provides fixes for better handling of signal functions. ----------------------------------------- Patch: SUSE-2017-1423 Released: Thu Aug 31 14:56:31 2017 Summary: Security update for curl Severity: moderate References: 1015332,1032309,1051644,CVE-2016-9586,CVE-2017-1000100,CVE-2017-7407 Description: This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) ----------------------------------------- Patch: SUSE-2017-1465 Released: Wed Sep 6 09:37:29 2017 Summary: Security update for expat Severity: moderate References: 1047236,1047240,CVE-2016-9063,CVE-2017-9233 Description: This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) ----------------------------------------- Patch: SUSE-2017-1480 Released: Fri Sep 8 14:50:00 2017 Summary: Security update for the Linux Kernel Severity: important References: 1000365,1000380,1012422,1013018,1015452,1023051,1029140,1029850,1030552,1030593,1030814,1032340,1032471,1034026,1034670,1035576,1035721,1035777,1035920,1036056,1036288,1036629,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042615,1042633,1042687,1042832,1042863,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1045154,1045356,1045416,1045479,1045487,1045525,1045538,1045547,1045615,1046107,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049128,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,1055680,784815,792863,799133,909618,919382,928138,938352,943786,948562,962257,971975,972891,986924,990682,995542,CVE-2014-9922,CVE-2016-10277,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850) The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - ALSA: hda - using uninitialized data (bsc#1045538). - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - Add CVE tag to references - CIFS: backport prepath matching fix (bsc#799133). - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128). - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr(). - Fix scripts/bigmem-generate-ifdef-guard to work on all branches - Fix soft lockup in svc_rdma_send (bsc#1044854). - IB/mlx4: Demote mcg message from warning to debug (bsc#919382). - IB/mlx4: Fix ib device initialization error flow (bsc#919382). - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - IB/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - Input: cm109 - validate number of endpoints before using them (bsc#1037193). - Input: hanwang - validate number of endpoints before using them (bsc#1037232). - Input: yealink - validate number of endpoints before using them (bsc#1037227). - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - NFS: Avoid getting confused by confused server (bsc#1045416). - NFS: Fix another OPEN_DOWNGRADE bug (git-next). - NFS: Fix size of NFSACL SETACL operations (git-fixes). - NFS: Make nfs_readdir revalidate less often (bsc#1048232). - NFS: tidy up nfs_show_mountd_netid (git-fixes). - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes). - NFSv4: Fix problems with close in the presence of a delegation (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert 'math64: New div64_u64_rem helper' (bnc#938352). - SUNRPC: Fix a memory leak in the backchannel code (git-fixes). - Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd() (bsc#1045479). - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - USB: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288). - USB: iowarrior: fix NULL-deref in write (bsc#1037359). - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - USB: serial: ark3116: fix register-accessor error handling (git-fixes). - USB: serial: ch341: fix open error handling (bsc#1037441). - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441). - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - USB: serial: io_ti: fix information leak in completion handler (git-fixes). - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441). - USB: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - USB: usbip: fix nonconforming hub descriptor (bsc#1047487). - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - USB: usbtmc: Change magic number to constant (bsc#1036288). - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - USB: usbtmc: add missing endpoint sanity check (bsc#1036288). - USB: usbtmc: fix DMA on stack (bsc#1036288). - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - USB: usbtmc: fix probe error path (bsc#1036288). - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - USB: wusbcore: fix NULL-deref at probe (bsc#1045487). - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - Use make --output-sync feature when available (bsc#1012422). - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU (bsc#1035721). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it') The released kernels are not build with a gas new enough to optimize the jmps so that this patch would be required. (bsc#1051478) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). backporting upstream commit 2f2591a34db6c9361faa316c91a6e320cb4e6aee - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - dentry name snapshots (bsc#1049483). - devres: fix a for loop bounds check (git-fixes). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216) - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fuse: add missing FR_FORCE (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - initial cr0 bits (bnc#1036056, LTC#153612). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jsm: add support for additional Neo cards (bsc#1045615). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md: make sure GET_ARRAY_INFO ioctl reports correct 'clean' status (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - powerpc/ibmebus: Fix device reference leaks in sysfs interface (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (bsc#1032471). - powerpc/mm/slice: Update the function prototype (bsc#1032471). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (bsc#1032471). - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471). - powerpc: Remove STAB code (bsc#1032471). - random32: fix off-by-one in seeding requirement (git-fixes). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched: Do not account bogus utime (bnc#938352). - sched: Fix SD_OVERLAP (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - sfc: do not device_attach if a reset is pending (bsc#909618). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression greater than 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). ----------------------------------------- Patch: SUSE-2017-1484 Released: Mon Sep 11 12:31:51 2017 Summary: Recommended update for yast2-support Severity: low References: 1040706 Description: This update for yast2-support provides the following fix: - Allow support request numbers longer than 11 digits. (bsc#1040706) ----------------------------------------- Patch: SUSE-2017-1575 Released: Thu Sep 21 17:13:47 2017 Summary: Security update for the Linux Kernel Severity: important References: 1057389,CVE-2017-1000251 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote code execution vulnerability. [bnc#1057389] ----------------------------------------- Patch: SUSE-2017-1594 Released: Wed Sep 27 08:48:04 2017 Summary: Recommended update for open-iscsi Severity: low References: 960439 Description: This update for open-iscsi provides fixes and enhancements for iscsiuio: - iscsiuio: Correct the handling of Multi Function mode. - iscsiuio: Get the library to use based on uio sysfs name. - iscsiuio: Wait for interface to be ready before issuing the ping. - iscsiadm: Let ping be tried after interface configuration is initialized. - iscsiuio: Add ping support through iscsiuio. - iscsid: Add socket communication hooks for uip. - iscsid: Changes to support ping through iscsiuio. ----------------------------------------- Patch: SUSE-2017-1596 Released: Wed Sep 27 15:24:03 2017 Summary: Recommended update for autofs Severity: low References: 1046493 Description: This update for autofs improves timeout handling to use a monotonic time source. This prevents negative adjustments of the system clock from affecting expiration of automounted volumes. ----------------------------------------- Patch: SUSE-2017-1661 Released: Tue Oct 10 11:45:02 2017 Summary: Security update for tcpdump Severity: moderate References: 1047873,1057247,CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-13011 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873) - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247). - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247). - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247). - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247). ----------------------------------------- Patch: SUSE-2017-1666 Released: Tue Oct 10 13:13:44 2017 Summary: Recommended update for xinetd Severity: low References: 1034687,1054532,870904,943484,947475,972691 Description: This update for xinetd provides the following fixes: - Specifying multiple log targets in the configuration caused a crash in xinetd, so make sure this is not allowed and in case of misconfiguration handle it correctly. (bsc#1054532) - Fix a race condition that was causing xinetd not to be running after receiving a SIGHUP and a call to bind() failing with error EADDRINUSE. The fix exposes a sysconfig variable named XINETD_BIND_DELAY that can be used to delay calls to bind(). (bsc#972691) - Increase the maximum amount of file descriptors that can be used simultaneously by using poll() instead of select() for socket handling. (bsc#1034687) - Fix an error that was causing a failure in xinetd when trying to fallback from IPv6 to IPv4. (bsc#947475) - Update the documentation about the maximum allowed size of server parameters. (bsc#943484) - Fix a problem that was causing an error message to be displayed in the logs when reloading the service via SIGHUP even when no errors happened. (bsc#870904) ----------------------------------------- Patch: SUSE-2017-1677 Released: Wed Oct 11 15:50:20 2017 Summary: Recommended update for supportutils Severity: important References: 1061282,965682,995387 Description: This update for supportutils fixes the following issues: * A core_pattern containing pipe could have lead to a filesystem corruption (bsc#1061282) * Supportconfig was no longer running the LVM commands vgs and lvs (bsc#995387) * The NCP configuration was being skipped when run on OES2015 (bsc#965682) ----------------------------------------- Patch: SUSE-2017-1680 Released: Thu Oct 12 14:44:29 2017 Summary: Security update for samba Severity: moderate References: 1042419,1058622,1058624,CVE-2017-12150,CVE-2017-12163 Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419). ----------------------------------------- Patch: SUSE-2017-1686 Released: Fri Oct 13 11:51:14 2017 Summary: Security update for the Linux Kernel Severity: important References: 1059525,CVE-2017-1000253 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following issues: - Stack corruption could have lead to local privilege escalation (bsc#1059525, CVE-2017-1000253). ----------------------------------------- Patch: SUSE-2017-1688 Released: Fri Oct 13 16:09:47 2017 Summary: Recommended update for mdadm Severity: moderate References: 1003568,1009954,1020405,1031452,1032802,1047183,953595,966773 Description: This update for mdadm fixes the following issues: - Fix superblock's max_dev when adding a new disk in linear array. (bsc#1032802) - Avoid error message if component devices contain hyphen in name. (bsc#1031452) - Fix misleading error code returned by mdadm --detail on inactive arrays. (bsc#966773, bsc#1020405) - Fix 'Insufficient head-space for reshape' error. (bsc#953595) - Do not assign numbers to missing raid disks when printing information to avoid duplication and confusion. (bsc#1047183) - Only issue change events for kernels older than 2.6.28, preventing a race condition that could lead to broken symbolic links against /dev/mdX devices. (bsc#1003568) - Fix handling of MD arrays with devices that have been assigned very large minor numbers. This affects systems with more than 128 MD arrays. (bsc#1009954) ----------------------------------------- Patch: SUSE-2017-1690 Released: Mon Oct 16 11:51:57 2017 Summary: Recommended update for iproute2 Severity: low References: 1034855,949040,949063,990635 Description: This update for iproute2 provides the following fixes: - Fix command line parser in routel command preventing it from entering in an infinite loop. (bsc#1034855) - Fix the exit code returned by the ip command on failures. (bsc#949040) - Clarify the meaning of 'priority' in ip-rule(8) and ip-route(8) manual pages. (bsc#990635) ----------------------------------------- Patch: SUSE-2017-1767 Released: Tue Oct 24 20:07:06 2017 Summary: Recommended update for logrotate Severity: low References: 1057801,982315 Description: This update for logrotate provides the following fix: - Make sure log files continue to rotate properly when a stale status file is found. (bsc#1057801) - Fix a problem that was causing recent log files to be deleted instead of the oldest ones when using date format. (bsc#982315) ----------------------------------------- Patch: SUSE-2017-1789 Released: Fri Oct 27 14:38:29 2017 Summary: Recommended update for python-azure-agent Severity: low References: 1049480,1050000,1050229,1057888,1058974,1058975 Description: This update for python-azure-agent provides version 2.2.18 and brings the following fixes and improvements: - Fix for sudoer update - Agent should not update outside of goal state - Firewall removal should not retry - OS.EnableFirewall=y broke load balanced sets probing. - The agent should retry ETIMEDOUT (110) IOErrors. - The agent failed to use the standard Linux environment variables for HTTP proxy. - Adjust http retry and logging. - Add Provisioning.SshHostKeyPairType=auto to support ssh-keygen -A. - Prevent bloating sudoers waagent when agent has problem. - HostGAPlugin used proxy while auto-updating. - Agent failed to clean-up PID files. - The agent emitted duplicate events. - The agent is now more gracefully with handling out-of-space disk errors (IOError 28). - Comments inline in /etc/waagent.conf caused configuration to not be read. - Agent failed and wasn't recoverable if an extension's log directory was not present. - Show configuration options in use. - Ensure VM identifier is properly ordered. - ')' was missing in show-configuration. - Didn't get to state 'Running' with Provisioning.Enabled=n. - Prevent the RDMA driver from re-installing if the same version is already installed, avoiding an endless reboot loop. (bsc#1057888) - Do not refresh the repository when the local RDMA kmp has been installed. The repository access has already failed. (bsc#1050229) - Remove timeout udev rules. The timeout is being set by the agent code. (bsc#1049480) - Relax de-provisioning when VM identifier changes. - HostGAPlugin requests should never go through proxy. - Fix waagent -configuration-path:/path -start. - Add client object for MetadataProtocol. - Do not execute de-provision if input is 'n'. - Do not remove /etc/resolv.conf if a VM base on an specialized image is created. - Remove Agent WALinuxAgent-2.2.12 from blacklist. - Added dependency on systemd. ----------------------------------------- Patch: SUSE-2017-1806 Released: Thu Nov 2 13:09:27 2017 Summary: Security update for SuSEfirewall2 Severity: moderate References: 1064127,CVE-2017-15638 Description: This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. ----------------------------------------- Patch: SUSE-2017-1825 Released: Wed Nov 8 08:45:45 2017 Summary: Security update for perl Severity: low References: 1047178,CVE-2017-6512 Description: This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - reformat baselibs.conf as source validator workaround ----------------------------------------- Patch: SUSE-2017-1835 Released: Thu Nov 9 04:01:31 2017 Summary: Recommended update for SuSEfirewall2 Severity: important References: 1067057 Description: This update for SuSEfirewall2 fixes the following issues: - Fixed a regression that was introduced by the previous security update. The regression caused some rpcinfo related configurations of SuSEfirewall2 to fail. For example the setting FW_CONFIGURATIONS_EXT='nfs-kernel-server' no longer correctly opened up the necessary ports for the nfs server, consequently making NFS unavailable (bsc#1067057). ----------------------------------------- Patch: SUSE-2017-1883 Released: Wed Nov 22 17:00:14 2017 Summary: Recommended update for timezone Severity: low References: 1064571 Description: This update provides the latest timezone information (2017c) for your system, including following changes: - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. ----------------------------------------- Patch: SUSE-2017-1973 Released: Fri Dec 1 10:09:41 2017 Summary: Recommended update for zip Severity: low References: 1068346 Description: This update for zip provides the following fix: - Fix memory leaks when appending files (bsc#1068346) ----------------------------------------- Patch: SUSE-2017-1984 Released: Fri Dec 1 15:02:36 2017 Summary: Security update for curl Severity: moderate References: 1061876,CVE-2017-1000254 Description: This update for curl fixes the following security issues: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) ----------------------------------------- Patch: SUSE-2017-1988 Released: Fri Dec 1 15:05:54 2017 Summary: Security update for ncurses Severity: important References: 1056127,1056128,1056129,1056131,1056132,1056136,1069530,CVE-2017-13728,CVE-2017-13729,CVE-2017-13730,CVE-2017-13731,CVE-2017-13732,CVE-2017-13733,CVE-2017-16879 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530). ----------------------------------------- Patch: SUSE-2017-1997 Released: Mon Dec 4 20:43:55 2017 Summary: Recommended update for mcelog Severity: low References: 1061637 Description: This update for mcelog provides the following enhancement: - Added support for 'skylake server' aka SKYLAKE_XEON. (bsc#1061637) ----------------------------------------- Patch: SUSE-2017-2010 Released: Thu Dec 7 15:27:09 2017 Summary: Security update for procmail Severity: moderate References: 1068648,CVE-2017-16844 Description: This update for procmail fixes the following issues: Security issue fixed: - CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. (bnc#1068648) ----------------------------------------- Patch: SUSE-2017-2023 Released: Fri Dec 8 12:27:54 2017 Summary: Recommended update for openssl Severity: moderate References: 1032261,1034941,1065363 Description: This update for openssl fixes the following issues: Bugs fixed: - Backported alternative certificate chain lookup patches (bsc#1032261) - Fixed a crash in DES_fcrypt (bsc#1065363) - Backport the DEFAULT_SUSE cipher list we use in SUSE Linux Enterprise 12 (bsc#1034941) ----------------------------------------- Patch: SUSE-2017-2029 Released: Mon Dec 11 10:39:40 2017 Summary: Recommended update for libmspack Severity: low References: 1063072 Description: This update for libmspack fixes the following issues: - Add a pkgconfig file for use with libmspack-devel (bsc#1063072) ----------------------------------------- Patch: SUSE-2017-2033 Released: Mon Dec 11 17:29:12 2017 Summary: Security update for the Linux Kernel Severity: important References: 1012917,1013018,1022967,1024450,1031358,1036286,1036629,1037441,1037667,1037669,1037994,1039803,1040609,1042863,1045154,1045205,1045327,1045538,1047523,1050381,1050431,1051133,1051932,1052311,1052365,1052370,1052593,1053148,1053152,1053317,1053802,1053933,1054070,1054076,1054093,1054247,1054305,1054706,1056230,1056504,1056588,1057179,1057796,1058524,1059051,1060245,1060665,1061017,1061180,1062520,1062842,1063301,1063544,1063667,1064803,1064861,1065180,1066471,1066472,1066573,1066606,1066618,1066625,1066650,1066671,1066700,1066705,1067085,1067816,1067888,909484,984530,996376,CVE-2017-1000112,CVE-2017-10661,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14140,CVE-2017-14340,CVE-2017-14489,CVE-2017-15102,CVE-2017-15265,CVE-2017-15274,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16649,CVE-2017-8831 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). - CVE-2017-1000112: An exploitable memory corruption due to UFO to non-UFO path switch was fixed. (bnc#1052311 bnc#1052365). The following non-security bugs were fixed: - alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538). - alsa: hda - fix Lewisburg audio issue (fate#319286). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538). - alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538). - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017). - nfs: Cache aggressively when file is open for writing (bsc#1053933). - nfs: Do drop directory dentry when error clearly requires it (bsc#1051932). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1053933). # Conflicts: # series.conf - nfs: Optimize fallocate by refreshing mapping when needed (bsc#1053933). - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - nfs: invalidate file size when taking a lock (bsc#1053933). - pci: fix hotplug related issues (bnc#1054247, LTC#157731). - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be enabled on x86_64/xen architecture because xen can work with shim on x86_64. Enabling the following kernel config to load certificate from db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093). - autofs: do not fail mount for transient error (bsc#1065180). - xen: avoid deadlock in xenbus (bnc#1047523). - blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - bnx2x: prevent crash when accessing PTP with interface down (bsc#1060665). - cx231xx-audio: fix NULL-deref at probe (bsc#1050431). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - dm bufio: fix integer overflow when limiting maximum cache size (git-fixes). - drm/mgag200: Fixes for G200eH3. (bnc#1062842) - fnic: Use the local variable instead of I/O flag to acquire io_req_lock in fnic_queuecommand() to avoid deadloack (bsc#1067816). - fuse: do not use iocb after it may have been freed (bsc#1054706). - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706). - fuse: fsync() did not return IO errors (bsc#1054076). - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gspca: konica: add missing endpoint sanity check (bsc#1050431). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484). - kabi fix for new hash_cred function (bsc#1012917). - kabi/severities: Ignore zpci symbol changes (bsc#1054247) - lib/mpi: mpi_read_raw_data(): fix nbits calculation (fate#314508). - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl() (bsc#1051133). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180). - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431). - net: Fix RCU splat in af_key (bsc#1054093). - netback: coalesce (guest) RX SKBs as needed (bsc#1056504). - nfs: Fix ugly referral attributes (git-fixes). - nfs: improve shinking of access cache (bsc#1012917). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667). - powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1064861, git-fixes). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888, git-fixes f2ab6219969f). - powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070). - powerpc/xics: Harden xics hypervisor backend (bnc#1056230). - powerpc: Correct instruction code for xxlor instruction (bsc#1064861, git-fixes). - powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861, git-fixes). - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230). - powerpc: Make sure IPI handlers see data written by IPI senders (bnc#1056230). - reiserfs: fix race in readdir (bsc#1039803). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247, LTC#157731). - s390/pci: fix handling of PEC 306 (bnc#1054247, LTC#157731). - s390/pci: improve error handling during fmb (de)registration (bnc#1054247, LTC#157731). - s390/pci: improve error handling during interrupt deregistration (bnc#1054247, LTC#157731). - s390/pci: improve pci hotplug (bnc#1054247, LTC#157731). - s390/pci: improve unreg_ioat error handling (bnc#1054247, LTC#157731). - s390/pci: introduce clp_get_state (bnc#1054247, LTC#157731). - s390/pci: provide more debug information (bnc#1054247, LTC#157731). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1063301, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060245, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060245, LTC#159177). - scsi: avoid system stall due to host_busy race (bsc#1031358). - scsi: close race when updating blocked counters (bsc#1031358). - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317). - scsi: reset wait for IO completion (bsc#996376). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1060245, LTC#158494). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1060245, LTC#158494). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1060245, LTC#158493). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1060245, LTC#158494). - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381). - usb-serial: check for NULL private data in pl2303_suse_disconnect (bsc#1064803). - uwb: fix device quirk on big-endian hosts (bsc#1036629). - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#1036286). - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - xfs: fix inobt inode allocation search optimization (bsc#1013018). ----------------------------------------- Patch: SUSE-2018-13 Released: Thu Jan 4 08:51:18 2018 Summary: Security update for the Linux Kernel Severity: important References: 1013018,1024612,1034862,1045479,1045538,1047487,1048185,1050231,1050431,1056982,1063043,1065180,1065600,1066569,1066693,1066973,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874,CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15115,CVE-2017-15868,CVE-2017-16534,CVE-2017-16538,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, the IBM Power and IBM zSeries architecture. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This update does this on the Intel x86_64 and IBM Power architecture. Updates are also necessary for the ARM architecture, but will be delivered in the next round of updates. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The following non-security bugs were fixed: - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1048185). - autofs: fix careless error in recent commit (bsc#1065180). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - ecryptfs: fix dereference of NULL user_key_payload (bsc#1013018). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1013018). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1013018). - fs: prevent speculative execution (bnc#1068032). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1045538). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1050431). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1072457, LTC#148203). - s390: add ppa to system call and program check path (bsc#1068032). - s390/disassembler: correct disassembly lines alignment (bnc#1066973, LTC#161577). - s390/disassembler: increase show_code buffer size (bnc#1066973, LTC#161577). - s390: fix transactional execution control register handling (bnc#1072457, LTC#162116). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1066973, LTC#160081). - temporary fix (bsc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - video: udlfb: Fix read EDID timeout (bsc#1045538). - watchdog: hpwdt: add support for iLO5 (bsc#1024612). - watchdog/hpwdt: Check source of NMI (bsc#1024612). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). - zd1211rw: fix NULL-deref at probe (bsc#1045479). ----------------------------------------- Patch: SUSE-2018-20 Released: Thu Jan 4 14:40:45 2018 Summary: Security update for samba Severity: moderate References: 1016531,1063008,CVE-2017-15275 Description: This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - s3/libads: fix seal/signed ldap connections so they are reused; (bsc#1016531). ----------------------------------------- Patch: SUSE-2018-23 Released: Fri Jan 5 13:57:36 2018 Summary: Recommended update for icu Severity: moderate References: 1037416,CVE-2014-9911 Description: This update for icu fixes the following issue: - Fix international date/time format output (a regression caused by the fix for CVE-2014-9911) (bsc#1037416). ----------------------------------------- Patch: SUSE-2018-57 Released: Fri Jan 12 09:47:38 2018 Summary: Security update for glibc Severity: important References: 1074293,CVE-2018-1000001 Description: This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] ----------------------------------------- Patch: SUSE-2018-71 Released: Mon Jan 15 13:32:22 2018 Summary: Recommended update for xfsprogs Severity: low References: 1066353 Description: This update for xfsprogs provides the following fix: - Improved xfs_repair performance on large filesystems. (bsc#1066353) ----------------------------------------- Patch: SUSE-2018-85 Released: Wed Jan 17 08:32:35 2018 Summary: Security update for rsync Severity: moderate References: 1066644,1071459,1071460,CVE-2017-16548,CVE-2017-17433,CVE-2017-17434 Description: This update for rsync fixes the following issues: Security issues fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions' (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). ----------------------------------------- Patch: SUSE-2018-95 Released: Thu Jan 18 09:47:04 2018 Summary: Security update for the Linux Kernel Severity: important References: 1068032,CVE-2017-5715,CVE-2017-5753 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. ----------------------------------------- Patch: SUSE-2018-114 Released: Mon Jan 22 11:36:25 2018 Summary: Security update for perl-XML-LibXML Severity: important References: 1046848,CVE-2017-10672 Description: This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) ----------------------------------------- Patch: SUSE-2018-117 Released: Mon Jan 22 12:54:10 2018 Summary: Security update for rsync Severity: moderate References: 1076503,CVE-2018-5764 Description: This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) ----------------------------------------- Patch: SUSE-2018-123 Released: Tue Jan 23 10:38:29 2018 Summary: Security update for ncurses Severity: moderate References: 1056127,CVE-2017-13733 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). ----------------------------------------- Patch: SUSE-2018-135 Released: Wed Jan 24 12:11:19 2018 Summary: Security update for libexif Severity: moderate References: 1059893,CVE-2017-7544 Description: This update for libexif fixes the following security issue: - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) ----------------------------------------- Patch: SUSE-2018-147 Released: Thu Jan 25 11:47:39 2018 Summary: Recommended update for openldap2 Severity: low References: 1064213 Description: This update for openldap2 provides the following fix: - Read system wide certificate directory by default (bsc#1064213) - Avoid hiding the error if specified CA location cannot be read (bsc#1064213) ----------------------------------------- Patch: SUSE-2018-153 Released: Fri Jan 26 08:47:15 2018 Summary: Security update for curl Severity: moderate References: 1027712,1077001,CVE-2016-7141,CVE-2018-1000007 Description: This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list (bsc#1027712] ----------------------------------------- Patch: SUSE-2018-171 Released: Fri Jan 26 17:40:46 2018 Summary: Security update for xorg-x11-libs Severity: moderate References: 1049692,1050459,1054285,1065386,CVE-2017-13720,CVE-2017-13722,CVE-2017-16612 Description: This update for xorg-x11-libs fixes several issues. These security issues were fixed: - CVE-2017-16612: Heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments (bsc#1065386). - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) ----------------------------------------- Patch: SUSE-2018-183 Released: Mon Jan 29 14:36:14 2018 Summary: Security update for libevent Severity: moderate References: 1022917,1022918,1022919,CVE-2016-10195,CVE-2016-10196,CVE-2016-10197 Description: This update for libevent fixes the following issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) (backport for 2.0.21) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) ----------------------------------------- Patch: SUSE-2018-212 Released: Tue Jan 30 13:04:50 2018 Summary: Security update for gcc43 Severity: moderate References: 1039513,1044016,1045091,1059075,1074621,938159,977654,999596,CVE-2017-1000376 Description: This update for gcc43 fixes the following issues: Security issue fixed: - CVE-2017-1000376: Don't request excutable stack from libffi. [bnc#1045091] New features: - Add support for retpolines to mitigate the Spectre Variant 2 attack. [bnc#1074621] - Add support for zero-sized VLAs and allocas with -fstack-clash-protection. [bnc#1059075] - Add support for -fstack-clash-protection to mitigate the Stack Clash attack. [bnc#1039513] Non security bugs fixed: - Fixed build of 32bit libgcov.a with LFS support. [bsc#1044016] - Fixed issue with libstdc++ functional when an exception is thrown during construction. [bsc#999596] - Fixed issue with using gcov and #pragma pack. [bsc#977654] - Fixed ICE compiling AFS modules for the s390x kernel. [bsc#938159] - Backport large file support from GCC 4.6. ----------------------------------------- Patch: SUSE-2018-254 Released: Mon Feb 5 08:32:39 2018 Summary: Security update for bind Severity: important References: 1040039,1047184,1076118,CVE-2017-3145 Description: This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) ----------------------------------------- Patch: SUSE-2018-267 Released: Tue Feb 6 17:46:06 2018 Summary: Recommended update for openssl-certs Severity: moderate References: 1010996,1071152,1071390 Description: This update for openssl-certs fixes the following issues: The system SSL root certificate store was updated to Mozilla certificate version 2.22 from January 2018. (bsc#1071152 bsc#1071390 bsc#1010996) The old 1024 bit legacy CAs that were temporary left in to allow in-chain root certificates were removed as openssl is now able to handle them. Further changes coming from Mozilla: - New Root CAs added: * Amazon Root CA 1: (email protection, server auth) * Amazon Root CA 2: (email protection, server auth) * Amazon Root CA 3: (email protection, server auth) * Amazon Root CA 4: (email protection, server auth) * Certplus Root CA G1: (email protection, server auth) * Certplus Root CA G2: (email protection, server auth) * D-TRUST Root CA 3 2013: (email protection) * GDCA TrustAUTH R5 ROOT: (server auth) * Hellenic Academic and Research Institutions ECC RootCA 2015: (email protection, server auth) * Hellenic Academic and Research Institutions RootCA 2015: (email protection, server auth) * ISRG Root X1: (server auth) * LuxTrust Global Root 2: (server auth) * OpenTrust Root CA G1: (email protection, server auth) * OpenTrust Root CA G2: (email protection, server auth) * OpenTrust Root CA G3: (email protection, server auth) * SSL.com EV Root Certification Authority ECC: (server auth) * SSL.com EV Root Certification Authority RSA R2: (server auth) * SSL.com Root Certification Authority ECC: (email protection, server auth) * SSL.com Root Certification Authority RSA: (email protection, server auth) * Symantec Class 1 Public Primary Certification Authority - G4: (email protection) * Symantec Class 1 Public Primary Certification Authority - G6: (email protection) * Symantec Class 2 Public Primary Certification Authority - G4: (email protection) * Symantec Class 2 Public Primary Certification Authority - G6: (email protection) * TrustCor ECA-1: (email protection, server auth) * TrustCor RootCert CA-1: (email protection, server auth) * TrustCor RootCert CA-2: (email protection, server auth) * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1: (server auth) - Removed root CAs: * AddTrust Public Services Root * AddTrust Public CA Root * AddTrust Qualified CA Root * ApplicationCA - Japanese Government * Buypass Class 2 CA 1 * CA Disig Root R1 * CA WoSign ECC Root * Certification Authority of WoSign G2 * Certinomis - Autorité Racine * Certum Root CA * China Internet Network Information Center EV Certificates Root * CNNIC ROOT * Comodo Secure Services root * Comodo Trusted Services root * ComSign Secured CA * EBG Elektronik Sertifika Hizmet Sağlayıcısı * Equifax Secure CA * Equifax Secure eBusiness CA 1 * Equifax Secure Global eBusiness CA * GeoTrust Global CA 2 * IGC/A * Juur-SK * Microsec e-Szigno Root CA * PSCProcert * Root CA Generalitat Valenciana * RSA Security 2048 v3 * Security Communication EV RootCA1 * Sonera Class 1 Root CA * StartCom Certification Authority * StartCom Certification Authority G2 * S-TRUST Authentication and Encryption Root CA 2005 PN * Swisscom Root CA 1 * Swisscom Root EV CA 2 * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 * UTN USERFirst Hardware Root CA * UTN USERFirst Object Root CA * VeriSign Class 3 Secure Server CA - G2 * Verisign Class 1 Public Primary Certification Authority * Verisign Class 2 Public Primary Certification Authority - G2 * Verisign Class 3 Public Primary Certification Authority * WellsSecure Public Root Certificate Authority * Certification Authority of WoSign * WoSign China - Removed Code Signing rights from a lot of CAs (not listed here). - Removed Server Auth rights from: * AddTrust Low-Value Services Root * Camerfirma Chambers of Commerce Root * Camerfirma Global Chambersign Root * Swisscom Root CA 2 ----------------------------------------- Patch: SUSE-2018-275 Released: Thu Feb 8 08:54:25 2018 Summary: Security update for libxml2 Severity: moderate References: 1069689,1077993,1078806,1078813,CVE-2016-5131,CVE-2017-15412,CVE-2017-16932,CVE-2017-5130 Description: This update for libxml2 fixes several issues. Theses security issues were fixed: - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689). - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) ----------------------------------------- Patch: SUSE-2018-278 Released: Fri Feb 9 12:59:19 2018 Summary: Security update for libdb-4_5 Severity: moderate References: 1043886 Description: This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) ----------------------------------------- Patch: SUSE-2018-306 Released: Wed Feb 14 16:03:07 2018 Summary: Security update for dhcp Severity: moderate References: 1023415,1076119,CVE-2017-3144 Description: This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119) This non-security issue was fixed: - Enhance dhclient-script to handle static route updates. (bsc#1023415) ----------------------------------------- Patch: SUSE-2018-311 Released: Thu Feb 15 13:44:47 2018 Summary: Recommended update for gcc43 Severity: moderate References: 1074621 Description: This update for gcc43 fixes the following issues: - Fixed a bug in the indirect retpoline thunk generations. (bsc#1074621) ----------------------------------------- Patch: SUSE-2018-318 Released: Fri Feb 16 11:34:25 2018 Summary: Security update for freetype2 Severity: moderate References: 1028103,1035807,1036457,CVE-2016-10244,CVE-2017-8105,CVE-2017-8287 Description: This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (bsc#1028103). - CVE-2017-8105: Fixed an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) ----------------------------------------- Patch: SUSE-2018-322 Released: Fri Feb 16 15:59:41 2018 Summary: Security update for gtk2 Severity: moderate References: 1053417 Description: This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE (bsc#1053417). ----------------------------------------- Patch: SUSE-2018-323 Released: Fri Feb 16 16:00:22 2018 Summary: Security update for unzip Severity: moderate References: 1080074,CVE-2018-1000035 Description: This update for unzip fixes the following issues: - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives (bsc#1080074) ----------------------------------------- Patch: SUSE-2018-340 Released: Wed Feb 21 16:23:45 2018 Summary: Recommended update for timezone, timezone-java Severity: low References: 1073275 Description: This update provides the latest timezone information (2018c) for your system, including following changes: - Sao Tome and Principe switched from +00 to +01 on 2018-01-01. - Southern Brazil's DST will now start on November's first Sunday. (bsc#1073275) - New zic option -t to specify the time zone file if TZ is unset. ----------------------------------------- Patch: SUSE-2018-367 Released: Tue Feb 27 17:14:53 2018 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1045538,1048585,1050431,1054305,1059174,1060279,1060682,1063544,1064861,1068032,1068984,1069508,1070623,1070781,1073311,1074488,1074621,1074880,1075088,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076437,1076849,1077191,1077355,1077406,1077487,1077560,1077922,1078875,1079917,1080133,1080359,1080363,1080372,1080579,1080685,1080774,1081500,936530,962257,CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce 'error_writes' feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - nfsd: do not share group_info among threads (bsc@1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032 CVE-2017-5754). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bsc#1068032 CVE-2017-5715). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). ----------------------------------------- Patch: SUSE-2018-376 Released: Wed Feb 28 17:32:18 2018 Summary: Security update for glibc Severity: important References: 1037930,1051791,1074293,1079036,978209,CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551 Description: This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) ----------------------------------------- Patch: SUSE-2018-411 Released: Mon Mar 5 10:43:24 2018 Summary: Security update for puppet Severity: moderate References: 1040151,1077767,CVE-2017-2295 Description: This update for puppet fixes the following issues: - CVE-2017-2295: Fixed a security vulnerability where an attacker could force YAML deserialization in an unsafe manner, which would lead to remote code execution. In default, this update would break a backwards compatibility with Puppet agents older than 3.2.2 as the SLE11 master doesn't support other fact formats than pson in default anymore. In order to allow users to continue using their SLE11 agents a patch was added that enables sending PSON from agents. For non-SUSE clients older that 3.2.2 a new puppet master boolean option 'dangerous_fact_formats' was added. When it's set to true it enables using dangerous fact formats (e.g. YAML). When it's set to false, only PSON fact format is accepted. (bsc#1040151), (bsc#1077767) ----------------------------------------- Patch: SUSE-2018-441 Released: Fri Mar 9 14:06:51 2018 Summary: Security update for augeas Severity: moderate References: 1054171,925225,CVE-2014-8119,CVE-2017-7555 Description: This update for augeas fixes the following issues: Security issues fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). - CVE-2014-8119: Fix improper handling of escaped strings leading to memory corruption (bsc#925225). ----------------------------------------- Patch: SUSE-2018-454 Released: Wed Mar 14 07:55:39 2018 Summary: Recommended update for openssl Severity: moderate References: 1081056,1083463 Description: This update for openssl fixes the following issues: - Provide a DEFAULT_SUSE cipher list capability which packages can require (bsc#1081056, bsc#1083463) ----------------------------------------- Patch: SUSE-2018-521 Released: Thu Mar 22 08:19:28 2018 Summary: Security update for python Severity: moderate References: 1068664,CVE-2017-1000158 Description: This update for python fixes the following issues: - CVE-2017-1000158: Fixed integer overflow in thePyString_DecodeEscape function (bsc#1068664). ----------------------------------------- Patch: SUSE-2018-523 Released: Thu Mar 22 11:37:14 2018 Summary: Security update for samba Severity: moderate References: 1081741,CVE-2018-1050 Description: This update for samba fixes the following issues: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) ----------------------------------------- Patch: SUSE-2018-539 Released: Fri Mar 23 17:21:01 2018 Summary: Recommended update for release-notes-sles Severity: low References: 1078361,1079501 Description: This update for release-notes-sles fixes the following issues: - Change supported RAM for ppc64 to 32 TiB (bsc#1079501, bsc#1078361). ----------------------------------------- Patch: SUSE-2018-547 Released: Mon Mar 26 11:49:54 2018 Summary: Security update for ntp Severity: moderate References: 1077445,1082210,1083417,1083420,1083422,1083424,1083426,CVE-2016-1549,CVE-2018-7170,CVE-2018-7182,CVE-2018-7183,CVE-2018-7184,CVE-2018-7185 Description: This update for ntp fixes the following issues: Security issues fixed: - CVE-2016-1549: Significant additional protections against CVE-2016-1549 that was fixed in ntp-4.2.8p7 (bsc#1082210). - CVE-2018-7170: Ephemeral association time spoofing additional protection (bsc#1083424). - CVE-2018-7182: Buffer read overrun leads information leak in ctl_getitem() (bsc#1083426). - CVE-2018-7183: decodearr() can write beyond its buffer limit (bsc#1083417). - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state (bsc#1083422). - CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association (bsc#1083420). Bug fixes: - bsc#1077445: Don't use libevent's cached time stamps in sntp. - Disable CMAC in ntp when building against a version of OpenSSL that doesn't support it. ----------------------------------------- Patch: SUSE-2018-559 Released: Wed Mar 28 16:38:26 2018 Summary: Recommended update for suse-build-key Severity: moderate References: 1082022,1085512 Description: This update for suse-build-key contains the following changes: - Extended GPG signings keys (bsc#1085512): - SUSE Linux Enterprise Server 10: pub dsa1024/0xA84EDAE89C800ACA 2000-10-19 [SC] [expires: 2022-03-14] uid SuSE Package Signing Key sub elg2048/0x197448E88495160C 2000-10-19 [E] [expires: 2022-03-14] - SUSE Linux Enterprise Server 11: pub rsa1024/0xE3A5C360307E3D54 2006-03-21 [SC] [expires: 2022-03-14] uid SuSE Package Signing Key - PTF key: pub dsa1024/0x6C74CE73B37B98A9 2005-05-11 [SC] [expires: 2022-03-14] uid SUSE PTF Signing Key sub elg1024/0x74FB5EEF6647760C 2005-05-11 [E] [expires: 2022-03-14] - Added a new security@suse.de E-Mail contact key. (bsc#1082022) pub rsa4096/0x21FE92322BA9E067 2018-03-15 [SC] [expires: 2020-03-14] Fingerprint = EC7C 5EAB 2C34 09A6 4F3B BE6E 21FE 9232 2BA9 E067 uid SUSE Security Team uid SUSE Security Team sub rsa4096/0xFF97314EC1E11A0E 2018-03-15 [E] [expires: 2020-03-14] ----------------------------------------- Patch: SUSE-2018-561 Released: Thu Mar 29 08:27:11 2018 Summary: Security update for freetype2 Severity: moderate References: 1034191,CVE-2016-10328 Description: This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10328: Fixed heap-based buffer overflow in cff_parser_run function in cff/cffparse.c (bsc#1034191). ----------------------------------------- Patch: SUSE-2018-571 Released: Tue Apr 3 09:47:40 2018 Summary: Security update for krb5 Severity: moderate References: 1056995,1083926,1083927,970696,CVE-2017-11462,CVE-2018-5729,CVE-2018-5730 Description: This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). This non-security issue was fixed: - Avoid indefinite polling in KDC communication. (bsc#970696) ----------------------------------------- Patch: SUSE-2018-581 Released: Tue Apr 3 18:42:20 2018 Summary: Security update for coreutils Severity: important References: 1023041,CVE-2017-2616 Description: This update for coreutils fixes one issue. This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041) ----------------------------------------- Patch: SUSE-2018-591 Released: Thu Apr 5 10:38:12 2018 Summary: Security update for glibc Severity: moderate References: 1076871,1081556,CVE-2017-12133 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger (bsc#1076871) ----------------------------------------- Patch: SUSE-2018-603 Released: Sun Apr 8 21:40:19 2018 Summary: Security update for libidn Severity: moderate References: 1056450,CVE-2017-14062 Description: This update for libidn fixes one issues. This security issue was fixed: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). ----------------------------------------- Patch: SUSE-2018-650 Released: Mon Apr 16 19:20:10 2018 Summary: Recommended update for timezone, timezone-java Severity: low References: 1086729 Description: This update provides the latest timezone information (2018d) for your system, including following changes: - In 2018, Palestine starts DST on March 24, not March 31. - Casey Station in Antarctica changed from +11 to +08 on 2018-03-11 at 04:00 (bsc#1086729). - corrections for historical transitions. ----------------------------------------- Patch: SUSE-2018-653 Released: Wed Apr 18 08:29:46 2018 Summary: Security update for perl Severity: moderate References: 1082216,1082233,CVE-2018-6798,CVE-2018-6913 Description: This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). ----------------------------------------- Patch: SUSE-2018-654 Released: Wed Apr 18 08:30:45 2018 Summary: Security update for openssl Severity: important References: 1087102,CVE-2018-0739 Description: This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102) ----------------------------------------- Patch: SUSE-2018-713 Released: Fri Apr 20 15:21:55 2018 Summary: Security update for zsh Severity: moderate References: 1089030,CVE-2018-1100 Description: This update for zsh fixes the following issues: - CVE-2018-1100: Fixed a buffer overflow in utils.c:checkmailpath() that could lead to local arbitrary code execution ( bsc#1089030) ----------------------------------------- Patch: SUSE-2018-717 Released: Mon Apr 23 13:56:38 2018 Summary: Recommended update for xorg-x11-libxcb, xorg-x11-libX11 Severity: moderate References: 1070498 Description: This update for xorg-x11-libxcb, xorg-x11-libX11 provides the following fix: - Backport a new XCB hand off mechanism to fix crashes in some clients. (bsc#1070498) ----------------------------------------- Patch: SUSE-2018-738 Released: Wed Apr 25 15:27:18 2018 Summary: Security update for the Linux Kernel Severity: important References: 1010470,1013018,1039348,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087260,1087762,1088147,1088260,1089608,909077,940776,943786,CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2017-5715,CVE-2018-10087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Enhancements and bugfixes over the previous fixes have been added to this kernel. - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: There was a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085513, LTC#165135). - cifs: fix buffer overflow in cifs_build_path_to_root() (bsc#1085113). - drm/mgag200: fix a test in mga_vga_mode_valid() (bsc#1087092). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1013018). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1013018). - ide-cd: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - kabi: x86/kaiser: properly align trampoline stack. - keys: do not let add_key() update an uninstantiated key (bnc#1063416). - keys: prevent creating a different user's keyrings (bnc#1065999). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - nfsv4: fix getacl head length estimation (git-fixes). - pci: Use function 0 VPD for identical functions, regular VPD for others (bnc#943786 git-fixes). - pipe: actually allow root to exceed the pipe buffer limits (git-fixes). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075088). - qeth: repair SBAL elements calculation (bnc#1085513, LTC#165484). - Revert 'USB: cdc-acm: fix broken runtime suspend' (bsc#1067912) - s390/qeth: fix underestimated count of buffer elements (bnc#1082091, LTC#164529). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xen/x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - xen/x86/cpu: Check speculation control CPUID bit (bsc#1068032). - xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - xen/x86/cpu: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/idle: Toggle IBRS when going idle (bsc#1068032). - xen/x86/kaiser: Move feature detection up (bsc#1068032). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). ----------------------------------------- Patch: SUSE-2018-741 Released: Thu Apr 26 13:24:00 2018 Summary: Recommended update for bind Severity: moderate References: 908850 Description: This update for bind provides the following fix: - Change /var/lib/named owner to named:named so that it is writable by bind.(bsc#908850) ----------------------------------------- Patch: SUSE-2018-780 Released: Wed May 2 22:21:22 2018 Summary: Recommended update for nfs-utils Severity: low References: 1036504,1076271 Description: This update for nfs-utils provides the following fixes: - Improve interoperability with AD kerberos (bsc#1036504) - Correctly handle 'port=0' option in mount. If '0' is passed, rpcbind should be queried to discover the actual non-zero port number to use. (bsc#1076271) ----------------------------------------- Patch: SUSE-2018-804 Released: Mon May 7 17:15:33 2018 Summary: Security update for patch Severity: important References: 1059698,1080918,1088420,662957,914891,CVE-2010-4651,CVE-2014-9637,CVE-2016-10713,CVE-2018-1000156 Description: This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957): ----------------------------------------- Patch: SUSE-2018-815 Released: Tue May 8 19:38:09 2018 Summary: Security update for the Linux Kernel Severity: important References: 1032084,1050431,1065726,1087088,1089665,1089668,1089752,CVE-2018-10124,CVE-2018-1087,CVE-2018-8897 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). The following non-security bugs were fixed: - kvm/x86: fix icebp instruction handling (bsc#1087088). - media: cpia2: Fix a couple off by one bugs (bsc#1050431). - nfs: add nostatflush mount option (bsc#1065726). - nfs: allow flush-on-stat to be disabled (bsc#1065726). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bnc#1032084, FATE#323225). - powerpc/fadump: reuse crashkernel parameter for fadump memory reservation (bnc#1032084, FATE#323225). - powerpc/fadump: update documentation about crashkernel parameter reuse (bnc#1032084, FATE#323225). - powerpc/fadump: use 'fadump_reserve_mem=' when specified (bnc#1032084, FATE#323225). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). ----------------------------------------- Patch: SUSE-2018-821 Released: Wed May 9 14:00:43 2018 Summary: Security update for tiff Severity: moderate References: 1007280,1011107,1011845,1017688,1017690,1017691,1017692,1031255,1046077,1048937,1074318,960341,983436,CVE-2015-7554,CVE-2016-10095,CVE-2016-10268,CVE-2016-3945,CVE-2016-5318,CVE-2016-5652,CVE-2016-9453,CVE-2016-9536,CVE-2017-11335,CVE-2017-17973,CVE-2017-9935 Description: This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845) - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077). - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341). - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436). - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,). - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255) - An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691). - Fixed an invalid memory read which could lead to a crash (bsc#1017692). - Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688). ----------------------------------------- Patch: SUSE-2018-917 Released: Tue May 15 16:08:05 2018 Summary: Recommended update for timezone, timezone-java Severity: low References: 1073299 Description: This update provides the latest timezone information (2018e) for your system, including following changes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter (bsc#1073299) ----------------------------------------- Patch: SUSE-2018-938 Released: Wed May 16 21:51:40 2018 Summary: Security update for curl Severity: moderate References: 1081056,1083463,1084137,1084521,1084524,1084532,1085124,1086825,1087922,1090194,CVE-2018-1000120,CVE-2018-1000121,CVE-2018-1000122 Description: This update for curl fixes the following issues: curl was updated to version 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825) ----------------------------------------- Patch: SUSE-2018-940 Released: Thu May 17 21:01:08 2018 Summary: Recommended update for mdadm Severity: moderate References: 1032802,1068175,1081910,808647,881530,882634,887773,923920,926517,926767,953595,966773 Description: This update for mdadm provides the backporting of some critical fixes from upstream, and replace some existing patches with their upstream counterpart (bsc#1081910). The following fixes are included: - Grow: Followup fix for a problem that reshape fails to continue after restart on RAID array. (bsc#881530) - IMSM: Add warning message when assemble spanned container. (bsc#882634) - mdmon: Allow prepare_update to report failures. (bsc#1081910) - DDF, IMSM: Validate metadata_update size before using it. (bsc#1081910) - Grow: Do not try to restart if reshape is running. (bsc#887773) - IMSM: Move 'validate_container_imsm' to be included in mdassemble. (bsc#1081910) - Grow: Fix a problem that was preventing the resize of an array to 32bit size. (bsc#1081910) - Assemble: Only fail auto-assemble in case of mdadm.conf conflicts. (bsc#1081910) - super: Make sure to ignore disk state flags that we don't understand. (bsc#1081910) - mdmon: Don't include super0 and super1 in mdmon. (bsc#1081910) - config: Add a new option to suppress adding bad block lists. (bsc#1081910) - Manage: Fix the removal of non-existent devices. (bsc#1081910) - Monitor: Stop monitoring devices that have disappeared. (bsc#1081910) - super1: Don't allow adding a bitmap if there is no space. (bsc#1081910) - super1: Make sure 'room' includes 'bbl_size' when creating array. (bsc#1081910) - update: Add 'bbl' and 'no-bbl' to the list of known updates. (bsc#1081910) - Grow: Report when grow needs metadata update. (bsc#1081910) - Grow: Fix the resize of array component size to > 32bits. (bsc#1081910) - mdcheck: Do not trigger an error if no /dev/md?* devices exists. (bsc#1081910) - Rebuildmap: Strip local host name from device name. (bsc#1081910) - Detail: Fix handling of 'disks' array. (bsc#1081910) - Incremental: Do not be distracted by partition table when calling try_spare. (bsc#1081910) - imsm: Add support for OROMs shared by multiple HBAs. (fate#317456) - imsm: Add support for second and combined AHCI controllers in UEFI mode. (fate#317456) - imsm: Add support for NVMe devices. (fate#317456) - imsm: Use efivarfs interface for reading UEFI variables. (fate#317456) - Monitor: Do not open md array that doesn't exist. (bsc#1081910) - mdcheck: Be careful when sourcing the output of 'mdadm --detail --export'. (bsc#1081910) - Monitor: Fix for regression with container devices. (bsc#1081910) - Grow.c: Fix classic readlink() buffer overflow. (bsc#1081910) - imsm: Simplified multiple OROMs support. (bsc#1081910) - IncRemove: Set 'auto-read' only after successful excl open. (bsc#1081910) - Assemble: Fix 'no uptodate device' message. (bsc#1081910) - Assemble: Revert the support for assembling of a RAID0 being reshaped. (bsc#1081910) - Assemble: Allow a RAID4 to assemble easily when parity devices is missing. (bsc#926767) - Assemble/force: Make it possible to 'force' a new device in a reshape. (bsc#1081910) - IMSM: Count arrays per orom. (bsc#926517) - Add 'Name' defines to some ancillary programs. (bsc#1081910) - Assemble: Don't check for pre-existing array when updating uuid. (bsc#1081910) - Manage: When re-adding, do check avail size if ->sb cannot be found. (bsc#1081910) - Grow: Only warn about incompatible metadata when no fallback available. (bsc#1081910) - Grow: Be more careful if array is stopped during critical section. (bsc#1081910) - Grow: Retry when writing 'reshape' to 'sync_action' is EBUSY. (bsc#1081910) - Grow: Be even more careful about handing a '0' completed value. (bsc#1081910) - Grow: Another attempt to fix stop-during-reshape race. (bsc#1081910) - Grow: Fix problem with --grow --continue. (bsc#1081910) - Create n bitmaps for clustered mode. (bsc#1081910) - Add nodes option while creating md. (bsc#1081910) - Set home-cluster while creating an array. (bsc#1081910) - Show all bitmaps while examining bitmap. (bsc#1081910) - Add a new clustered disk. (bsc#1081910) - Convert a bitmap=none device to clustered. (bsc#1081910) - Skip clustered devices in incremental. (bsc#1081910) - mdadm: Add the ability to change cluster name. (bsc#1081910) - Assemble: Ensure stripe_cache is big enough to handle new chunk size. (bsc#1081910) - mdstat: Discard 'dev' field, just use 'devnm'. (bsc#1081910) - sysfs: Reject reads that use the whole buffer. (bsc#1081910) - Monitor: Don't wait forever on a 'frozen' array. (bsc#1081910) - Manage/stop: Guard against 'completed' being too large. (bsc#1081910) - Manage/stop: Don't stop during initial critical section. (bsc#1081910) - raid6check: Report role of suspect device. (bsc#1081910) - raid6check: Get device ordering correct for syndrome calculation. (bsc#1081910) - restripe: Fix data block order in raid6_2_data_recov. (bsc#1081910) - Assemble: Extend --homehost='' to allow --name= to ignore homehost. (bsc#1081910) - mdassemble: Add 'Name' definition. (bsc#1081910) - mdassemble: Include mapfile support. (bsc#1081910) - super1: Do not create bad block log for clustered devices. (bsc#1081910) - Fix --incremental handling on cluster array. (bsc#1081910) - mdadm: Make cluster raid also support re-add. (bsc#1081910) - re-add: Make re-add try to write sysfs node first. (bsc#1081910) - imsm: Don't call abort_reshape() in imsm_manage_reshape(). (bsc#1081910) - Show device as journal in --detail --examine. (bsc#1081910) - Enable create array with write journal (--write-journal DEVICE). (bsc#1081910) - Assemble array with write journal. (bsc#1081910) - Check write journal in incremental. (bsc#1081910) - Safeguard against writing to an active device of another node. (bsc#1081910) - Make cmap_* also have same policy as dlm_*. (bsc#1081910) - Add crc32c and use it for r5l checksum. (bsc#1081910) - Avoid confusion with parameter 'devname' with same name, ensure buffer is large enough for two ints plus extras. (bsc#1081910) - Make sure 'path' buffer is large enough to fit 200 characters plus null terminator. (bsc#1081910) - mdadm: Change timestamps to unsigned data type. (bsc#1081910) - Add sysfs_array_state to struct mdinfo. (bsc#1081910) - mdadm: Allow cluster raid to also add disk within incremental mode. (bsc#1081910) - mdadm: Don't show cluster name once the bitmap is cleared. (bsc#1081910) - mdadm: Do not display bitmap info if it is cleared. (bsc#1081910) - mdadm: Do not try to hold dlm lock in free_super1. (bsc#1081910) - mdadm: Improve the safeguard for change cluster raid's sb. (bsc#1081910) - Detail: Report correct raid-disk for removed drives. (bsc#1081910) - Move journal to end of --detail list. (bsc#1081910) - Check and remove bitmap first when reshape to raid0. (bsc#1081910) - Detail: Fix wrong condition in recent change. (bsc#1081910) - Grow: Close file descriptor earlier to avoid problems. (bsc#1081910) - Add casts for the addr argument of connect and bind. (bsc#1081910) - util: Fix wrong return value of cluster_get_dlmlock. (bsc#1081910) - super1: Fix calculation of space_before. (bsc#1081910) - systemd/mdadm-last-resort: Add Conflicts to .service file. (bsc#1081910) - super0: Fix reporting of devices between 2GB and 4GB. (bsc#1081910) - super1: Allow reshape that hasn't really started to be reverted. (bsc#1081910) - super1: Fix bblog_size accesses on big-ending machines. (bsc#953595) - Manage.c: Only issue change events for kernels older than 2.6.28. (bsc#1081910) - super-intel: Ensure suspended region is removed when reshape completes. (bsc#1081910) - Fix wrong bitmap output for cluster raid. (bsc#1081910) - load_sys(): Add a buffer size argument. (bsc#1081910) - Fix regression during add devices. (bsc#1081910) - Change the option from NoUpdate to NodeNumUpdate. (bsc#1081910) - mdadm:Add '--nodes' option in GROW mode. (bsc#1081910) - Grow: Handle failure to load superblock in Grow_addbitmap(). (bsc#1081910) - Remove: Container should wait for an array to release a drive. (bsc#1081910) - Fix RAID metadata check. (bsc#1081910) - super1: Make write_bitmap1 compatible with previous mdadm versions. (bsc#1081910) - Allow level migration only for single-array container. (bsc#1081910) - Fix bus error when accessing MBR partition records. (bsc#1081910) - Add function for getting member drive sector size. (bsc#1081910) - Add failfast support. (fate#311379) - Use disk sector size value to set offset for reading GPT. (bsc#1081910) - reshape: Support raid5 grow on certain older kernels. (bsc#923920) - super1: Fix sb->max_dev when adding a new disk in linear array. (bsc#1032802) - Fix a problem that was causing DASD not to be re-added automatically to the MD Array after channel path is online. (bsc#808647) - Ignore empty inactive arrays. (bsc#966773) - Update md_monitor from 5.2 to 5.4 to make sure `md_monitor -cMirrorStatus` detects md mirror status properly. (bsc#1068175) ----------------------------------------- Patch: SUSE-2018-961 Released: Tue May 22 17:59:35 2018 Summary: Security update for the Linux Kernel Severity: important References: 1046610,1052943,1068032,1075087,1075088,1080157,1084760,1087082,1087092,1089895,1090630,1090888,1091041,1091671,1091755,1091815,1092372,1092497,1094019,CVE-2017-5715,CVE-2017-5753,CVE-2018-1000199,CVE-2018-10675,CVE-2018-3639 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The following non-security bugs were fixed: - Avoid quadratic search when freeing delegations (bsc#1084760). - cifs: fix crash due to race in hmac(md5) handling (bsc#1091671). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888). - powerpc/64: Disable gmb() on powerpc - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - series.conf: fix the header It was corrupted back in 2015. - tracing: Create seq_buf layer in trace_seq (bsc#1091815). - Update config files. Enable retpolines for i386 build. - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888). - usb: hub: fix SS hub-descriptor handling (bsc#1092372). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630) - x86/xen: disable IBRS around CPU stopper function invocation - xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610). - xfs: fix buffer use after free on IO error (bsc#1052943). - xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943). ----------------------------------------- Patch: SUSE-2018-965 Released: Tue May 22 20:00:55 2018 Summary: Security update for wget Severity: moderate References: 1092061,CVE-2018-0494 Description: This update for wget fixes the following issues: - CVE-2018-0494: Fixed Cookie injection vulnerability by checking for and joining continuation lines. (bsc#1092061) ----------------------------------------- Patch: SUSE-2018-994 Released: Mon May 28 16:46:02 2018 Summary: Security update for cairo Severity: moderate References: 1007255,1036789,1049092,CVE-2016-9082,CVE-2017-7475,CVE-2017-9814 Description: This update for cairo fixes the following issues: - CVE-2016-9082: Fixed a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). - CVE-2017-9814: Replace malloc with _cairo_malloc and check cmap size before allocating to prevent DoS (bsc#1049092). - CVE-2017-7475: Fix a segfault in get_bitmap_surface due to malformed font (bsc#1036789). ----------------------------------------- Patch: SUSE-2018-1003 Released: Wed May 30 02:30:02 2018 Summary: Recommended update for nfs-utils Severity: moderate References: 1087074 Description: This update for nfs-utils provides the following fix: - mountd: Honor the no_root_squash flag on pseudo roots. (bsc#1087074) ----------------------------------------- Patch: SUSE-2018-1007 Released: Wed May 30 09:08:37 2018 Summary: Security update for tiff Severity: moderate References: 1017694,1031250,1031254,1033109,1033111,1033112,1033113,1033120,1033126,1033127,1033129,1074317,984808,984809,984831,987351,CVE-2016-10267,CVE-2016-10269,CVE-2016-10270,CVE-2016-5314,CVE-2016-5315,CVE-2017-18013,CVE-2017-7593,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809) - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694) - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254) - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250) - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129) - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127) - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126) - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120) - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113) - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112) - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111) - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109) - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831) ----------------------------------------- Patch: SUSE-2018-1009 Released: Wed May 30 15:18:43 2018 Summary: Security update for curl Severity: moderate References: 1092098,CVE-2018-1000301 Description: This update for curl fixes the following issues: - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098) ----------------------------------------- Patch: SUSE-2018-1012 Released: Thu May 31 20:26:50 2018 Summary: Security update for the Linux Kernel Severity: important References: 1013018,1070404,1072689,1087082,1088343,1089386,1090607,1091659,1092497,1093600,1093710,919382 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update main focus is a regression fix in SystemV IPC handling. (bsc#1093600) The following non-security bugs were fixed: - Drop cBPF SSBD as classic BPF does not really have a proper concept of pointers, and without eBPF maps the out-of-bounds access in speculative execution branch can't be mounted. Moreoever, seccomp BPF uses only such a subset of BPF that can only do absolute indexing, and therefore seccomp data buffer boundarier can't be crossed. Information condensed from Alexei and Kees. - ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline (bsc#1092497) - ib/mlx4: Convert slave port before building address-handle (bug#919382 FATE#317529). - KABI protect struct _lowcore (bsc#1089386). - Update config files, add Spectre mitigation for s390x (bnc#1089386, LTC#166572). - Update s390 config files (bsc#1089386). - fanotify: fix logic of events on child (bsc#1013018). - ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1013018). - powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits (bsc#1087082). - powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (FATE#325713, bsc#1093710). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1091659, LTC#167429). - s390/dasd: fix IO error for newly defined devices (bnc#1091659, LTC#167398). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659, LTC#168037). - s390/qeth: on channel error, reject further cmd requests (bnc#1088343, LTC#165985). - s390: add automatic detection of the spectre defense (bnc#1089386, LTC#166572). - s390: add optimized array_index_mask_nospec (bnc#1089386, LTC#166572). - s390: add sysfs attributes for spectre (bnc#1089386, LTC#166572). - s390: correct module section names for expoline code revert (bsc#1089386). - s390: correct nospec auto detection init order (bnc#1089386, LTC#166572). - s390: do not bypass BPENTER for interrupt system calls (bnc#1089386, LTC#166572). - s390: fix retpoline build on 31bit (bsc#1089386). - s390: improve cpu alternative handling for gmb and nobp (bnc#1089386, LTC#166572). - s390: introduce execute-trampolines for branches (bnc#1089386, LTC#166572). - s390: move nobp parameter functions to nospec-branch.c (bnc#1089386, LTC#166572). - s390: report spectre mitigation via syslog (bnc#1089386, LTC#166572). - s390: run user space and KVM guests with modified branch prediction (bnc#1089386, LTC#166572). - s390: scrub registers on kernel entry and KVM exit (bnc#1089386, LTC#166572). - x86, mce: Fix mce_start_timer semantics (bsc#1090607). - x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL ----------------------------------------- Patch: SUSE-2018-1026 Released: Tue Jun 5 09:00:55 2018 Summary: Security update for gcc43 Severity: moderate References: 1086069,1092807,CVE-2017-5715 Description: This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. (bsc#1086069) The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was fixed. (bsc#1092807) ----------------------------------------- Patch: SUSE-2018-1032 Released: Tue Jun 5 15:17:50 2018 Summary: Recommended update for sysvinit Severity: moderate References: 1087176 Description: This update for sysvinit provides the following fixes: - Update showconsole to 1.16 to fix sysvinit service shutdown messages missing from /var/log/boot.omsg. (bsc#1087176) - Change showconsole to use newest /proc/tty/consoles API. - Use /proc/tty/consoles if ioctl TIOCGDEV does not exist. - Make pseudo terminal raw as it does not show anything. - Handle more than two console devices. - Speed up used pts/tty pair by enabling raw mode. - Implement termios locking scheme but disable it as it may interfere with sulogin and others using the old console. - Enable full raw mode for pty/tty pairs of startpar. ----------------------------------------- Patch: SUSE-2018-1083 Released: Thu Jun 7 13:01:02 2018 Summary: Recommended update for patch Severity: important References: 1092500,1093615 Description: This update for patch provides the following fixes: - Ignore dangerous filenames instead of failing immediately. (bsc#1093615) - Fix a temporary file leak when applying ed-style patches. The leaked temporary file could cause certain ed-style patches to fail to apply. (bsc#1092500) ----------------------------------------- Patch: SUSE-2018-1096 Released: Fri Jun 8 11:38:46 2018 Summary: Security update for icu Severity: important References: 1034674,1034678,1067203,1072193,1077999,990636,CVE-2016-6293,CVE-2017-14952,CVE-2017-15422,CVE-2017-17484,CVE-2017-7867,CVE-2017-7868 Description: This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999) ----------------------------------------- Patch: SUSE-2018-1140 Released: Fri Jun 15 08:22:42 2018 Summary: Security update for gpg2 Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following issues: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) ----------------------------------------- Patch: SUSE-2018-1182 Released: Wed Jun 20 11:42:25 2018 Summary: Security update for pam-modules Severity: moderate References: 707645,CVE-2011-3172 Description: This update for pam-modules fixes the following security issue: - CVE-2011-3172: Ensure that unix2_chkpwd calls pam_acct_mgmt to prevent usage of locked accounts (bsc#707645). ----------------------------------------- Patch: SUSE-2018-1204 Released: Fri Jun 22 08:09:54 2018 Summary: Recommended update for xorg-x11-libX11 Severity: important References: 1094636 Description: This update for xorg-x11-libX11 provides the following fix: - Fix a regression that could cause a deadlock in pthread_cond_broadcast in multi-threaded clients. (bsc#1094636) ----------------------------------------- Patch: SUSE-2018-1208 Released: Fri Jun 22 14:41:27 2018 Summary: Security update for python Severity: moderate References: 1083507,CVE-2017-18207 Description: This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] ----------------------------------------- Patch: SUSE-2018-1227 Released: Tue Jun 26 21:25:55 2018 Summary: Recommended update for kdump Severity: low References: 1057760 Description: This update for kdump fixes the following issues: - Do not free fadump memory when rebooting to make it faster. (bsc#1057760) ----------------------------------------- Patch: SUSE-2018-1230 Released: Wed Jun 27 10:03:26 2018 Summary: Security update for the Linux Kernel Severity: important References: 1046610,1052351,1068054,1079152,1080837,1083347,1087086,1087088,1088997,1088998,1088999,1089000,1089001,1089002,1089003,1089004,1089005,1089006,1089007,1089008,1089010,1089011,1089012,1089013,1089016,1089192,1089199,1089200,1089201,1089202,1089203,1089204,1089205,1089206,1089207,1089208,1089209,1089210,1089211,1089212,1089213,1089214,1089215,1089216,1089217,1089218,1089219,1089220,1089221,1089222,1089223,1089224,1089225,1089226,1089227,1089228,1089229,1089230,1089231,1089232,1089233,1089234,1089235,1089236,1089237,1089238,1089239,1089240,1089241,1093194,1093195,1093196,1093197,1093198,1094244,1094421,1094422,1094423,1094424,1094425,1094436,1094437,1095241,1096140,1096242,1096281,1096746,1097443,1097445,1097948,973378,989401,CVE-2018-3665 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added: - Btrfs: Remove empty block groups in the background The following security bugs were fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998). - Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424). - Btrfs: Fix lost-data-profile caused by auto removing bg. - Btrfs: Fix misuse of chunk mutex - Btrfs: Fix out-of-space bug (bsc#1089231). - Btrfs: Set relative data on clear btrfs_block_group_cache->pinned. - Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239). - Btrfs: add alloc_fs_devices and switch to it (bsc#1089205). - Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204). - Btrfs: add missing discards when unpinning extents with -o discard. - Btrfs: add missing inode update when punching hole (bsc#1089006). - Btrfs: add support for asserts (bsc#1089207). - Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010). - Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries. - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235). - Btrfs: cleanup backref search commit root flag stuff (bsc#1089200). - Btrfs: delete chunk allocation attemp when setting block group ro. - Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210). - Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214). - Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005). - Btrfs: eliminate races in worker stopping code (bsc#1089211). - Btrfs: ensure deletion from pinned_chunks list is protected. - Btrfs: explictly delete unused block groups in close_ctree and ro-remount. - Btrfs: fix -ENOSPC on block group removal. - Btrfs: fix -ENOSPC when finishing block group creation. - Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group. - Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220). - Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236). - Btrfs: fix crash caused by block group removal. - Btrfs: fix data loss in the fast fsync path (bsc#1089007). - Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194). - Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001). - Btrfs: fix directory recovery from fsync log (bsc#1088999). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232). - Btrfs: fix fitrim discarding device area reserved for boot loader's use. - Btrfs: fix freeing used extent after removing empty block group. - Btrfs: fix freeing used extents after removing empty block group. - Btrfs: fix fs mapping extent map leak (bsc#1089229). - Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221). - Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004). - Btrfs: fix fsync data loss after append write (bsc#1089238). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003). - Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000). - Btrfs: fix fsync when extend references are added to an inode (bsc#1089002). - Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423). - Btrfs: fix invalid extent maps due to hole punching (bsc#1094425). - Btrfs: fix kernel oops while reading compressed data (bsc#1089192). - Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016). - Btrfs: fix memory leak after block remove + trimming. - Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197). - Btrfs: fix race between balance and unused block group deletion (bsc#1089237). - Btrfs: fix race between fs trimming and block group remove/allocation. - Btrfs: fix race between scrub and block group deletion. - Btrfs: fix race between transaction commit and empty block group removal. - Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206). - Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233). - Btrfs: fix regression in raid level conversion (bsc#1089234). - Btrfs: fix skipped error handle when log sync failed (bsc#1089217). - Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011). - Btrfs: fix the number of transaction units needed to remove a block group. - Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216). - Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215). - Btrfs: fix unprotected assignment of the target device (bsc#1089222). - Btrfs: fix unprotected deletion from pending_chunks list. - Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228). - Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227). - Btrfs: fix unprotected device->bytes_used update (bsc#1089225). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240). - Btrfs: fix up read_tree_block to return proper error (bsc#1080837). - Btrfs: fix wrong device bytes_used in the super block (bsc#1089224). - Btrfs: fix wrong disk size when writing super blocks (bsc#1089223). - Btrfs: fix xattr loss after power failure (bsc#1094436). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013). - Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437). - Btrfs: iterate over unused chunk space in FITRIM. - Btrfs: make btrfs_issue_discard return bytes discarded. - Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422). - Btrfs: make sure to copy everything if we rename (bsc#1088997). - Btrfs: make the chunk allocator completely tree lockless (bsc#1089202). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201). - Btrfs: nuke write_super from comments (bsc#1089199). - Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213). - Btrfs: only update disk_i_size as we remove extents (bsc#1089209). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012). - Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008). - Btrfs: remove empty block groups automatically. - Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230). - Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837). - Btrfs: remove transaction from send (bsc#1089218). - Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock. - Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421). - Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212). - Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198). - Btrfs: skip superblocks during discard. - Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208). - Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226). - Btrfs: use global reserve when deleting unused block group after ENOSPC. - Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837). - Btrfs: wait ordered range before doing direct io (bsc#1089203). - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - balloon: do not BUG() when balloon is empty (bsc#1083347). - fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219). - kernel: Fix memory leak on EP11 target list processing (bnc#1096746). - kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - module: Fix locking in symbol_put_addr() (bsc#1097445). - netfront: make req_prod check properly deal with index wraps (bsc#1046610). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746). - s390/dasd: fix failing path verification (bnc#1096746). - trace: module: Maintain a valid user count (bsc#1097443). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351). - xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#989401). ----------------------------------------- Patch: SUSE-2018-1234 Released: Wed Jun 27 13:36:10 2018 Summary: Security update for jpeg Severity: moderate References: 1062937,1096209,1098155,CVE-2017-15232,CVE-2018-1152,CVE-2018-11813 Description: This update for jpeg fixes the following issues: * CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] * CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] * CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] ----------------------------------------- Patch: SUSE-2018-1239 Released: Wed Jun 27 16:16:43 2018 Summary: Recommended update for yast2-ftp-server Severity: moderate References: 921303 Description: This update for yast2-ftp-server provides the following fix: - Drop SSLv2 and SSLv3 options as they are no longer supported by vsftpd. (bsc#921303) ----------------------------------------- Patch: SUSE-2018-1241 Released: Thu Jun 28 11:41:31 2018 Summary: Security update for tiff Severity: moderate References: 1007276,1011839,1011846,1017689,1017690,1019611,1031263,1082332,1082825,1086408,974621,CVE-2014-8128,CVE-2015-7554,CVE-2016-10095,CVE-2016-10266,CVE-2016-3632,CVE-2016-5318,CVE-2016-8331,CVE-2016-9535,CVE-2016-9540,CVE-2017-11613,CVE-2017-5225,CVE-2018-7456,CVE-2018-8905 Description: This update for tiff fixes the following security issues: - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276). - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621). ----------------------------------------- Patch: SUSE-2018-1275 Released: Wed Jul 4 18:06:53 2018 Summary: Recommended update for fontconfig Severity: moderate References: 1031344,1079127 Description: This update for fontconfig provides the following fix: - Fix a memory leak that showed up on gnome panel. (bsc#1031344) - Prevent crashes by checking for the NULL pointer value in FcCharSetHasChar(). (bsc#1079127) ----------------------------------------- Patch: SUSE-2018-1293 Released: Mon Jul 9 11:59:30 2018 Summary: Security update for openslp Severity: important References: 1090638,CVE-2017-17833 Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). ----------------------------------------- Patch: SUSE-2018-1350 Released: Thu Jul 19 09:39:28 2018 Summary: Security update for perl Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718). ----------------------------------------- Patch: SUSE-2018-1360 Released: Thu Jul 19 12:42:24 2018 Summary: Recommended update for dbus-1 Severity: moderate References: 1090267 Description: This update for dbus-1 fixes the following issues: - Fix file descriptor leak. (bsc#1090267) ----------------------------------------- Patch: SUSE-2018-1377 Released: Mon Jul 23 10:58:26 2018 Summary: Security update for procps Severity: moderate References: 1092100,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). ----------------------------------------- Patch: SUSE-2018-1391 Released: Thu Jul 26 08:53:01 2018 Summary: Security update for the Linux Kernel Severity: important References: 1045538,1047487,1087086,1090078,1094244,1094876,1098408,1099177,1099598,1099709,1099966,1100089,1100091,1101296,780242,784815,786036,790588,795301,902351,909495,923242,925105,936423,CVE-2014-3688 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351). The following non-security bugs were fixed: - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538). - ALSA: seq: Do not allow resizing pool in use (bsc#1045538). - Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078) - IB/mlx4: fix sprintf format warning (bnc#786036). - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036). - USB: uss720: fix NULL-deref at probe (bnc#1047487). - bna: integer overflow bug in debugfs (bnc#780242). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495). - fix a leak in /proc/schedstats (bsc#1094876). - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301). - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes). - module/retpoline: Warn about missing retpoline in module (bnc#1099177). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036). - net/mlx4_en: Change default QoS settings (bnc#786036 ). - net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105). - netxen: fix incorrect loop counter decrement (bnc#784815). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - s390/qdio: do not merge ERROR output buffers (bnc#1099709). - s390/qeth: do not dump control cmd twice (bnc#1099709). - s390/qeth: fix SETIP command handling (bnc#1099709). - s390/qeth: free netdevice when removing a card (bnc#1099709). - s390/qeth: lock read device while queueing next buffer (bnc#1099709). - s390/qeth: when thread completes, wake up all waiters (bnc#1099709). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: sg: mitigate read/write abuse (bsc#1101296). - tg3: do not clear stats while tg3_close (bnc#790588). - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966). - vmxnet3: use correct flag to indicate LRO feature (bsc#936423). - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408). - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091, bnc#1099598). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177). ----------------------------------------- Patch: SUSE-2018-1449 Released: Mon Jul 30 10:09:52 2018 Summary: Recommended update for grub Severity: low References: 1020714,1045024 Description: This update for grub provides the following fixes: - Add support to SHA2 crypt grub passwords. (bsc#1020714, fate#322419) - Add workarounds for some problematic Dell BIOSes. (bsc#1045024) ----------------------------------------- Patch: SUSE-2018-1495 Released: Sat Aug 4 16:41:02 2018 Summary: Recommended update for the Linux Kernel Severity: important References: 1015828,1093183,1097125,1098658,1099709,1100091,1100132,1102087 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various bugfixes. The following non-security bugs were fixed: - efivarfs: maintain the efivarfs interfaces when sysfs be created and removed (bsc#1097125). - perf/x86/intel: Handle Broadwell family processors (bsc#1093183). - s390/qeth: fix IPA command submission race (bnc#1099709, LTC#169004). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1102087, LTC#168038). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1102087, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1102087, LTC#168765). - usb: kobil_sct: fix non-atomic allocation in write path (bsc#1015828). - usb: serial: io_edgeport: fix NULL-deref at open (bsc#1015828). - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132). - x64/entry: move ENABLE_IBRS after switching from trampoline stack (bsc#1098658). - x86/fpu: fix signal handling with eager FPU switching (bsc#1100091). - x86/fpu: limit the scope of searching for 'eagerfpu=off' to the actual %NUL terminated string. - x86/traps: Fix bad_iret_stack in fixup_bad_iret() (bsc#1098658). - x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132). ----------------------------------------- Patch: SUSE-2018-1498 Released: Mon Aug 6 09:58:15 2018 Summary: Security update for openssl Severity: moderate References: 1097158,1097624,1098592,CVE-2018-0732 Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) ----------------------------------------- Patch: SUSE-2018-1511 Released: Tue Aug 7 12:47:34 2018 Summary: Security update for cups Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 Description: This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend (bsc#1096405). - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406). - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error handling (bsc#1096407). - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile misconfiguration (bsc#1096408). ----------------------------------------- Patch: SUSE-2018-1531 Released: Thu Aug 9 15:56:27 2018 Summary: Security update for openssh Severity: moderate References: 1016370,1017099,1023275,1053972,1065000,1069509,1076957,CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906 Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370). - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957). - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000). - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes: - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099) - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972) - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275) ----------------------------------------- Patch: SUSE-2018-1543 Released: Fri Aug 10 15:23:08 2018 Summary: Security update for glibc Severity: important References: 1077763,1079625,1086690,1094161,CVE-2018-11236 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocation in in6ailist_add. - bsc#1079625: Fix allocation in nss_compat for large number of memberships to a group. ----------------------------------------- Patch: SUSE-2018-1568 Released: Tue Aug 14 19:59:58 2018 Summary: Security update for samba Severity: important References: 1079449,1103411,CVE-2018-10858 Description: This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections (bsc#1079449) ----------------------------------------- Patch: SUSE-2018-1572 Released: Wed Aug 15 13:17:12 2018 Summary: Security update for the Linux Kernel Severity: important References: 1082962,1083900,1085107,1087081,1089343,1092904,1094353,1096480,1096728,1097234,1098016,1099924,1099942,1100418,1104475,1104684,909361,CVE-2016-8405,CVE-2017-13305,CVE-2018-1000204,CVE-2018-1068,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13406,CVE-2018-3620,CVE-2018-3646,CVE-2018-5803,CVE-2018-5814,CVE-2018-7492 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. (bnc#1097234). - CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. (bnc#1094353). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/cpu/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). ----------------------------------------- Patch: SUSE-2018-1655 Released: Fri Aug 17 08:54:20 2018 Summary: Security update for mutt Severity: important References: 1101567,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101588,1101589,936807,CVE-2018-14349,CVE-2018-14350,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14362 Description: This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. ----------------------------------------- Patch: SUSE-2018-1657 Released: Fri Aug 17 10:41:10 2018 Summary: Security update for python Severity: important References: 1086001,1088004,1088009,985177,CVE-2016-5636,CVE-2018-1060,CVE-2018-1061 Description: This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. ----------------------------------------- Patch: SUSE-2018-1733 Released: Tue Aug 21 14:55:45 2018 Summary: Security update for gtk2 Severity: moderate References: 1027024,1027025,1027026,1039465,1048289,1048544,CVE-2017-2862,CVE-2017-2870,CVE-2017-6312,CVE-2017-6313,CVE-2017-6314 Description: This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026). - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025). - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024). - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544). This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465). ----------------------------------------- Patch: SUSE-2018-1749 Released: Thu Aug 23 16:21:17 2018 Summary: Security update for openssl Severity: moderate References: 1089039,CVE-2018-0737 Description: This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) ----------------------------------------- Patch: SUSE-2018-1794 Released: Thu Aug 30 09:34:23 2018 Summary: Security update for libtirpc Severity: moderate References: 968175 Description: This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services (bsc#968175) ----------------------------------------- Patch: SUSE-2018-1840 Released: Wed Sep 5 14:08:40 2018 Summary: Recommended update for openssl-certs Severity: moderate References: 1100415,1104780 Description: This update for openssl-certs fixes the following issues: Updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - Removed server auth rights from: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - Added new CA - GlobalSign Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Removed CAs: - S-TRUST_Universal_Root_CA:2.16.96.86.197.75.35.64.91.100.212.237.37.218.217.214.30.30.crt - TC_TrustCenter_Class_3_CA_II:2.14.74.71.0.1.0.2.229.160.93.214.63.0.81.191.crt - TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5:2.7.0.142.23.254.36.32.129.crt ----------------------------------------- Patch: SUSE-2018-1864 Released: Mon Sep 10 15:05:01 2018 Summary: Security update for tiff Severity: moderate References: 1074186,1092480,960589,983440,CVE-2015-8668,CVE-2016-5319,CVE-2017-17942,CVE-2018-10779 Description: This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image. (bsc#960589) - CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) ----------------------------------------- Patch: SUSE-2018-1889 Released: Wed Sep 12 13:46:54 2018 Summary: Recommended update for xorg-x11-libxcb Severity: moderate References: 1070498 Description: This update for xorg-x11-libxcb provides the following fix: - Backport a new XCB hand off mechanism to fix crashes in some clients. (bsc#1070498) ----------------------------------------- Patch: SUSE-2018-1902 Released: Fri Sep 14 12:45:45 2018 Summary: Security update for curl Severity: moderate References: 1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). ----------------------------------------- Patch: SUSE-2018-1912 Released: Mon Sep 17 16:38:57 2018 Summary: Recommended update for python Severity: important References: 1108253 Description: This update for python fixes the following issues: A recent maintenance update moved the pyconfig.h header file from python-base to python-devel package which caused breakage of some applications. This update restores the previous state. (bsc#1108253) ----------------------------------------- Patch: SUSE-2018-1964 Released: Fri Sep 21 14:55:19 2018 Summary: Security update for xorg-x11-libs Severity: moderate References: 1103511,CVE-2015-9262 Description: This update for xorg-x11-libs fixes the following security issue: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) ----------------------------------------- Patch: SUSE-2018-2041 Released: Wed Sep 26 14:20:10 2018 Summary: Security update for glibc Severity: important References: 1058774,1064580,1064583,941234,CVE-2015-5180,CVE-2017-15670,CVE-2017-15804 Description: This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) ----------------------------------------- Patch: SUSE-2018-2042 Released: Wed Sep 26 14:53:03 2018 Summary: Security update for the Linux Kernel Severity: important References: 1037441,1045538,1047487,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1097562,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1103884,1103909,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870). - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095). - CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348). - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The following non-security bugs were fixed: - ACPI: APEI / ERST: Fix missing error handling in erst_reader() (bsc#1045538). - ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538). - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode (bsc#1045538). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1045538). - ALSA: pcm: fix fifo_size frame calculation (bsc#1045538). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538). - ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538). - ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bsc#1045538). - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() (bsc#1045538). - ALSA: usb-audio: Fix parameter block size for UAC2 control requests (bsc#1045538). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1045538). - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1045538). - ALSA: usb-audio: Set correct type for some UAC2 mixer controls (bsc#1045538). - ASoC: blackfin: Fix missing break (bsc#1045538). - Enforce module signatures if the kernel is locked down (bsc#1093666). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - PCI: Fix TI816X class code quirk (bsc#1050431). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - TPM: Zero buffer whole after copying to userspace (bsc#1050381). - USB: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487). - USB: hub: fix non-SS hub-descriptor handling (bsc#1047487). - USB: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441). - USB: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441). - USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609). - USB: serial: sierra: fix potential deadlock at close (bsc#1100132). - USB: visor: Match I330 phone more precisely (bsc#1047487). - applicom: dereferencing NULL on error path (git-fixes). - ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185). - base: make module_create_drivers_dir race-free (git-fixes). - block: fix an error code in add_partition() (bsc#1106209). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (bsc#1107949). - dasd: Add IFCC notice message (bnc#1104481, LTC#170484). - drm/i915: Remove bogus __init annotation from DMI callbacks (bsc#1106886). - drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1106886). - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() (bsc#1106886). - drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886). - drm: re-enable error handling (bsc#1103884) - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Fix the left value check of cmd buffer (bsc#1106105). - iommu/amd: Free domain id when free a domain of struct dma_ops_domain (bsc#1106105). - iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105). - iommu/vt-d: Do not over-free page table directories (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipv6: Regenerate host route according to node pointer upon loopback up (bsc#1100705). - ipv6: correctly add local routes when lo goes up (bsc#1100705). - ipv6: introduce ip6_rt_put() (bsc#1100705). - ipv6: reallocate addrconf router for ipv6 address when lo device up (bsc#1100705). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes). - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection (bnc#1107071). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - nbd: ratelimit error msgs after socket close (bsc#1106206). - ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199). - nvme: add device id's with intel stripe quirk (bsc#1097562). - perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes). - perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu (bsc#1104901). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772, bsc#1107650). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772, bsc#1107650). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1064861). - ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001). - qlge: Fix netdev features configuration (bsc#1098822). - resource: fix integer overflow at reallocation (bsc#1045538). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - s390/ftrace: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/kernel: use expoline for indirect branches (bnc#1106930, LTC#171029). - s390/qeth: do not clobber buffer on async TX completion (bnc#1060245, LTC#170349). - s390: Correct register corruption in critical section cleanup (bnc#1106930, LTC#171029). - s390: add assembler macros for CPU alternatives (bnc#1106930, LTC#171029). - s390: detect etoken facility (bnc#1106930, LTC#171029). - s390: move expoline assembler macros to a header (bnc#1106930, LTC#171029). - s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029). - s390: remove indirect branch from do_softirq_own_stack (bnc#1106930, LTC#171029). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - tpm: fix race condition in tpm_common_write() (bsc#1050381). - tracing/blktrace: Fix to allow setting same value (bsc#1106212). - tty: vt, fix bogus division in csi_J (git-fixes). - tty: vt, return error when con_startup fails (git-fixes). - uml: fix hostfs mknod() (bsc#1106202). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1045538). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - x86/init: fix build with CONFIG_SWAP=n (bsc#1105723). - x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes). - xen x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). ----------------------------------------- Patch: SUSE-2018-2071 Released: Fri Sep 28 10:56:01 2018 Summary: Security update for xorg-x11-libX11 Severity: moderate References: 1102062,1102068,1102073,CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Description: This update for xorg-x11-libX11 fixes the following issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) ----------------------------------------- Patch: SUSE-2018-2130 Released: Wed Oct 3 12:42:43 2018 Summary: Security update for kernel-source Severity: important References: 1107735,1108227,1109517,1109733,1109734,1109740,1109746,1109747,1109748,1109749,1109750,1109751,1109901,1109913,1109922,1109941,1109942,1109943,1109944,1109945,1109946 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following bug fixes: - selinux/nlmsg: add XFRM_MSG_MIGRATE [bsc#1109946]. - selinux/nlmsg: add XFRM_MSG_REPORT [bsc#1109945]. - selinux/nlmsg: add XFRM_MSG_MAPPING [bsc#1109944]. - selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO [bsc#1109943]. - selinux/nlmsg: add XFRM_MSG_GETSPDINFO [bsc#1109942]. - selinux/nlmsg: add XFRM_MSG_NEWSPDINFO [bsc#1109941]. - bnx2x: use the right constant [bsc#1109922]. - btrfs: fix missing error return in btrfs_drop_snapshot - ubifs: Check for name being NULL while mounting [bsc#1109913]. - hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common() [bsc#1109901]. - fscache: Fix reference overput in fscache_attach_object() error handling [bsc#1109751]. - fscache: Allow cancelled operations to be enqueued [bsc#1109750]. - cachefiles: Wait rather than BUG'ing on 'Unexpected object collision' [bsc#1109749]. - cachefiles: Fix refcounting bug in backing-file read monitoring [bsc#1109748]. - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag [bsc#1109747]. - fs/binfmt_misc.c: do not allow offset overflow [bsc#1109746]. - binfmt_elf: Respect error return from `regset->active' [bsc#1109740]. - reiserfs: fix broken xattr handling (heap corruption, bad retval) [bsc#1109734]. - reiserfs: fix buffer overflow with long warning messages [bsc#1109733]. - x86/fpu: fix signal handling with eager FPU switching (ia32) [bsc#1108227]. - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() [bsc#1109517]. - asm/sections: add helpers to check for section data [bsc#1107735]. ----------------------------------------- Patch: SUSE-2018-2184 Released: Tue Oct 9 13:03:09 2018 Summary: Recommended update for tcpdump Severity: moderate References: 1094241,CVE-2016-7975 Description: This update for tcpdump provides the following fix: - The original fix for CVE-2016-7975 was using a variable before declaring it. Fix this by moving the declaration before any usage. (bsc#1094241, CVE-2016-7975) ----------------------------------------- Patch: SUSE-2018-2200 Released: Thu Oct 11 17:09:34 2018 Summary: Security update for the Linux Kernel Severity: important References: 1108399,1109967,CVE-2018-17182 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967). ----------------------------------------- Patch: SUSE-2018-2224 Released: Mon Oct 15 09:13:40 2018 Summary: Security update for libtirpc Severity: moderate References: 1106517,1106519,968175,CVE-2018-14621,CVE-2018-14622 Description: This update for libtirpc fixes the following issues: Security issues fixed: - CVE-2018-14621: libtirpc: Infinite loop in EMFILE case in svc_vc.c (bsc#1106519) - CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c (bsc#1106517) ----------------------------------------- Patch: SUSE-2018-2240 Released: Tue Oct 16 11:06:06 2018 Summary: Security update for python Severity: moderate References: 1109847,CVE-2018-14647 Description: This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847) ----------------------------------------- Patch: SUSE-2018-544 Released: Tue Oct 23 13:50:45 2018 Summary: Security update for dhcp Severity: moderate References: 1083302,1083303,CVE-2018-5732,CVE-2018-5733 Description: This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). ----------------------------------------- Patch: SUSE-2018-2420 Released: Tue Oct 23 17:51:39 2018 Summary: Security update for ntp Severity: moderate References: 1083424,1098531,1111853,CVE-2018-12327,CVE-2018-7170 Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. ----------------------------------------- Patch: SUSE-2018-2436 Released: Wed Oct 24 15:03:16 2018 Summary: Security update for tiff Severity: moderate References: 1106853,1108627,1108637,1110358,CVE-2017-11613,CVE-2017-9935,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795 Description: This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) ----------------------------------------- Patch: SUSE-2018-2446 Released: Wed Oct 24 16:42:15 2018 Summary: Recommended update for supportutils Severity: moderate References: 1104332,1105849 Description: This update for supportutils provides the following fixes: - Exclude sched_domain to improve the performance of loading the config of large systems. (bsc#1104332) - Added vulnerabilities check. (bsc#1105849) ----------------------------------------- Patch: SUSE-2018-2447 Released: Wed Oct 24 16:43:00 2018 Summary: Recommended update for tcsh Severity: moderate References: 1028864,1103692 Description: This update for tcsh fixes the following issues: - Avoid closing sockets that were not opened by tcsh itself (bsc#1028864, bsc#1103692) ----------------------------------------- Patch: SUSE-2018-2448 Released: Thu Oct 25 09:42:19 2018 Summary: Recommended update for yast2-core Severity: moderate References: 1103076 Description: This update for yast2-core fixes the following issues: - Reduced risk of race condition between while logging (bsc#1103076) ----------------------------------------- Patch: SUSE-2018-2453 Released: Thu Oct 25 11:19:07 2018 Summary: Recommended update for rsync Severity: low References: 1083017 Description: This update for rsync provides the following fix: - Do not send useless keepalive messages to sender if the file list is still being sent. This may cause a crash in older versions of rsync. (bsc#1083017) ----------------------------------------- Patch: SUSE-2018-2458 Released: Thu Oct 25 13:48:21 2018 Summary: Recommended update for smartmontools Severity: moderate References: 1038271,1047198,977294 Description: This update for smartmontools provides the following fixes: - Auto detect HPSA devices with the new kernel driver. (bsc#977294) - Make possible to disable broken SAT support by -d scsi+cciss,N. (bsc#1038271) - Fix some SCSI temperature errors. (bsc#1047198) ----------------------------------------- Patch: SUSE-2018-2538 Released: Tue Oct 30 16:16:50 2018 Summary: Recommended update for yast2-bootloader Severity: moderate References: 962620,976228 Description: This update for yast2-bootloader fixes the following issues: - Add nounzip element to AutoYaST schema (bsc#962620) - fix device name by-path handling (bsc#976228) ----------------------------------------- Patch: SUSE-2018-2545 Released: Wed Oct 31 13:18:33 2018 Summary: Recommended update for open-iscsi Severity: low References: 1072312 Description: This update for open-iscsi Provides the following fix: - Fix some vulnerabilities in iscsiuio reported by Qualys. (bsc#1072312) ----------------------------------------- Patch: SUSE-2018-2583 Released: Mon Nov 5 17:59:16 2018 Summary: Security update for opensc Severity: moderate References: 1104812,1106998,1106999,1107033,1107037,1107038,1107039,1107107,1108318,CVE-2018-16391,CVE-2018-16392,CVE-2018-16393,CVE-2018-16418,CVE-2018-16419,CVE-2018-16422,CVE-2018-16423,CVE-2018-16427 Description: This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) ----------------------------------------- Patch: SUSE-2018-2612 Released: Thu Nov 8 11:36:08 2018 Summary: Recommended update for bridge-utils Severity: low References: 1071964 Description: This update for bridge-utils provides the following fix: - Check for errors when opening files in fetch_id() to avoid crashing. (bsc#1071964) ----------------------------------------- Patch: SUSE-2018-2618 Released: Thu Nov 8 17:55:35 2018 Summary: Security update for curl Severity: moderate References: 1112758,1113660,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------- Patch: SUSE-2018-2636 Released: Mon Nov 12 20:37:08 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1113554 Description: This update provides the latest time zone definitions (2018g), including the following changes: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates ----------------------------------------- Patch: SUSE-2018-2645 Released: Tue Nov 13 08:15:39 2018 Summary: Security update for the Linux Kernel Severity: important References: 1031240,1047027,1049128,1050431,1064861,1065600,1066674,1071021,1081680,1094244,1094825,1103145,1105799,1106139,1106240,1107371,1107829,1107849,1108314,1108498,1109806,1109818,1110006,1110247,1113337,1113751,1113769,1114460,923775,CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2018-14633,CVE-2018-18281,CVE-2018-18386,CVE-2018-18710,CVE-2018-9516 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: An denial of service issue was discovered in the Linux kernel, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). - CVE-2018-9516: An issue was discovered in the Linux kernel, the copy_to_user() inside the HID code does not correctly check the length before executing (bsc#1108498). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bnc#1107829). The following non-security bugs were fixed: - Btrfs: fix deadlock when finalizing block group creation (bsc#1107849). - Btrfs: fix quick exhaustion of the system array in the superblock (bsc#1107849). - FS-Cache: Synchronise object death state change vs operation submission (bsc#1107371). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - KVM: Disable irq while unregistering user notifier (bsc#1106240). - KVM: SVM: obey guest PAT (bsc#1106240). - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (bsc#1106240). - KVM: emulate: fix CMPXCHG8B on 32-bit hosts (bsc#1106240). - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bsc#1106240). - KVM: x86: fix use of uninitialized memory as segment descriptor in emulator (bsc#1106240). - KVM: x86: zero base3 of unusable segments (bsc#1106240). - NFS - do not hang if xdr decoded username is bad (bsc#1105799). - NFSv4.1 - Do not leak IO size from one mount to another (bsc#1103145). - PCI/AER: Report non-fatal errors only to the affected endpoint (bsc#1109806). - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806). - PCI: shpchp: Check bridge's secondary (not primary) bus speed (bsc#1109806). - PCI: shpchp: Fix AMD POGO identification (bsc#1109806). - add kernel parameter to disable failfast on block devices (bsc#1081680). - block: add flag QUEUE_FLAG_REGISTERED (bsc#1047027). - block: allow gendisk's request_queue registration to be deferred (bsc#1047027). - crypto: ghash-clmulni-intel - use C implementation for setkey() (bsc#1110006). - dm: fix incomplete request_queue initialization (bsc#1047027). - dm: only initialize the request_queue once (bsc#1047027). - firmware/ihex2fw.c: restore missing default in switch statement (bsc#1114460). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (git-fixes). - locks: fix unlock when fcntl_setlk races with a close (git-fixes). - media: Fix invalid free in the fix for mceusb (bsc#1050431). - media: cx25821: prevent out-of-bounds read on array card (bsc#1050431). - media: ite-cir: initialize use_demodulator before using it (bsc#1050431). - media: mceusb: fix NULL-deref at probe (bsc#1050431). - media: mceusb: fix memory leaks in error path. - percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree() (git fixes). - powerpc, KVM: Rework KVM checks in first-level interrupt handlers (bsc#1094244). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bsc#1064861). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/asm: Mark cr0 as clobbered in mftb() (bsc#1049128). - powerpc/book3s: Introduce a early machine check hook in cpu_spec (bsc#1094244). - powerpc/book3s: Introduce exclusive emergency stack for machine check exception (bsc#1094244). - powerpc/book3s: Split the common exception prolog logic into two section (bsc#1094244). - powerpc/book3s: handle machine check in Linux host (bsc#1094244). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/pseries: Avoid using the size greater than (bsc#1094244). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc: Add a symbol for hypervisor trampolines (bsc#1094244). - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247). - powerpc: Make load_hander handle upto 64k offset (bsc#1094244). - powerpc: Rework runlatch code (bsc#1094244). - powerpc: Save CFAR before branching in interrupt entry paths (bsc#1094244). - powerpc: cputable: KABI - hide new cpu_spec member from genksyms (bsc#1094244). - powerpc: move MCE handler out-of-line and consolidate with machine_check_fwnmi (bsc#1094244). - powerpc: move stab code into #ifndef CONFIG_POWER4_ONLY (bsc#1094244). - powerpc: replace open-coded EXCEPTION_PROLOG_1 with the macro in slb miss handlers (bsc#1094244). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337). - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108314, LTC#171326). - s390/sclp: Change SCLP console default buffer-full behavior (bnc#1108314, LTC#171049). - scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (bsc#1106139). - scsi: libfc: Do not login if the port is already started (bsc#1106139). - scsi: libfc: do not advance state machine for incoming FLOGI (bsc#1106139). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#923775). - signals: avoid unnecessary taking of sighand->siglock (bsc#1110247). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). ----------------------------------------- Patch: SUSE-2018-2699 Released: Fri Nov 16 16:03:04 2018 Summary: Security update for openssh Severity: moderate References: 1091396,1105010,1106163,964336,982273,CVE-2018-15473,CVE-2018-15919 Description: This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Also the following security related hardening change was done: - Removed arcfour,blowfish,cast from list of default ciphers as they are long discontinued and should no longer be used. (bsc#982273) And the following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) ----------------------------------------- Patch: SUSE-2018-2723 Released: Tue Nov 20 19:35:17 2018 Summary: Recommended update for openssh Severity: important References: 1115654,1116577,CVE-2018-15919 Description: This update for openssh fixes the following issues: - Revert fix for CVE-2018-15919 which could have caused login problems with GSSAPI authentication (bsc#1115654, bsc#1116577) ----------------------------------------- Patch: SUSE-2018-2733 Released: Thu Nov 22 13:26:47 2018 Summary: Recommended update for autofs Severity: moderate References: 1038198,1062482,1066720,1068166 Description: This update for autofs provides the following fixes: - Fix issue where comparing CLOCK_MONOTONIC times with stat.st_mtime caused repeated re-reads of the map and stale ghost entries for failed mounts (bsc#1068166) - Fix ordering of seteuid/setegid in do_spawn (bsc#1062482) - Fix possible map instance memory leak (bsc#1038198) - Check map instances for staleness on map update (bsc#1038198) - Fix handling of replicated NFS server so that selection between servers still works sensibly when use_hostname_for_mounts is in effect. (bsc#1066720) - Fix a bug that causes nanoseconds to be ignored and effectively disables sorting of hosts based on response time and/or weight. (bsc#1066720) ----------------------------------------- Patch: SUSE-2018-2765 Released: Fri Nov 23 17:06:05 2018 Summary: Security update for tiff Severity: moderate References: 1010163,1014461,1040080,1040322,1074186,1099257,1113672,974446,974447,974448,983440,CVE-2015-8870,CVE-2016-3619,CVE-2016-3620,CVE-2016-3621,CVE-2016-5319,CVE-2016-9273,CVE-2017-17942,CVE-2017-9117,CVE-2017-9147,CVE-2018-12900,CVE-2018-18661 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163). - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440). - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448). - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447) - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446) - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging ----------------------------------------- Patch: SUSE-2018-2785 Released: Tue Nov 27 00:23:04 2018 Summary: Recommended update for yast2-network Severity: moderate References: 1103712,1108852,1113896,978463 Description: This update for yast2-network provides the following fixes: - Apply udev rules on running system. (bsc#978463) - Add 'bridge' settings to networking.rnc file. (bsc#1113896) - The following fixes to the networking autoyast schema (bsc#1103712, bsc#1108852): * Allow the usage of 'listentry' element in list entries. * Add missed s390 device 'layer2' boolean element. ----------------------------------------- Patch: SUSE-2018-2827 Released: Mon Dec 3 15:36:51 2018 Summary: Security update for glib2 Severity: moderate References: 1107116,1111499,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing (bsc#1111499). ----------------------------------------- Patch: SUSE-2018-2832 Released: Tue Dec 4 16:00:30 2018 Summary: Recommended update for the Linux Kernel Severity: important References: 1116888,1117042 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following issues: - Users of the PPC64 architecture used to experience process crashes and OOM errors because a bug in the kernel's stack management code caused stack corruption. [bsc#1116888] - A bug in the kernel's NFS code prevented users from mounting NFSv4 shares. [bsc#1117042] ----------------------------------------- Patch: SUSE-2018-2845 Released: Wed Dec 5 10:04:12 2018 Summary: Recommended update for mkinitrd Severity: moderate References: 1072711,1104090,1111603,726313,742884,950426 Description: This update for mkinitrd fixes the following issues: - check_for_device: Match only udev symlinks by major number. (bsc#726313) - purge-kernels: Add kernel-syms to packages to be removed by purge-kernels. (bsc#1104090) - purge-kernels: If a kernel cannot be removed due to dependencies, continue removing other kernels. (bsc#1104090) - Workaround for HPE 57810 adapter in offload mode with static IP. (bsc#950426) - Make mkinitrd content private. (bsc#742884, bsc#1072711, bsc#1111603) ----------------------------------------- Patch: SUSE-2018-2891 Released: Mon Dec 10 18:12:34 2018 Summary: Recommended update for glibc Severity: moderate References: 1064569,1110170,1110174,CVE-2017-15671 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). - Remove improper assert in dlclose (bsc#1110174, BZ #11941). ----------------------------------------- Patch: SUSE-2018-2902 Released: Tue Dec 11 21:46:51 2018 Summary: Recommended update for pciutils-ids Severity: moderate References: 1116085 Description: This update for pciutils-ids fixes the following issues: The pci.ids database was updated to 2018.02.08 (bsc#1116085) ----------------------------------------- Patch: SUSE-2018-2928 Released: Fri Dec 14 10:56:59 2018 Summary: Security update for tiff Severity: moderate References: 1017693,CVE-2016-10092,CVE-2016-10093,CVE-2016-10094 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). ----------------------------------------- Patch: SUSE-2018-2985 Released: Wed Dec 19 11:33:03 2018 Summary: Security update for crash Severity: low References: 1032471,1075785 Description: This update for crash provides the following fix: - Update crash to support -bigmem kernel dumps for PPC64, including the ones that have extended process virtual address space support to 128TB (bsc#1075785, bsc#1032471). ----------------------------------------- Patch: SUSE-2018-3030 Released: Fri Dec 21 17:34:32 2018 Summary: Recommended update for ntp Severity: important References: 1113663 Description: This update for ntp provides the following fix: - Leave SSL enabled when compiling against an OpenSSL version that does not support CMAC. (bsc#1113663) ----------------------------------------- Patch: SUSE-2018-3033 Released: Fri Dec 21 17:35:21 2018 Summary: Recommended update for multipath-tools Severity: moderate References: 1005255,1047180,1069037,1110671 Description: This update for multipath-tools provides the following fixes: - kpartx.rules: Do not bump link prio if DM_UDEV_LOW_PRIORITY_FLAG is set. (bsc#1047180) - tur checker: Fix 'TUR checker done' case. (bsc#1110671) - libmultipath: Fix unit to seconds in log message for checker timeout. (bsc#1069037) - libmultipath: Fix return code of sysfs_get_timeout. (bsc#1069037) - libmultipath: Use existing alias from bindings file. (bsc#1005255) ----------------------------------------- Patch: SUSE-2018-3048 Released: Thu Dec 27 09:06:24 2018 Summary: Security update for openssl Severity: moderate References: 1104789,1110018,1113534,1113652,CVE-2016-8610,CVE-2018-0734,CVE-2018-5407 Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). ----------------------------------------- Patch: SUSE-2019-84 Released: Fri Jan 11 17:17:30 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-85 Released: Fri Jan 11 17:18:13 2019 Summary: Recommended update for xorg-x11-libX11, xorg-x11-libxcb Severity: moderate References: 1115729 Description: This update for xorg-x11-libX11, xorg-x11-libxcb provides the following fix: - Add proper dependencies for handoff mechanism in 32bit version of the packages. (bsc#1115729) ----------------------------------------- Patch: SUSE-2019-129 Released: Fri Jan 18 16:30:31 2019 Summary: Security update for openssh Severity: important References: 1121571,1121816,1121818,1121821,CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111 Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) ----------------------------------------- Patch: SUSE-2019-185 Released: Mon Jan 28 14:13:38 2019 Summary: Recommended update for wodim Severity: moderate References: 1100466 Description: This update for wodim fixes the following issues: - Fixing a crash when option '-T' is used in conjunction with files larger than 4GB. (bsc#1100466) ----------------------------------------- Patch: SUSE-2019-187 Released: Mon Jan 28 14:14:07 2019 Summary: Recommended update for mkinitrd Severity: moderate References: 1118723 Description: This update for mkinitrd provides the following fix: - Dereference symlinks when copying binaries. (bsc#1118723) ----------------------------------------- Patch: SUSE-2019-214 Released: Thu Jan 31 13:08:18 2019 Summary: Recommended update for openssh Severity: important References: 1123028 Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's 'scp' utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running 'scp 'remote:{file-a,file-b}' /tmp' would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] ----------------------------------------- Patch: SUSE-2019-220 Released: Fri Feb 1 11:22:17 2019 Summary: Recommended update for openssl-certs Severity: moderate References: 1121446 Description: This update for openssl-certs fixes the following issues: The package was updated to 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------- Patch: SUSE-2019-309 Released: Fri Feb 8 14:47:03 2019 Summary: Security update for avahi Severity: moderate References: 1120281,CVE-2018-1000845 Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) ----------------------------------------- Patch: SUSE-2019-310 Released: Fri Feb 8 14:47:38 2019 Summary: Security update for fuse Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) ----------------------------------------- Patch: SUSE-2019-523 Released: Fri Mar 1 07:05:14 2019 Summary: Recommended update for krb5 Severity: moderate References: 1056995,1081725,1114897 Description: This update for krb5 fixes the following issues: - Fix GSS failures in legacy applications; (bsc#1081725); (bsc#1114897); - Fix a context leak in gss_accept_sec_context introduced by (bsc#1056995) ----------------------------------------- Patch: SUSE-2019-559 Released: Wed Mar 6 14:12:06 2019 Summary: Recommended update for multipath-tools Severity: moderate References: 1111270,1114771 Description: This update for multipath-tools fixes the following issues: - multipathd: Add delayed path reintegration (fate#326836, bsc#1114771, bsc#1111270) ----------------------------------------- Patch: SUSE-2019-601 Released: Tue Mar 12 18:40:52 2019 Summary: Security update for supportutils Severity: moderate References: 1117751,1118460,1118462,1118463,CVE-2018-19636,CVE-2018-19638,CVE-2018-19639,CVE-2018-19640 Description: This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script (bsc#1117751) - CVE-2018-19640: Users can kill arbitrary processes (bsc#1118463) - CVE-2018-19638: User can overwrite arbitrary log files in support tar (bsc#1118460) - CVE-2018-19639: Code execution if run with -v (bsc#1118462) ----------------------------------------- Patch: SUSE-2019-618 Released: Fri Mar 15 14:49:05 2019 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1031572,1068032,1086695,1087081,1094244,1098658,1104098,1104367,1104684,1104818,1105536,1106105,1106886,1107371,1109330,1109806,1110006,1112963,1113667,1114440,1114672,1114920,1115007,1115038,1115827,1115828,1115829,1115830,1115831,1115832,1115833,1115834,1115835,1115836,1115837,1115838,1115839,1115840,1115841,1115842,1115843,1115844,1116841,1117796,1117802,1117805,1117806,1117943,1118152,1118319,1118760,1119255,1119714,1120056,1120077,1120086,1120093,1120094,1120105,1120107,1120109,1120217,1120223,1120226,1120336,1120347,1120743,1120950,1121872,1121997,1122874,1123505,1123702,1123706,1124010,1124735,1125931,931850,969471,969473,CVE-2016-10741,CVE-2017-18360,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568,CVE-2019-7222 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add 'on'/'off' support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert 'NFS: Make close(2) asynchronous when closing NFS O_DIRECT files' (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert ' libfc: use offload EM instance again instead jumping to next EM' (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove 'weak' from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). ----------------------------------------- Patch: SUSE-2019-638 Released: Tue Mar 19 11:42:26 2019 Summary: Security update for libssh2_org Severity: moderate References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863 Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). ----------------------------------------- Patch: SUSE-2019-663 Released: Wed Mar 20 14:53:47 2019 Summary: Recommended update for augeas Severity: moderate References: 1091696 Description: This update for augeas provides the following fix: - Fix parsing of quoted strings with spaces in spacevars lens. (bsc#1091696) ----------------------------------------- Patch: SUSE-2019-687 Released: Thu Mar 21 18:39:48 2019 Summary: Security update for unzip Severity: moderate References: 1110194,CVE-2018-18384 Description: This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) ----------------------------------------- Patch: SUSE-2019-689 Released: Thu Mar 21 18:41:00 2019 Summary: Security update for libxml2 Severity: moderate References: 1010675,1102046,1110146,1126613,CVE-2016-9318,CVE-2018-14404 Description: This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). ----------------------------------------- Patch: SUSE-2019-692 Released: Thu Mar 21 19:51:39 2019 Summary: Recommended update for mkinitrd Severity: moderate References: 1125327 Description: This update for mkinitrd fixes the following issues: - Bugfix: Avoid purge-kernel loop when a package depends on a KMP (bsc#1125327) ----------------------------------------- Patch: SUSE-2019-773 Released: Wed Mar 27 10:37:36 2019 Summary: Security update for ntp Severity: moderate References: 1001182,1128525,CVE-2019-8936 Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. ----------------------------------------- Patch: SUSE-2019-774 Released: Wed Mar 27 11:05:06 2019 Summary: Security update for libmspack Severity: moderate References: 1113038,1113039,CVE-2018-18584,CVE-2018-18585 Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) ----------------------------------------- Patch: SUSE-2019-809 Released: Fri Mar 29 14:09:20 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated to 2019a (bsc#1130557): * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-814 Released: Fri Mar 29 16:32:59 2019 Summary: Security update for SDL Severity: moderate References: 1124799,1124800,1124802,1124803,1124805,1124806,1124824,1124825,1124826,1124827,1125099,CVE-2019-7572,CVE-2019-7573,CVE-2019-7574,CVE-2019-7575,CVE-2019-7576,CVE-2019-7577,CVE-2019-7578,CVE-2019-7635,CVE-2019-7636,CVE-2019-7637,CVE-2019-7638 Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). ----------------------------------------- Patch: SUSE-2019-829 Released: Mon Apr 1 11:47:37 2019 Summary: Security update for tiff Severity: low References: 1121626,983268,CVE-2016-5102,CVE-2019-6128 Description: This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) ----------------------------------------- Patch: SUSE-2019-830 Released: Mon Apr 1 13:25:28 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). ----------------------------------------- Patch: SUSE-2019-835 Released: Mon Apr 1 15:38:18 2019 Summary: Recommended update for krb5 Severity: important References: 1129085 Description: This update for krb5 fixes the following issues: - A previously released update introduced a regression for Windows clients that manifested in gss_display_name() malfunctioning, complaining that 'an invalid name was supplied'. This issue is now fixed. [bsc#1129085] ----------------------------------------- Patch: SUSE-2019-951 Released: Mon Apr 15 16:36:08 2019 Summary: Security update for python Severity: important References: 1129346,1130847,CVE-2019-9636,CVE-2019-9948 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-1031 Released: Thu Apr 25 10:34:46 2019 Summary: Security update for openssh Severity: moderate References: 1090671,1115550,1119183,1121816,1121821,1131709,CVE-2019-6109,CVE-2019-6111 Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). ----------------------------------------- Patch: SUSE-2019-1058 Released: Sat Apr 27 09:31:27 2019 Summary: Security update for libssh2_org Severity: important References: 1091236,1130103,1133528,CVE-2019-3859 Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] - Store but don't use keys of unsupported types in the known_hosts file [bsc#1091236] ----------------------------------------- Patch: SUSE-2019-1107 Released: Tue Apr 30 12:51:25 2019 Summary: Recommended update for glibc Severity: important References: 1100396,1103244 Description: This update for glibc fixes the following issues: - Add support for the new Japanese time era name that comes into effect on 2019-05-01. [bsc#1100396, bsc#1103244] ----------------------------------------- Patch: SUSE-2019-1180 Released: Tue May 7 18:09:20 2019 Summary: Security update for sqlite3 Severity: moderate References: 1085790,1132045,CVE-2017-10989,CVE-2018-8740 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). ----------------------------------------- Patch: SUSE-2019-1205 Released: Fri May 10 14:00:58 2019 Summary: Security update for samba Severity: moderate References: 1101499,1131060,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issue fixed: - Make init scripts create log directories before running daemons (bsc#1101499) ----------------------------------------- Patch: SUSE-2019-1233 Released: Tue May 14 18:30:50 2019 Summary: Security update for glibc Severity: moderate References: 1127223,CVE-2009-5155 Description: This update for glibc fixes the following issue: Security issue fixed: - CVE-2009-5155: Fixed a local denial of service inside the parse_reg_exp in posix/regcomp.c (bsc#1127223). ----------------------------------------- Patch: SUSE-2019-1263 Released: Thu May 16 09:49:19 2019 Summary: Security update for screen Severity: low References: 944458,CVE-2015-6806 Description: This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). ----------------------------------------- Patch: SUSE-2019-1270 Released: Thu May 16 14:26:01 2019 Summary: Security update for libxslt Severity: moderate References: 1132160,CVE-2019-11068 Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------- Patch: SUSE-2019-1271 Released: Thu May 16 15:04:28 2019 Summary: Security update for the Linux Kernel Severity: important References: 1082943,1094244,1103186,1106886,1110436,1111331,1112178,1117515,1119019,1127082,1127376,1127445,1127534,1127738,1128166,1128383,1129248,1129437,1129439,1129770,1130353,1130384,1131107,1131587,1132589,773383,774523,797175,800280,801178,816708,CVE-2012-3412,CVE-2012-3430,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-1979,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091,CVE-2019-9213 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2013-0216: The Xen netback functionality allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption (bnc#800280). - CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (bnc#801178). - CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket (bnc#773383). - CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value (bnc#774523). - CVE-2013-0160: The kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device (bnc#797175). - CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application (bnc#816708). The following non-security bugs were fixed: - Add opcodes from net: filter: BPF 'JIT' compiler for PPC64 (bsc#1131107). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129439). - USB: Add new USB LPM helpers (bsc#1129770). - USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename 'reclaim' (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - drm: Fix error handling in drm_legacy_addctx (bsc#1106886) - ext3: Set bitmap tails when growing filesystem (bsc#1128383). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106886) - iommu/vt-d: Check capability before disabling protected memory (bsc#1130353). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129248). - kernel/watchdog.c: control hard lockup detection default (bsc#1110436). - kvm: ensure hard lockup detection is disabled by default (bsc#1110436). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129437). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/mmap)). - mpt2sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bsc#1130384). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/qeth: cancel close_dev work before removing a card (LTC#175048, bsc#1127376). - s390/qeth: fix use-after-free in error path (LTC#175048, bsc#1127376, bsc#1127534). - s390/qeth: handle failure on workqueue creation (LTC#175048, bsc#1127376). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1111331). - sched/smt: Make sched_smt_present track topology (bsc#1111331). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: qla2xxx: do not disable a not previously enabled PCI device (bsc#1127738). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). ----------------------------------------- Patch: SUSE-2019-1305 Released: Tue May 21 16:38:40 2019 Summary: Recommended update for gcc43 , libffi43 Severity: moderate References: 1111793 Description: This update of gcc43 and libffi43 fixes the following issue: - The libffi43 library is delivered for SLES 11 SP3. ----------------------------------------- Patch: SUSE-2019-1306 Released: Tue May 21 18:14:55 2019 Summary: Security update for gnutls Severity: moderate References: 1047002,1105460,CVE-2017-10790,CVE-2018-10846 Description: This update for gnutls fixes the following issues: Security issues fixed: - CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks (PRIME + PROBE) (bsc#1105460). - CVE-2017-10790: Fixed a denial of service in the _asn1_check_identifier() function (bsc#1047002). ----------------------------------------- Patch: SUSE-2019-1338 Released: Fri May 24 11:56:20 2019 Summary: Security update for curl Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------- Patch: SUSE-2019-1377 Released: Wed May 29 14:12:21 2019 Summary: Security update for libtasn1 Severity: moderate References: 1040621,1105435,CVE-2017-6891,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). ----------------------------------------- Patch: SUSE-2019-1386 Released: Fri May 31 08:46:18 2019 Summary: Security update for jpeg Severity: low References: 1122299,1128712,CVE-2018-11212,CVE-2018-14498 Description: This update for jpeg fixes the following issue: Security issue fixed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11212: Fixed divide by zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-14498: Fixed denial of service in get_8bit_row in rdbmp.c (bsc#1128712). ----------------------------------------- Patch: SUSE-2019-1442 Released: Thu Jun 6 18:25:33 2019 Summary: Security update for bind Severity: important References: 1104129,1126068,1126069,1133185,CVE-2018-5740,CVE-2018-5743,CVE-2018-5745,CVE-2019-6465 Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). ----------------------------------------- Patch: SUSE-2019-1455 Released: Tue Jun 11 10:07:34 2019 Summary: Security update for vim Severity: important References: 1137443,CVE-2019-12735 Description: This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). ----------------------------------------- Patch: SUSE-2019-1462 Released: Tue Jun 11 18:13:40 2019 Summary: Security update for elfutils Severity: low References: 1030472,1030476,1033084,1033085,1033087,1033088,1033089,1033090,1106390,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2016-10254,CVE-2016-10255,CVE-2017-7607,CVE-2017-7608,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read in in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c which could have lead to denial of service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). - CVE-2017-7613: Missing validation of the number of sections and the number of segments allowed remote attackers to cause a denial of service (memory consumption) via a crafted ELF file (bsc#1033090). - CVE-2017-7612: The check_sysv_hash function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089). ----------------------------------------- Patch: SUSE-2019-1465 Released: Wed Jun 12 08:45:51 2019 Summary: Recommended update for mdadm Severity: moderate References: 1081286,1082766,1095141,1095729,1096363,1105175 Description: This update for mdadm provides the following fixes: - Assemble: Prevent a segmentation fault with faulty 'best' devices. (bsc#1082766, bsc#1095729) - Do not use the bad_blocks and unacknowledged_bad_blocks sysfs entries which are not available in SLE11-SP4 kernel. (bsc#1105175) - Accept option '--brief' with '--export' (bsc#1095141) Call mdadm --detail --export with --brief in 64-md-raid.rules. This should prevent overflow on large deployment. - md_monitor: use pselect (bsc#1095141) - md_monitor: fix crash in display_io_status (bsc#1096363) - md_monitor: fixup crash in display_md_status (bsc#1081286), (bsc#1096363) - Delete code that require sysfs entries bad_blocks and unacknowledged_bad_blocks which are not in SLE11-SP4 kernel. (bsc#1105175) ----------------------------------------- Patch: SUSE-2019-1510 Released: Fri Jun 14 16:18:53 2019 Summary: Security update for sqlite3 Severity: important References: 1136976,CVE-2019-8457 Description: This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). ----------------------------------------- Patch: SUSE-2019-1545 Released: Tue Jun 18 12:58:19 2019 Summary: Security update for the Linux Kernel Severity: important References: 1110785,1113769,1119314,1120326,1120843,1120885,1131295,1131543,1132374,1132472,1132580,1133188,1134102,1134729,1134848,1137586,923908,939260,CVE-2014-9710,CVE-2018-17972,CVE-2019-11190,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11884,CVE-2019-5489 Description: The SUSE Linux Enterprise 11 SP4 kernel version 3.0.101 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2014-9710: The Btrfs implementation in the Linux kernel did not ensure that the visible xattr state is consistent with a requested replacement, which allowed local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data did not fit (bnc#923908). - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843). - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat (bnc#1131543). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character (bnc#1134848). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). The following non-security bugs were fixed: - cifs: fix uninitialized memory access (bsc#1120326). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kernel: Add CEX7 toleration support (bsc#1131295). - net: ipsec: fix a kernel oops caused by reentrant workqueue (bsc#1119314). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86/MCE: Handle 'nosmt' offlining properly (bsc#1134729). - xfs: do not cache inodes read through bulkstat (bsc#1134102). ----------------------------------------- Patch: SUSE-2019-1561 Released: Wed Jun 19 08:58:42 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz doesn't address any customer relevant issues. - The license has been updated (bsc#1135709) * LGPLv2.1+ (getopt_long) * GPLv2+ (scripts to grep, diff, and view compressed files, +doc) * SUSE-Public-Domain licence (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) ----------------------------------------- Patch: SUSE-2019-1609 Released: Fri Jun 21 10:27:27 2019 Summary: Security update for libssh2_org Severity: moderate References: 1128481,1136570,CVE-2019-3860 Description: This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) ----------------------------------------- Patch: SUSE-2019-1685 Released: Mon Jun 24 11:14:21 2019 Summary: Security update for glib2 Severity: important References: 1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). ----------------------------------------- Patch: SUSE-2019-1719 Released: Tue Jul 2 10:31:25 2019 Summary: Security update for dbus-1 Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------- Patch: SUSE-2019-1831 Released: Fri Jul 12 17:52:10 2019 Summary: Security update for expat Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------- Patch: SUSE-2019-1848 Released: Mon Jul 15 14:39:37 2019 Summary: Security update for bzip2 Severity: important References: 1139083,985657,CVE-2016-3189,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------- Patch: SUSE-2019-1872 Released: Wed Jul 17 17:21:55 2019 Summary: Security update for coreutils Severity: moderate References: 928749,CVE-2015-4041,CVE-2015-4042 Description: This update for coreutils fixes the following issues: Security issues fixed: - CVE-2015-4041, CVE-2015-4042: Fixed a buffer overflow related to case conversion (bsc#928749). ----------------------------------------- Patch: SUSE-2019-1897 Released: Thu Jul 18 17:53:11 2019 Summary: Security update for the Linux Kernel Severity: important References: 1063416,1090078,1102340,1120758,1134395,1134835,1135650,1136424,1137194,1138943,1139751,CVE-2018-20836,CVE-2018-5390,CVE-2019-12614,CVE-2019-3459,CVE-2019-3460,CVE-2019-3846,CVE-2019-3896 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel(bnc#1120758). - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before (bnc#1120758). - CVE-2019-3896: A double-free could happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could lead to a denial of service (bnc#1102340). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446). The following non-security bugs were fixed: - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835). - signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650). - signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig() (bsc#1135650). - tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751) ----------------------------------------- Patch: SUSE-2019-1905 Released: Fri Jul 19 12:48:41 2019 Summary: Recommended update for openssh Severity: important References: 1138936 Description: This update for openssh fixes the following issues: - Fix a regression in utf-8 handling that could cause crashes of scp (bsc#1138936). ----------------------------------------- Patch: SUSE-2019-2038 Released: Fri Aug 2 08:34:27 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-2051 Released: Tue Aug 6 09:43:01 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-2090 Released: Thu Aug 8 13:23:16 2019 Summary: Security update for python Severity: important References: 1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). ----------------------------------------- Patch: SUSE-2019-1515 Released: Tue Aug 20 17:56:54 2019 Summary: Security update for glibc Severity: important References: 1127308,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). ----------------------------------------- Patch: SUSE-2019-2252 Released: Thu Aug 29 16:18:17 2019 Summary: Security update for the Linux Kernel Severity: important References: 1134390,1134399,1138744,1139358,1140945,1140965,1141401,1141402,1141452,1141453,1141454,1142023,1143045,1143179,1143189,1143191,CVE-2015-9289,CVE-2018-20855,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-14283,CVE-2019-14284 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2015-9289: A buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allowed larger values such as 23 (bsc#1143179). The following non-security bugs were fixed: - fix detection of race between fcntl-setlk and close (bsc#1140965). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744). ----------------------------------------- Patch: SUSE-2019-1552 Released: Wed Sep 11 16:45:12 2019 Summary: Security update for openssl Severity: moderate References: 1117951,1127080,1131291,CVE-2019-1559 Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attack (bsc#1117951) ----------------------------------------- Patch: SUSE-2019-2386 Released: Tue Sep 17 15:41:57 2019 Summary: Security update for curl Severity: important References: 1149496,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------- Patch: SUSE-2019-2408 Released: Thu Sep 19 15:26:11 2019 Summary: Security update for openssl Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). ----------------------------------------- Patch: SUSE-2019-2445 Released: Tue Sep 24 13:19:46 2019 Summary: Security update for expat Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) ----------------------------------------- Patch: SUSE-2019-2446 Released: Tue Sep 24 13:19:59 2019 Summary: Security update for libgcrypt Severity: moderate References: 1148987,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-13627: Mitigated against an ECDSA timing attack. (bsc#1148987) ----------------------------------------- Patch: SUSE-2019-2449 Released: Tue Sep 24 13:53:29 2019 Summary: Security update for libxml2 Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------- Patch: SUSE-2019-2479 Released: Thu Sep 26 14:51:37 2019 Summary: Security update for gpg2 Severity: moderate References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). ----------------------------------------- Patch: SUSE-2019-2554 Released: Fri Oct 4 13:36:35 2019 Summary: Recommended update for tcsh Severity: moderate References: 1134508,992577 Description: This update for tcsh provides the following fix: - Make a copy of the file descriptor of the history file to be able not only to lock but also unlock the file. (bsc#992577, bsc#1134508) ----------------------------------------- Patch: SUSE-2019-2665 Released: Tue Oct 15 11:18:38 2019 Summary: Security update for tcpdump Severity: important References: 1057247,1153098,1153332,CVE-2017-12893,CVE-2017-12894,CVE-2017-12896,CVE-2017-12897,CVE-2017-12898,CVE-2017-12899,CVE-2017-12900,CVE-2017-12901,CVE-2017-12902,CVE-2017-12985,CVE-2017-12986,CVE-2017-12987,CVE-2017-12988,CVE-2017-12991,CVE-2017-12992,CVE-2017-12993,CVE-2017-12995,CVE-2017-12996,CVE-2017-12998,CVE-2017-12999,CVE-2017-13001,CVE-2017-13002,CVE-2017-13003,CVE-2017-13004,CVE-2017-13005,CVE-2017-13006,CVE-2017-13008,CVE-2017-13009,CVE-2017-13010,CVE-2017-13012,CVE-2017-13013,CVE-2017-13014,CVE-2017-13016,CVE-2017-13017,CVE-2017-13018,CVE-2017-13019,CVE-2017-13021,CVE-2017-13022,CVE-2017-13023,CVE-2017-13024,CVE-2017-13025,CVE-2017-13027,CVE-2017-13028,CVE-2017-13029,CVE-2017-13030,CVE-2017-13031,CVE-2017-13032,CVE-2017-13034,CVE-2017-13035,CVE-2017-13036,CVE-2017-13037,CVE-2017-13038,CVE-2017-13041,CVE-2017-13047,CVE-2017-13048,CVE-2017-13049,CVE-2017-13051,CVE-2017-13053,CVE-2017-13055,CVE-2017-13687,CVE-2017-13688,CVE-2017-13689,CVE-2017-13725,CVE-2018-10103,CVE-2018-10105,CVE-2018-14461,CVE-2018-14462,CVE-2018-14463,CVE-2018-14464,CVE-2018-14465,CVE-2018-14466,CVE-2018-14467,CVE-2018-14468,CVE-2018-14469,CVE-2018-14881,CVE-2018-14882,CVE-2018-16229,CVE-2018-16230,CVE-2018-16300,CVE-2018-16301,CVE-2018-16451,CVE-2018-16452,CVE-2019-15166 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-12995: Fixed an infinite loop in the DNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Fixed a buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12894: Fixed a buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12896: Fixed a buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12897: Fixed a buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12898: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12899: Fixed a buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12900: Fixed a buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12901: Fixed a buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12902: Fixed a buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247). - CVE-2017-12985: Fixed a buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12986: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2017-12987: Fixed a buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12988: Fixed a buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12991: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12992: Fixed a buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247). - CVE-2017-12993: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-12996: Fixed a buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12998: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12999: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13001: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13002: Fixed a buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247). - CVE-2017-13003: Fixed a buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13004: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-13005: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13006: Fixed a buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13008: Fixed a buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13009: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13010: Fixed a buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13012: Fixed a buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13013: Fixed a buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13014: Fixed a buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13016: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13017: Fixed a buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13018: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13019: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13021: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13022: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13023: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13024: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13025: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13027: Fixed a buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13028: Fixed a buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13029: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13030: Fixed a buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13031: Fixed a buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247). - CVE-2017-13032: Fixed a buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13034: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13035: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13036: Fixed a buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13037: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13038: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13041: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13047: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13048: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13049: Fixed a buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13051: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13053: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13055: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13687: Fixed a buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247). - CVE-2017-13688: Fixed a buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247). - CVE-2017-13689: Fixed a buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13725: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). ----------------------------------------- Patch: SUSE-2019-2711 Released: Fri Oct 18 16:19:55 2019 Summary: Security update for sudo Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------- Patch: SUSE-2019-2733 Released: Tue Oct 22 08:51:22 2019 Summary: Security update for python Severity: moderate References: 1149955,CVE-2019-16056 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) ----------------------------------------- Patch: SUSE-2019-2775 Released: Thu Oct 24 13:57:24 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2804 Released: Tue Oct 29 11:45:03 2019 Summary: Security update for samba Severity: important References: 1144902,CVE-2019-10218 Description: This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). ----------------------------------------- Patch: SUSE-2019-2899 Released: Wed Nov 6 11:20:09 2019 Summary: Security update for libssh2_org Severity: moderate References: 1154862,CVE-2019-17498 Description: This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). ----------------------------------------- Patch: SUSE-2019-2969 Released: Wed Nov 13 16:19:14 2019 Summary: Security update for the Linux Kernel Severity: important References: 1101061,1113201,1117665,1131107,1143327,1144903,1145477,1145922,1146163,1146285,1146361,1146391,1146524,1146540,1146547,1146678,1147122,1148938,1149376,1149522,1150025,1150112,1150452,1150457,1150465,1150599,1151347,1151350,1152779,1152782,1152786,1152789,1153158,1155671,802154,936875,CVE-2017-18509,CVE-2017-18551,CVE-2018-12207,CVE-2018-20976,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-14835,CVE-2019-15118,CVE-2019-15212,CVE-2019-15216,CVE-2019-15217,CVE-2019-15219,CVE-2019-15291,CVE-2019-15292,CVE-2019-15505,CVE-2019-15807,CVE-2019-15902,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-17052,CVE-2019-17053,CVE-2019-17054,CVE-2019-17055,CVE-2019-17133,CVE-2019-9456 Description: The SUSE Linux Enterprise 11-SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-17052: ax25_create in the AF_AX25 network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket, aka CID-0614e2b73768. (bnc#1152779) - CVE-2019-17055: base_sock_create in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (bnc#1152782) - CVE-2019-17054: atalk_create in the AF_APPLETALK network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. (bnc#1152786) - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17053: ieee802154_create in the AF_IEEE802154 network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users could create a raw socket, aka CID-e69dbd4619e7. (bnc#1152789) - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems. (bnc#1151347) - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function. (bnc#1146540) - CVE-2019-15807: There was a memory leak in the SAS expander driver when SAS expander discovery fails. This could cause a denial of service. (bnc#1148938) - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux the kernel's KVM hypervisor implemented the Coalesced MMIO write operation. It operated on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (bnc#1151350) - CVE-2019-15505: The Linux kernel had an out-of-bounds read via crafted USB device traffic (which may have been remote via usbip or usbredir). (bnc#1147122) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host. (bnc#1150112) - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bnc#1146361) - CVE-2019-9456: In the Android kernel in Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction was not needed for exploitation. (bnc#1150025) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c. (bnc#1149522) - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered)\ code lines were swapped. (bnc#1149376) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bnc#1146524) - CVE-2017-18509: An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue could be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurred because sk_type and protocol were not checked in the appropriate part of the ip6_mroute_* functions. (bnc#1145477) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bnc#1146391) - CVE-2019-15292: There was a use-after-free in atalk_proc_exit. (bnc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bnc#1146547) - CVE-2018-20976: A use after free was discovered in fs/xfs/xfs_super.c, related to xfs_fs_fill_super failure. (bnc#1146285) - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bnc#1146163) - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion. (bnc#1145922) The following non-security bugs were fixed: - add a missing lfence in kernel error entry and remove a superfluous lfence in userspace interrupt exit paths - Documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - array_index_nospec: Sanitize speculative array (bsc#1155671) - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - IB/core: Add mitigation for Spectre V1 (bsc#1155671) - inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state (bsc#1101061). - kABI Fix for IFU Patches (bsc#1117665). - kthread: Implement park/unpark facility (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop read-only large sptes when creating lower level sptes (bsc#1117665). - kvm: MMU: fast invalidate all pages (bsc1117665). - kvm: VMX: export PFEC.P bit on ept (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - mm/readahead.c: fix readahead failure for memoryless NUMA nodes and limit readahead pages (bsc#1143327). - mm: use only per-device readahead limit (bsc#1143327). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - xfs: xfs_remove deadlocks due to inverted AGF vs AGI lock ordering (bsc#1150599). ----------------------------------------- Patch: SUSE-2019-2977 Released: Thu Nov 14 22:42:20 2019 Summary: Recommended update for crash Severity: moderate References: 1142056 Description: This update for crash fixes the following issues: - Fixes an issue when analyzing memory dumps from ppc64 machines with large amount of memory (bsc#1142056) ----------------------------------------- Patch: SUSE-2019-3023 Released: Thu Nov 21 09:36:23 2019 Summary: Security update for cpio Severity: moderate References: 1155199,963448,CVE-2016-2037,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). - CVE-2016-2037: Fixed an out-of-bounds write in the way cpio parses certain cpio files (bsc#963448). ----------------------------------------- Patch: SUSE-2019-3051 Released: Mon Nov 25 17:27:50 2019 Summary: Security update for sqlite3 Severity: important References: 1155787,CVE-2017-2518 Description: This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). ----------------------------------------- Patch: SUSE-2019-3054 Released: Mon Nov 25 17:28:39 2019 Summary: Security update for cups Severity: important References: 1146358,1146359,959478,CVE-2019-8675,CVE-2019-8696 Description: This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). - Fixed a double free which was triggered by Java application (bsc#959478). ----------------------------------------- Patch: SUSE-2019-3071 Released: Tue Nov 26 13:31:11 2019 Summary: Security update for ncurses Severity: moderate References: 1056126,1056127,1056128,1056129,1056131,1056132,1056136,1131830,1154037,CVE-2017-13728,CVE-2017-13729,CVE-2017-13730,CVE-2017-13731,CVE-2017-13732,CVE-2017-13733,CVE-2017-13734,CVE-2018-10754,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fixed an infinite loop in the next_char function (bsc#1056136). - CVE-2017-13729: Fixed an illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fixed an illegal address access in the function _nc_read_entry_source (bsc#1056131). - CVE-2017-13731: Fixed an illegal address access in the function postprocess_termcap (bsc#1056129). - CVE-2017-13732: Fixed an illegal address access in the function dump_uses (bsc#1056128). - CVE-2017-13733: Fixed an illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13734: Fixed an illegal address access in the _nc_safe_strcat (bsc#1056126). - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037) ----------------------------------------- Patch: SUSE-2019-3082 Released: Wed Nov 27 13:20:20 2019 Summary: Security update for bsdtar Severity: moderate References: 1005070,1059139,985601,985706,CVE-2015-8915,CVE-2015-8925,CVE-2016-8687,CVE-2017-14503 Description: This update for bsdtar fixes the following issues: - CVE-2015-8915: Fixed an invalid read which could have allowed remote attackers to cause a denial of service (bsc#985601). - CVE-2015-8925: Fixed an invalid read which could have allowed remote attackers to cause a denial of service (bsc#985706). - CVE-2017-14503: Fixed an out of bounds read within lha_read_data_none() in archive_read_support_format_lha.c (bsc#1059139). - CVE-2016-8687: Fixed a buffer overflow when printing a filename (bsc#1005070). ----------------------------------------- Patch: SUSE-2019-3187 Released: Thu Dec 5 11:44:36 2019 Summary: Security update for permissions Severity: moderate References: 1150734,1157198,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3690: Fixed a privilege escalation through untrusted symlinks (bsc#1150734). ----------------------------------------- Patch: SUSE-2019-3265 Released: Wed Dec 11 11:17:03 2019 Summary: Security update for ncurses Severity: important References: 1115929,1121450,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed NULL pointer dereference at function _nc_parse_entry in parse_entry.c (bsc#1115929). Bug fixes: - Modify bsc#1115929 patch to fix change in form_driver() that breaks ncurses-5.9 and the variable move_after_insert of ncurses-6.1 (bsc#1121450). ----------------------------------------- Patch: SUSE-2019-3287 Released: Thu Dec 12 15:50:58 2019 Summary: Security update for openssl Severity: important References: 1153785,CVE-2019-1563 Description: This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 (bsc#1153785). ----------------------------------------- Patch: SUSE-2019-3320 Released: Tue Dec 17 13:51:34 2019 Summary: Recommended update for suseRegister Severity: moderate References: 1157748 Description: This update for suseRegister fixes the following issues: - Migrate SLE 11 systems from NCC to SCC. (jsc#PM-1471, ECO#821, bsc#1157748) - Add cronjob 'cron_migration_to_scc' that runs the migration and deletes itself afterwards. ----------------------------------------- Patch: SUSE-2019-1408 Released: Mon Dec 23 16:54:38 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1115083,1134102 Description: This update for xfsprogs fixes the following issues: - xfs_db: fix crash when field list selector string has trailing slash (bsc#1115083) - xfs_fsr: file reads should be O_DIRECT (bsc#1134102) ----------------------------------------- Patch: SUSE-2019-3398 Released: Mon Dec 30 17:45:22 2019 Summary: Recommended update for mutt Severity: moderate References: 1115561 Description: This update for mutt fixes the following issues: - Enable configure option '--enable-smtp' for smtp support. (bsc#1115561) ----------------------------------------- Patch: SUSE-2020-350 Released: Thu Feb 6 14:51:38 2020 Summary: Recommended update for openssl-certs Severity: moderate References: 1144169,1160160 Description: This update for openssl-certs fixes the following issues: openssl-certs was updated to the 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email - Certinomis - Root CA Added certificates: - Entrust Root Certification Authority - G4 - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------- Patch: SUSE-2020-504 Released: Thu Feb 27 10:36:16 2020 Summary: Security update for libexif Severity: moderate References: 1120943,1160770,CVE-2018-20030,CVE-2019-9278 Description: This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). ----------------------------------------- Patch: SUSE-2020-515 Released: Thu Feb 27 14:37:25 2020 Summary: Security update for openssl Severity: moderate References: 1117951,1160163 Description: This update for openssl fixes the following issues: - Add missing commits for fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) ----------------------------------------- Patch: SUSE-2020-546 Released: Fri Feb 28 15:54:16 2020 Summary: Recommended update for permissions Severity: moderate References: 1160594,1160764,1163922,CVE-2020-8013 Description: This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed a missing symlink check. Do not follow symlinks that are the final path element (bsc#1163922). - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). ----------------------------------------- Patch: SUSE-2020-577 Released: Tue Mar 3 15:23:42 2020 Summary: Security update for python Severity: moderate References: 1162367,CVE-2020-8492 Description: This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). ----------------------------------------- Patch: SUSE-2020-656 Released: Thu Mar 12 14:46:22 2020 Summary: Recommended update for libzypp Severity: moderate References: 1099982,1163408,556664,939392 Description: This update for libzypp fixes the following issues: - Service refresh must not attempt to modify plugin services en-/disable repos with respect to previous state and user modifications. (bsc#1163408) - Fix conversion of string and glob to regex when compiling queries. (bsc#1099982, bsc#939392, bsc#556664) ----------------------------------------- Patch: SUSE-2020-707 Released: Tue Mar 17 15:55:37 2020 Summary: Recommended update for suseRegister Severity: moderate References: 1157119 Description: This update for suseRegister fixes the following issues: - Fix for RMT server to handle network issues when syncing with SCC. (bsc#1157119) ----------------------------------------- Patch: SUSE-2020-1044 Released: Thu Apr 23 11:31:10 2020 Summary: Security update for cups Severity: important References: 1168422,CVE-2020-3898 Description: This update for cups fixes the following issues: - CVE-2020-3898: Fixed heap buffer overflow in libcups ppdFindOption() function (bsc#1168422). ----------------------------------------- Patch: SUSE-2020-1154 Released: Wed Apr 29 22:55:38 2020 Summary: Security update for openldap2 Severity: important References: 1143194,1143273,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: - CVE-2019-13565: Fixed an authentication bypass caused by incorrect authorization of another connection, granting excess connection rights (bsc#1143194). - CVE-2019-13057: Fixed an issue with improper authorization with delegated database admin privileges (bsc#1143273). ----------------------------------------- Patch: SUSE-2020-1161 Released: Thu Apr 30 18:00:03 2020 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1091041,1105327,1131107,1136471,1136922,1146519,1146544,1146612,1148871,1149448,1152631,1156652,1157038,1157070,1157143,1157155,1157157,1157303,1157344,1157678,1157804,1157923,1158381,1158410,1158413,1158427,1158445,1158823,1158824,1158834,1158900,1158904,1159285,1159841,1159908,1159911,1161358,1162928,1162929,1162931,1164078,1165111,1165985,1167629,1168075,1168829,1168854,CVE-2019-12456,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-15916,CVE-2019-18660,CVE-2019-18675,CVE-2019-19066,CVE-2019-19073,CVE-2019-19074,CVE-2019-19227,CVE-2019-19523,CVE-2019-19524,CVE-2019-19527,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19537,CVE-2019-19768,CVE-2019-19965,CVE-2019-19966,CVE-2019-20096,CVE-2020-10942,CVE-2020-11608,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-9383 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bsc#1167629). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bsc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bsc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bsc#1159285). - CVE-2020-11608: Fixed a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bsc#1168829). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service or possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker is able to cause a denial of service or possibly execute arbitrary code, when a STA works in IBSS mode and connects to another STA (bsc#1157155). - CVE-2019-18675: Fixed an Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bsc#1157804). - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bsc#1159911). - CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service by triggering bfa_port_get_stats() failures (bsc#1157303). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bsc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bsc#1159841). - CVE-2019-19532: Fixed multiple out-of-bounds write bugs that can be caused by a malicious USB device (bsc#1158824). - CVE-2019-19523: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bsc#115882). - CVE-2019-19537: Fixed a race condition that can be caused by a malicious USB device in the USB character device driver layer (bsc#1158904). - CVE-2019-19527, CVE-2019-19530, CVE-2019-19524: Fixed multiple use-after-free bug that could be caused by a malicious USB device (bsc#1158381, bsc#1158834, bsc#1158900). - CVE-2019-15213: Fixed a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bsc#1146544). - CVE-2019-19531: Fixed a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bsc#1158445). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs (bsc#1157038). - CVE-2019-19227: Fixed a potential NULL pointer dereference in the AppleTalk subsystem (bsc#1157678). - CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd(), which allowed attackers to cause a denial of service (bsc#1157143). - CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c, which allowed attackers to cause a denial of service (bsc#1157070). - CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which could cause denial of service (bsc#1149448). - CVE-2019-12456: Fixed a denial of service in _ctl_ioctl_main, which could be triggered by a local user (bsc#1136922). The following non-security bugs were fixed: - Input: add safety guards to input_set_keycode() (bsc#1168075). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: Fix oops scsi_disk_get() (bsc#1105327). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - kaiser: Fix for 32bit KAISER implementations (bsc#1157344). - klist: fix starting point removed bug in klist iterators (bsc#1156652). - kobject: Export kobject_get_unless_zero() (bsc#1105327). - kobject: fix kset_find_obj() race with concurrent last kobject_put() (bsc#1105327). - kref: minor cleanup (bsc#1105327). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - rpm/kernel-binary.spec.in: Replace Novell with SUSE - sched: Fix race between task_group and sched_task_group (bsc#1136471). - sched: Remove lockdep check in sched_move_task() (bsc#1136471). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1148871). - writeback: fix race that cause writeback hung (bsc#1161358). - x86: fix speculation bug reporting (bsc#1012382). ----------------------------------------- Patch: SUSE-2020-1191 Released: Tue May 5 14:08:41 2020 Summary: Security update for puppet Severity: moderate References: 1167645,935899,CVE-2020-7942 Description: This update for puppet fixes the following issues: Security issue fixed: - CVE-2020-7942: Added a warning for a vulnerable configuration option, which could allow for information disclosure in certain setups. Disabling it my break some setups. (bsc#1167645) Non-security issue fixed: - Fixed deletion of puppet master file /etc/puppet/manifests/site.pp during updates (bsc#935899). ----------------------------------------- Patch: SUSE-2020-1215 Released: Thu May 7 12:09:10 2020 Summary: Security update for openldap2 Severity: important References: 1170771,CVE-2020-12243 Description: This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------- Patch: SUSE-2020-1256 Released: Tue May 12 17:34:48 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1278 Released: Thu May 14 14:00:26 2020 Summary: Security update for syslog-ng Severity: moderate References: 1169385,CVE-2020-8019 Description: This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update (bsc#1169385). ----------------------------------------- Patch: SUSE-2020-1283 Released: Thu May 14 15:57:44 2020 Summary: Recommended update for sudo Severity: important References: 1015162,1015351 Description: This update for sudo fixes the following issues: - Check if the monitor process became an orphan when receiving SIGHUP. (bsc#1015162) Terminate the child in that case. - sudo is not able to resolve sudo for users when using LDAP. (bsc#1015351) SSSD doesn't handle netgroups, we have to ensure they are correctly filtered in sudo. The rules may contain mixed sudoUser specification so we have to check not only for netgroup membership but also for user and group matches. ----------------------------------------- Patch: SUSE-2020-1307 Released: Mon May 18 09:55:59 2020 Summary: Recommended update for pam-config Severity: moderate References: 1114835 Description: This update for pam-config fixes the following issue: - Provide the missing 'reject_username' option for PAM passwords. (bsc#1114835) This option will check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected. ----------------------------------------- Patch: SUSE-2020-1499 Released: Thu May 28 16:49:13 2020 Summary: Security update for python Severity: moderate References: 1155094,1162825,CVE-2019-18348,CVE-2019-9674 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). ----------------------------------------- Patch: SUSE-2020-1500 Released: Thu May 28 16:49:25 2020 Summary: Security update for facter Severity: moderate References: 917383,CVE-2015-1426 Description: This update for facter fixes the following issues: - CVE-2015-1426: Prevent the EC2 metadata fact from collecting security credentials (bsc#917383). ----------------------------------------- Patch: SUSE-2020-1522 Released: Wed Jun 3 08:34:32 2020 Summary: Security update for w3m Severity: moderate References: 1077559,1077568,1077572,CVE-2018-6196,CVE-2018-6197,CVE-2018-6198 Description: This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) ----------------------------------------- Patch: SUSE-2020-1537 Released: Thu Jun 4 12:58:38 2020 Summary: Security update for vim Severity: moderate References: 1172225,CVE-2019-20807 Description: This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). ----------------------------------------- Patch: SUSE-2020-1588 Released: Tue Jun 9 19:11:19 2020 Summary: Security update for the Linux Kernel Severity: important References: 1154290,1154824,1164871,1170056,1171195,1171202,1171218,CVE-2020-0543,CVE-2020-10690,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). The following non-security bugs were fixed: - nfsd4: clean up open owners on OPEN failure (bsc#1154290). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). ----------------------------------------- Patch: SUSE-2020-1617 Released: Fri Jun 12 10:52:10 2020 Summary: Recommended update for puppet Severity: moderate References: 1171711 Description: This update for puppet fixes the following issues: - Add tags to the config files so that user defined configuration files are not overwritten during package updates. (bsc#1171711) ----------------------------------------- Patch: SUSE-2020-1697 Released: Fri Jun 19 16:11:06 2020 Summary: Security update for bind Severity: important References: 1033843,1092283,1109160,1171740,1172220,1172680,CVE-2018-5741,CVE-2020-8616,CVE-2020-8617 Description: This update for bind fixes the following issues: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - Removed rndc.key generation from bind.spec file (bsc#1092283, bsc#1033843) bind should create the key on first boot or if it went missing. ----------------------------------------- Patch: SUSE-2020-1736 Released: Wed Jun 24 09:45:02 2020 Summary: Security update for curl Severity: important References: 1173027,CVE-2020-8177 Description: This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------- Patch: SUSE-2020-1739 Released: Wed Jun 24 10:24:06 2020 Summary: Recommended update for openssl-certs Severity: moderate References: 1172808 Description: This update for openssl-certs fixes the following issues: - Removed the expired addtrust ca, also one dutch CA. This avoids issues with sites still having AddTrust in their returned CA stack to cause certificate validation troubles with openssl. (bsc#1172808) ----------------------------------------- Patch: SUSE-2020-1744 Released: Thu Jun 25 08:51:48 2020 Summary: Security update for jpeg Severity: moderate References: 1172491,1172995,CVE-2020-13790,CVE-2020-14152 Description: This update for jpeg fixes the following issues: - CVE-2020-14152: Fixed an improper implementation which vould have potentially exhausted the memory (bsc#1172995). - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). ----------------------------------------- Patch: SUSE-2020-1746 Released: Thu Jun 25 14:46:14 2020 Summary: Recommended update for curl Severity: low References: Description: This update for curl rebuilds curl, especially ia64 was not working. ----------------------------------------- Patch: SUSE-2020-1799 Released: Tue Jun 30 11:29:54 2020 Summary: Security update for mutt Severity: important References: 1172906,1172935,1173197,CVE-2020-14093,CVE-2020-14154,CVE-2020-14954 Description: This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). ----------------------------------------- Patch: SUSE-2020-1817 Released: Wed Jul 1 16:18:35 2020 Summary: Security update for ntp Severity: moderate References: 1169740,1171355,1172651,1173334,CVE-2018-8956,CVE-2020-11868,CVE-2020-13817,CVE-2020-15025 Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). ----------------------------------------- Patch: SUSE-2020-1854 Released: Mon Jul 6 17:04:22 2020 Summary: Security update for openldap2 Severity: important References: 1172698,CVE-2020-8023 Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). ----------------------------------------- Patch: SUSE-2020-2010 Released: Wed Jul 22 17:28:09 2020 Summary: Security update for libxml2 Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). ----------------------------------------- Patch: SUSE-2020-2031 Released: Thu Jul 23 14:38:59 2020 Summary: Security update for samba Severity: moderate References: 1173160,CVE-2020-10745 Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). ----------------------------------------- Patch: SUSE-2020-2108 Released: Mon Aug 3 16:46:25 2020 Summary: Security update for the Linux Kernel Severity: important References: 1159912,1159913,1162002,1171218,1171219,1171220,1172775,1172999,1173265,1174462,1174543,CVE-2019-5108,CVE-2020-0305,CVE-2020-10732,CVE-2020-10769,CVE-2020-10773,CVE-2020-12652,CVE-2020-12656,CVE-2020-13974,CVE-2020-14416 Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-12652: The __mptctl_ioctl function in drivers/message/fusion/mptctl.c allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a 'double fetch' vulnerability (bnc#1171218). - CVE-2019-5108: Fixed a denial-of-service vulnerability in the wifi stack. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). The following non-security bugs were fixed: - Fix gcc-discovered error in zeroing a struct (bnc#680814) ----------------------------------------- Patch: SUSE-2020-2129 Released: Wed Aug 5 10:39:03 2020 Summary: Security update for xorg-x11-libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) ----------------------------------------- Patch: SUSE-2020-2195 Released: Tue Aug 11 13:29:31 2020 Summary: Security update for xorg-x11-libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). ----------------------------------------- Patch: SUSE-2020-2260 Released: Tue Aug 18 09:52:05 2020 Summary: Security update for python-azure-agent Severity: moderate References: 1061584,1074865,1087764,1092831,1094420,1119542,1127838,1167601,1167602,1173866,1175130,997614,CVE-2019-0804 Description: This update for python-azure-agent fixes the following issues: + Properly set the dhcp configuration to push the hostname to the DHCP server (bsc#1173866) + Do not bring the interface down to push the hostname, just use ifup + Set the hostname using hostnamectl to ensure setting is properly applied (bsc#1167601, bsc#1167602) Update to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields ----------------------------------------- Version 0.2.19-Build1.26 2020-08-27T07:55:01 ----------------------------------------- Patch: SUSE-2020-2336 Released: Wed Aug 26 11:51:33 2020 Summary: Recommended update for kdump Severity: moderate References: 1108170,1108823,1133407 Description: This update for kdump fixes the following issues: - Add udev event support for *fadump*. (bsc#1108170, bsc#1108823) - Add required dependencies for *fadump* udev support. - Re-register *FADUMP* from userspace if the kernel cannot do it. (bsc#1108823) - Do not reload on CPU hot removal. (bsc#1133407) ----------------------------------------- Patch: SUSE-2020-2345 Released: Wed Aug 26 17:02:20 2020 Summary: Security update for avahi Severity: moderate References: 1085255 Description: This update for avahi fixes the following issues: - increase data and stack limits to fix remote denial of service (bsc#1085255). ----------------------------------------- Version 0.2.19-Build1.27 2020-08-28T07:55:17 ----------------------------------------- Patch: SUSE-2020-2356 Released: Thu Aug 27 18:26:35 2020 Summary: Security update for python Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). ----------------------------------------- Version 0.2.19-Build2.4 2020-09-03T07:54:19 ----------------------------------------- Patch: SUSE-2020-2454 Released: Wed Sep 2 14:00:06 2020 Summary: Security update for curl Severity: moderate References: 1175109,CVE-2020-8231 Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------- Version 0.2.19-Build2.5 2020-09-04T07:54:17 ----------------------------------------- Patch: SUSE-2020-2483 Released: Thu Sep 3 17:06:38 2020 Summary: Recommended update for openssl-certs Severity: moderate References: 1174673 Description: This update for openssl-certs fixes the following issues: - update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 ----------------------------------------- Version 0.2.19-Build2.7 2020-09-08T07:53:43 ----------------------------------------- Patch: SUSE-2020-2564 Released: Tue Sep 8 10:18:26 2020 Summary: Security update for libxslt Severity: moderate References: 1140095,1140101,1154609,CVE-2019-11068,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 Description: This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------- Version 0.2.19-Build2.10 2020-09-19T07:57:53 ----------------------------------------- Patch: SUSE-2020-2635 Released: Tue Sep 15 11:19:29 2020 Summary: Security update for openssl Severity: important References: 1176331,CVE-2020-1968 Description: This update for openssl fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). ----------------------------------------- Patch: SUSE-2020-2637 Released: Tue Sep 15 14:41:17 2020 Summary: Security update for xorg-x11-libX11 Severity: moderate References: 1175239,CVE-2020-14363 Description: This update for xorg-x11-libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). ----------------------------------------- Patch: SUSE-2020-2679 Released: Fri Sep 18 10:50:41 2020 Summary: Security update for libxml2 Severity: moderate References: 1176179,CVE-2020-24977 Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------- Version 0.2.19-Build2.12 2020-09-23T08:17:55 ----------------------------------------- Patch: SUSE-2020-2688 Released: Mon Sep 21 10:55:11 2020 Summary: Security update for less Severity: moderate References: 921719,CVE-2014-9488 Description: This update for less fixes the following issues: Security issue fixed: - CVE-2014-9488: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access (bsc#921719). ----------------------------------------- Version 0.2.19-Build2.13 2020-09-24T07:55:19 ----------------------------------------- Patch: SUSE-2020-2725 Released: Wed Sep 23 15:59:16 2020 Summary: Security update for libcdio Severity: low References: 1082821,CVE-2017-18199 Description: This update for libcdio and libcdio-mini fixes the following issues: Security issue fixed: - CVE-2017-18199: Fixed a NULL Pointer Dereference in realloc_symlink which could allow remote attackers to cause Denial of Service (bsc#1082821). ----------------------------------------- Version 0.2.19-Build2.16 2020-09-29T07:55:30 ----------------------------------------- Patch: SUSE-2020-2752 Released: Fri Sep 25 17:30:54 2020 Summary: Security update for pixman Severity: moderate References: 968090,CVE-2014-9766 Description: This update for pixman fixes the following issues: Security issue fixed: - CVE-2014-9766: Fixed an integer overflow in create_bits() (bsc#968090). ----------------------------------------- Patch: SUSE-2020-2762 Released: Mon Sep 28 09:25:01 2020 Summary: Security update for libnl Severity: moderate References: 1020123,CVE-2017-0386 Description: This update for libnl fixes the following issues: Security issue fixed: - CVE-2017-0386: Fixed a privilege escalation vulnerability which allowed a local user to execute code within a privileged process (bsc#1020123). ----------------------------------------- Version 0.2.19-Build2.19 2020-10-15T07:59:02 ----------------------------------------- Patch: SUSE-2020-2922 Released: Wed Oct 14 14:30:51 2020 Summary: Security update for libpng12-0 Severity: moderate References: 1141493,CVE-2017-12652 Description: This update for libpng12-0 fixes the following issues: Security issue fixed: - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). ----------------------------------------- Patch: SUSE-2020-2925 Released: Wed Oct 14 14:31:52 2020 Summary: Security update for libsoup Severity: moderate References: 1100097,CVE-2018-12910 Description: This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fixed a denial of service which was caused handling empty hostnames in get_cookies() (bsc#1100097). ----------------------------------------- Version 0.2.19-Build2.22 2020-10-29T07:59:05 ----------------------------------------- Patch: SUSE-2020-3044 Released: Tue Oct 27 14:34:08 2020 Summary: Security update for libmspack Severity: low References: 1141680,CVE-2019-1010305 Description: This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). ----------------------------------------- Version 0.2.19-Build2.23 2020-10-31T08:00:06 ----------------------------------------- Patch: SUSE-2020-3111 Released: Fri Oct 30 13:50:55 2020 Summary: Security update for samba Severity: important References: 1173902,1173994,CVE-2020-14318,CVE-2020-14323 Description: This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). ----------------------------------------- Version 0.2.19-Build2.26 2020-11-06T08:01:01 ----------------------------------------- Patch: SUSE-2020-3124 Released: Tue Nov 3 10:13:03 2020 Summary: Security update for SDL Severity: moderate References: 1141844,CVE-2019-13616 Description: This update for SDL fixes the following issues: Secuirty issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). ----------------------------------------- Patch: SUSE-2020-3144 Released: Tue Nov 3 17:40:09 2020 Summary: Recommended update for openssl-certs Severity: moderate References: 1177864 Description: This update for openssl-certs fixes the following issues: The SSL Root CA store is updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------- Patch: SUSE-2020-3154 Released: Wed Nov 4 11:07:44 2020 Summary: Security update for opensc Severity: low References: 1122756,CVE-2019-6502 Description: This update for opensc fixes the following issues: Security issue fixed: - CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756). ----------------------------------------- Version 0.2.19-Build2.28 2020-11-12T08:01:14 ----------------------------------------- Patch: SUSE-2020-3293 Released: Wed Nov 11 12:28:11 2020 Summary: Security update for openldap2 Severity: important References: 1178387,CVE-2020-25692 Description: This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------- Version 0.2.19-Build2.30 2020-11-18T08:00:50 ----------------------------------------- Patch: SUSE-2020-3362 Released: Tue Nov 17 14:59:08 2020 Summary: Security update for tcpdump Severity: moderate References: 1178466,CVE-2020-8037 Description: This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). ----------------------------------------- Version 0.2.19-Build2.32 2020-11-27T07:58:43 ----------------------------------------- Patch: SUSE-2020-3531 Released: Thu Nov 26 12:48:41 2020 Summary: Security update for python Severity: important References: 1177211,CVE-2020-26116 Description: This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. ----------------------------------------- Version 0.2.19-Build2.33 2020-12-02T07:57:54 ----------------------------------------- Patch: SUSE-2020-3567 Released: Mon Nov 30 16:57:33 2020 Summary: Security update for mutt Severity: important References: 1179035,1179113,CVE-2020-28896 Description: This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) ----------------------------------------- Version 0.2.19-Build2.35 2020-12-09T07:41:14 ----------------------------------------- Patch: SUSE-2020-3712 Released: Tue Dec 8 16:40:42 2020 Summary: Recommended update for wodim Severity: moderate References: 1178692 Description: This update for wodim fixes the following issues: - Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692) ----------------------------------------- Version 0.2.19-Build2.37 2020-12-16T07:40:20 ----------------------------------------- Patch: SUSE-2020-3806 Released: Tue Dec 15 13:43:01 2020 Summary: Recommended update for bash Severity: moderate References: 1178857 Description: This update for bash fixes the following issue: - release number of bash package is now higher than the SLES 11 SP1, SP2 and SP3 bash packages. ----------------------------------------- Version 0.2.19-Build2.38 2020-12-18T07:39:52 ----------------------------------------- Patch: SUSE-2020-3871 Released: Thu Dec 17 18:22:36 2020 Summary: Security update for cyrus-sasl Severity: important References: 1159635,CVE-2019-19906 Description: This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------- Version 0.2.19-Build2.40 2020-12-22T07:41:40 ----------------------------------------- Patch: SUSE-2020-3893 Released: Mon Dec 21 10:57:24 2020 Summary: Security update for curl Severity: moderate References: 1179398,1179399,CVE-2020-8284,CVE-2020-8285 Description: This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicious FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). ----------------------------------------- Version 0.2.19-Build2.41 2020-12-22T14:55:46 ----------------------------------------- Patch: SUSE-2020-3910 Released: Tue Dec 22 10:56:49 2020 Summary: Recommended update for mutt Severity: low References: 1179461 Description: This update for mutt fixes the following issues: - Add a further correction in plaintext for external bodies as well. (bsc#1179461) ----------------------------------------- Version 0.2.19-Build2.46 2021-01-15T11:43:25 ----------------------------------------- Patch: SUSE-2021-132 Released: Thu Jan 14 13:43:48 2021 Summary: Security update for openldap2 Severity: moderate References: 1178909,CVE-2020-25709,CVE-2020-25710 Description: This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). ----------------------------------------- Version 0.2.19-Build2.49 2021-01-23T09:27:52 ----------------------------------------- Patch: SUSE-2021-173 Released: Tue Jan 19 21:17:46 2021 Summary: Recommended update for SuSEfirewall2 Severity: low References: 1077163 Description: This update for SuSEfirewall2 provides the following fix: - Prevent the appearance of bogus error outputs in the log. (bsc#1077163) ----------------------------------------- Patch: SUSE-2021-193 Released: Fri Jan 22 10:37:59 2021 Summary: Security update for mutt Severity: moderate References: 1181221,CVE-2021-3181 Description: This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). ----------------------------------------- Version 0.2.19-Build2.52 2021-02-03T07:40:18 ----------------------------------------- Patch: SUSE-2021-287 Released: Tue Feb 2 13:09:38 2021 Summary: Security update for cups Severity: moderate References: 1180520,CVE-2020-10001 Description: This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520).