Marcus Updateinfo to OVAL Converter5.52017-03-01T04:05:33Security update for roundcubemail (Moderate)openSUSE 13.1
This update for roundcubemail updates roundcubemail to 1.0.9 and fixes the following issues:
- CVE-2015-8864 XSS issue in SVG image handling [boo#976988]
- CVE-2015-2181 Security issue in DBMail driver of password plugin
(Moderate)SUSE bug 976988CVE-2015-2181CVE-2015-8864Security update for Firefox (Moderate)openSUSE 13.1
This update includes Firefox 48.0.1 to fix a few regressions and a security issue:
* Fix an audio regression impacting some major websites
* Fix a top crash in the JavaScript engine
* Fix a startup crash issue caused by Websense
* Fix a different behavior with e10s / non-e10s on select and mouse events
* Fix a top crash caused by plugin issues
* Fix a shutdown issue
* Fix a crash in WebRTC
- added upstream patch so system plugins/extensions are correctly
loaded again on x86-64
- Fix for possible buffer overrun (Moderate)SUSE bug 1264530SUSE bug 1276920SUSE bug 1282843SUSE bug 1290469SUSE bug 1291078SUSE bug 1291738SUSE bug 1292534SUSE bug 1295296SUSE bug 990856SUSE bug 992236CVE-2016-6354Security update for openldap2 (Important)openSUSE 13.1
This update fixes the following security issues:
- CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial
of service (reachable assertion and application crash) via crafted BER data, as
demonstrated by an attack against slapd. (bsc#945582)
- CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766)
It also fixes the following non-security bugs:
- bsc#955210: Unresponsive LDAP host lookups in IPv6 environment
- bsc#904028: Add missing dependency binutils used by %pre.
(Important)SUSE bug 904028SUSE bug 937766SUSE bug 945582SUSE bug 955210CVE-2015-4000CVE-2015-6908security update for phpMyAdmin (Moderate)openSUSE 13.1
This phpMyAdmin update to version 4.4.15.8 fixes the following issues:
Security issues fixed:
* Improve session cookie code for openid.php and signon.php example
files
* Full path disclosure in openid.php and signon.php example files
* Unsafe generation of BlowfishSecret (when not supplied by the user)
* Referrer leak when phpinfo is enabled
* Use HTTPS for wiki links
* Improve SSL certificate handling
* Fix full path disclosure in debugging code
* Administrators could trigger SQL injection attack against users
* Weaknesses with cookie encryption
see PMASA-2016-29 (CVE-2016-6606, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-30 (CVE-2016-6607, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-31 (CVE-2016-6608, CWE-661)
* PHP code injection
see PMASA-2016-32 (CVE-2016-6609, CWE-661)
* Full path disclosure
see PMASA-2016-33 (CVE-2016-6610, CWE-661)
* SQL injection attack
see PMASA-2016-34 (CVE-2016-6611, CWE-661)
* Local file exposure through LOAD DATA LOCAL INFILE
see PMASA-2016-35 (CVE-2016-6612, CWE-661)
* Local file exposure through symlinks with UploadDir
see PMASA-2016-36 (CVE-2016-6613, CWE-661)
* Path traversal with SaveDir and UploadDir
see PMASA-2016-37 (CVE-2016-6614, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-38 (CVE-2016-6615, CWE-661)
* SQL injection vulnerability as control user
see PMASA-2016-39 (CVE-2016-6616, CWE-661)
* SQL injection vulnerability
see PMASA-2016-40 (CVE-2016-6617, CWE-661)
* Denial-of-service attack through transformation feature
see PMASA-2016-41 (CVE-2016-6618, CWE-661)
* SQL injection vulnerability as control user
see PMASA-2016-42 (CVE-2016-6619, CWE-661)
* Verify data before unserializing
see PMASA-2016-43 (CVE-2016-6620, CWE-661)
* SSRF in setup script
see PMASA-2016-44 (CVE-2016-6621, CWE-661)
* Denial-of-service attack with
$cfg['AllowArbitraryServer'] = true and persistent connections
see PMASA-2016-45 (CVE-2016-6622, CWE-661)
* Denial-of-service attack by using for loops
see PMASA-2016-46 (CVE-2016-6623, CWE-661)
* Possible circumvention of IP-based allow/deny rules with IPv6 and
proxy server
see PMASA-2016-47 (CVE-2016-6624, CWE-661)
* Detect if user is logged in
see PMASA-2016-48 (CVE-2016-6625, CWE-661)
* Bypass URL redirection protection
see PMASA-2016-49 (CVE-2016-6626, CWE-661)
* Referrer leak
see PMASA-2016-50 (CVE-2016-6627, CWE-661)
* Reflected File Download
see PMASA-2016-51 (CVE-2016-6628, CWE-661)
* ArbitraryServerRegexp bypass
see PMASA-2016-52 (CVE-2016-6629, CWE-661)
* Denial-of-service attack by entering long password
see PMASA-2016-53 (CVE-2016-6630, CWE-661)
* Remote code execution vulnerability when running as CGI
see PMASA-2016-54 (CVE-2016-6631, CWE-661)
* Denial-of-service attack when PHP uses dbase extension
see PMASA-2016-55 (CVE-2016-6632, CWE-661)
* Remove tode execution vulnerability when PHP uses dbase extension
see PMASA-2016-56 (CVE-2016-6633, CWE-661)
(Moderate)SUSE bug 994313CVE-2016-6606CVE-2016-6607CVE-2016-6608CVE-2016-6609CVE-2016-6610CVE-2016-6611CVE-2016-6612CVE-2016-6613CVE-2016-6614CVE-2016-6615CVE-2016-6616CVE-2016-6617CVE-2016-6618CVE-2016-6619CVE-2016-6620CVE-2016-6621CVE-2016-6622CVE-2016-6623CVE-2016-6624CVE-2016-6625CVE-2016-6626CVE-2016-6627CVE-2016-6628CVE-2016-6629CVE-2016-6630CVE-2016-6631CVE-2016-6632CVE-2016-6633Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 48.0.2564.82 to fix security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2016-1612: Bad cast in V8 (boo#963184)
- CVE-2016-1613: Use-after-free in PDFium (boo#963185)
- CVE-2016-1614: Information leak in Blink (boo#963186)
- CVE-2016-1615: Origin confusion in Omnibox (boo#963187)
- CVE-2016-1616: URL Spoofing (boo#963188)
- CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)
- CVE-2016-1618: Weak random number generator in Blink (boo#963190)
- CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)
- CVE-2016-1620 chromium-browser: various fixes (boo#963192)
This update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension. (Important)SUSE bug 963184SUSE bug 963185SUSE bug 963186SUSE bug 963187SUSE bug 963188SUSE bug 963189SUSE bug 963190SUSE bug 963191SUSE bug 963192CVE-2016-1612CVE-2016-1613CVE-2016-1614CVE-2016-1615CVE-2016-1616CVE-2016-1617CVE-2016-1618CVE-2016-1619CVE-2016-1620Security update for Java7 (Important)openSUSE 13.1
Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes:
* Security fixes
- S8059054, CVE-2016-0402: Better URL processing
- S8130710, CVE-2016-0448: Better attributes processing
- S8132210: Reinforce JMX collector internals
- S8132988: Better printing dialogues
- S8133962, CVE-2016-0466: More general limits
- S8137060: JMX memory management improvements
- S8139012: Better font substitutions
- S8139017, CVE-2016-0483: More stable image decoding
- S8140543, CVE-2016-0494: Arrange font actions
- S8143185: Cleanup for handling proxies
- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen
displays
- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
- S8142882, CVE-2015-4871: rebinding of the receiver of a
DirectMethodHandle may allow a protected method to be accessed
* Import of OpenJDK 7 u95 build 0
- S7167988: PKIX CertPathBuilder in reverse mode doesn't work if
more than one trust anchor is specified
- S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java
failed with SocketTimeoutException
- S8074068: Cleanup in src/share/classes/sun/security/x509/
- S8075773: jps running as root fails after the fix of JDK-8050807
- S8081297: SSL Problem with Tomcat
- S8131181: Increment minor version of HSx for 7u95 and
initialize the build number
- S8132082: Let OracleUcrypto accept RSAPrivateKey
- S8134605: Partial rework of the fix for 8081297
- S8134861: XSLT: Extension func call cause exception if
namespace URI contains partial package name
- S8135307: CompletionFailure thrown when calling FieldDoc.type,
if the field's type is missing
- S8138716: (tz) Support tzdata2015g
- S8140244: Port fix of JDK-8075773 to MacOSX
- S8141213: [Parfait]Potentially blocking function
GetArrayLength called in JNI critical region at line 239 of
jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in
function GET_ARRAYS
- S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
- S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
8u71 failure
- S8143132: L10n resource file translation update
- S8144955: Wrong changes were pushed with 8143942
- S8145551: Test failed with Crash for Improved font lookups
- S8147466: Add -fno-strict-overflow to
IndicRearrangementProcessor{,2}.cpp
* Backports
- S8140244: Port fix of JDK-8075773 to AIX
- S8133196, PR2712, RH1251935: HTTPS hostname invalid issue with
InetAddress
- S8140620, PR2710: Find and load default.sf2 as the default
soundbank on Linux (Important)SUSE bug 939523SUSE bug 962743CVE-2015-4871CVE-2015-7575CVE-2015-8126CVE-2015-8472CVE-2016-0402CVE-2016-0448CVE-2016-0466CVE-2016-0483CVE-2016-0494Security update for Thunderbird (Moderate)openSUSE 13.1
- update to Thunderbird 45.3.0 (boo#991809)
* Disposition-Notification-To could not be used in
mail.compose.other.header
* "edit as new message" on a received message pre-filled the sender as
the composing identity.
* Certain messages caused corruption of the drafts summary database.
security fixes:
* MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety hazards
* MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection
can persist when page is closed
* MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG
with bidirectional content
* MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to
memory allocation issue with FFmpeg 0.10
* MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D
graphics rendering
* MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt
key and toplevel menus
* MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during
WebRTC session shutdown
* MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service
workers with nested sync events
* MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can
execute in sandboxed iframes
* MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey
Content Decryption Module (CDM) during video playback
* MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display
transformation
* MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying
SVG effects
* MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation
using local HTML file and saved shortcut file
- Fix for possible buffer overrun (boo#990856) CVE-2016-6354 (bmo#1292534)
[mozilla-flex_buffer_overrun.patch]
- add a screenshot to appdata.xml (Moderate)SUSE bug 1255270SUSE bug 1266963SUSE bug 1268854SUSE bug 1274637SUSE bug 1275339SUSE bug 1276897SUSE bug 1277475SUSE bug 1278013SUSE bug 1279146SUSE bug 1279814SUSE bug 1282992SUSE bug 1286183SUSE bug 1292534SUSE bug 990856SUSE bug 991809CVE-2016-2830CVE-2016-2836CVE-2016-2837CVE-2016-2838CVE-2016-2839CVE-2016-5252CVE-2016-5254CVE-2016-5258CVE-2016-5259CVE-2016-5262CVE-2016-5263CVE-2016-5264CVE-2016-5265CVE-2016-6354security update for tiff (Moderate)openSUSE 13.1
This update for tiff fixes the following issues:
* CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for
invalid images (bsc#964225)
* CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).
* CVE-2016-5875: heap-based buffer overflow when using the PixarLog
compressionformat (bsc#987351)
* CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in
tif_pixarlog.c (bsc#984837)
* CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function
(bsc#984831)
* CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in
libtiff.so (bsc#984842)
* CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in
tif_pixarlog.c (bsc#984808) (Moderate)SUSE bug 974614SUSE bug 974618SUSE bug 975069SUSE bug 975070SUSE bug 984808SUSE bug 984831SUSE bug 984837SUSE bug 984842SUSE bug 987351CVE-2016-3623CVE-2016-3945CVE-2016-3990CVE-2016-3991CVE-2016-5314CVE-2016-5316CVE-2016-5317CVE-2016-5320CVE-2016-5875Recommended update for flash-player (Important)openSUSE 13.1 NonFree
This update for flash-player fixes the following security issues (APSB16-29, boo#998589):
* integer overflow vulnerability that could lead to code execution (CVE-2016-4287).
* use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)
* security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278)
* memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)
The package description was update to reflex that the stand-alone Flash is no longer provided on x86_64 architectures (boo#977664). (Important)SUSE bug 977664SUSE bug 998589CVE-2016-4182CVE-2016-4237CVE-2016-4238CVE-2016-4271CVE-2016-4272CVE-2016-4274CVE-2016-4275CVE-2016-4276CVE-2016-4277CVE-2016-4278CVE-2016-4279CVE-2016-4280CVE-2016-4281CVE-2016-4282CVE-2016-4283CVE-2016-4284CVE-2016-4285CVE-2016-4287CVE-2016-6921CVE-2016-6922CVE-2016-6923CVE-2016-6924CVE-2016-6925CVE-2016-6926CVE-2016-6927CVE-2016-6929CVE-2016-6930CVE-2016-6931CVE-2016-6932Security update for MozillaFirefox, mozilla-nss (Important)openSUSE 13.1
MozillaFirefox was updated to version 49.0 (boo#999701)
- New features
* Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP
logins.
* Added features to Reader Mode that make it easier on the eyes and the
ears
* Improved video performance for users on systems that support SSE3
without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users
loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage
- Security related fixes
* MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -
Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad
cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276
(bmo#1287721) - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274
(bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in
nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -
global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278
(bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
CVE-2016-5279 (bmo#1249522) - Full local path of files is available to
web pages after drag and drop CVE-2016-5280 (bmo#1289970) -
Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - <iframe src>
fragment timing attack can reveal cross-origin data CVE-2016-5284
(bmo#1303127) - Add-on update site certificate pin expiration
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -
Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- requires NSS 3.25
- Mozilla Firefox 48.0.2:
* Mitigate a startup crash issue caused on Windows (bmo#1291738)
mozilla-nss was updated to NSS 3.25. New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2,
NSS only supported certificate_verify messages that used the same
signature hash algorithm as used by the PRF. This limitation has been
removed.
* Several functions have been added to the public API of the NSS
Cryptoki Framework. New functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle Notable changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and
SSLv3
* Regression fix: NSS no longer reports a failure if an application
attempts to disable the SSLv2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed Sonera Class1 CA
* The following CA certificates were Added Hellenic Academic and
Research Institutions RootCA 2015 Hellenic Academic and Research
Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2
OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 (Important)SUSE bug 1249522SUSE bug 1280387SUSE bug 1282076SUSE bug 1284690SUSE bug 1287316SUSE bug 1287721SUSE bug 1288946SUSE bug 1289085SUSE bug 1289970SUSE bug 1291016SUSE bug 1291665SUSE bug 1291738SUSE bug 1294677SUSE bug 1297934SUSE bug 1303127SUSE bug 1304114SUSE bug 1304783SUSE bug 928187SUSE bug 932335SUSE bug 999701CVE-2016-2827CVE-2016-5256CVE-2016-5257CVE-2016-5270CVE-2016-5271CVE-2016-5272CVE-2016-5273CVE-2016-5274CVE-2016-5275CVE-2016-5276CVE-2016-5277CVE-2016-5278CVE-2016-5279CVE-2016-5280CVE-2016-5281CVE-2016-5282CVE-2016-5283CVE-2016-5284Security update for flash-player (Moderate)openSUSE 13.1 NonFree
This update for flash-player fixes the following security issues:
- CVE-2016-4273: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-4286: Unspecified security bypass vulnerability
- CVE-2016-6981: Unspecified use-after-free vulnerability that could lead to code execution
- CVE-2016-6982: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6983: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6984: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6985: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6986: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6987: Unspecified use-after-free vulnerability that could lead to code execution
- CVE-2016-6989: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6990: Unspecified memory corruption vulnerability that could lead to code execution
- CVE-2016-6992: Unspecified type confusion vulnerability that could lead to code execution
The EULA was updated to version 23.0 (boo#1003993).
(Moderate)SUSE bug 1003993SUSE bug 1004019CVE-2016-4273CVE-2016-4286CVE-2016-6981CVE-2016-6982CVE-2016-6983CVE-2016-6984CVE-2016-6985CVE-2016-6986CVE-2016-6987CVE-2016-6989CVE-2016-6990CVE-2016-6992Security update for MozillaThunderbird (Moderate)openSUSE 13.1
This update for Mozilla Thunderbird to version 45.4.0 fixes the following
issues:
- When using Thunderbird in a browser like context, for rendering HTML
e-mail or feeds, it may be affected by vulnerabilities also fixed in
Firefox ESR 45.4. (MFSA 2016-86, boo#999701)
The following bugs were fixed in this release:
- Display name was truncated if no separating space before email address
- Recipient addresses were shown in wrong color in some circumstances
- Additional spaces were inserted when drafts were edited.
- Mail saved as template copied In-Reply-To and References from original
email.
- Threading broken when editing message draft, due to loss of Message-ID
- "Apply columns to..." did not honor special folders
(Moderate)SUSE bug 999701Security update for tiff (Moderate)openSUSE 13.1
This update for tiff fixes the following security issue:
- CVE 2016-3622 (Moderate)SUSE bug 974449CVE-2016-3622Security update for flash-player (Important)openSUSE 13.1 NonFree
This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability:
- CVE-2016-7855: use-after-free vulnerability (APSB16-36, boo#1007098)
(Important)SUSE bug 1007098CVE-2016-7855Security update for ecryptfs-utils (Moderate)openSUSE 13.1
This update for ecryptfs-utils fixes the following issues:
- CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052)
(Moderate)SUSE bug 962052CVE-2016-1572Security update for dbus-1 (Moderate)openSUSE 13.1
This update for dbus-1 to version 1.8.22 fixes several issues.
This security issue was fixed:
- boo#1003898: Do not treat ActivationFailure message received from
root-owned systemd name as a format string.
These non-security issues were fixed:
- boo#978477: Correctly reset timeouts for pending file descriptors
- boo#980928: increase listen() backlog of AF_UNIX sockets to SOMAXCONN
- Change the default configuration for the session bus to only allow
EXTERNAL authentication (secure kernel-mediated credentials-passing), as
was already done for the system bus.
- Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008)
- Ensure that dbus-monitor does not reply to messages intended for others
(fdo#90952)
- Add locking to DBusCounter's reference count and notify function
(fdo#89297)
- Ensure that DBusTransport's reference count is protected by the
corresponding DBusConnection's lock (fdo#90312)
- Correctly release DBusServer mutex before early-return if we run out of
memory while copying authentication mechanisms (fdo#90021)
- Correctly initialize all fields of DBusTypeReader (fdo#90021)
- Fix some missing \n in verbose (debug log) messages (fdo#90004)
- Clean up some memory leaks in test code (fdo#90021) (Moderate)SUSE bug 1003898SUSE bug 87999SUSE bug 89297SUSE bug 90004SUSE bug 90021SUSE bug 90312SUSE bug 90952SUSE bug 91008SUSE bug 978477SUSE bug 980928SUSE bug 98157CVE-2015-0245Security update for jasper (Moderate)openSUSE 13.1
This update for jasper to version 1.900.14 fixes several issues.
These security issues were fixed:
- CVE-2008-3522: Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer might have allowed
context-dependent attackers to have an unknown impact via vectors
related to the mif_hdr_put function and use of vsprintf (bsc#392410)
- CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation
(bsc#941919).
- CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200
(bsc#942553).
- CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy
function in JasPer allowed remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a crafted ICC color
profile in a JPEG 2000 image file, a different vulnerability than
CVE-2014-8137 (bsc#968373).
- CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in
JasPer allowed remote attackers to cause a denial of service (memory
consumption) via a crafted ICC color profile in a JPEG 2000 image file
(bsc#968373)
- CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by
crafted BMP image (bsc#1005084).
- CVE-2016-8691, CVE-2016-8692: Missing range check on XRsiz and YRsiz
fields of SIZ marker segment (bsc#1005090).
- CVE-2016-8693: The memory stream interface allowed for a buffer size of
zero. The case of a zero-sized buffer was not handled correctly, as it
could lead to a double free (bsc#1005242).
- CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591).
- CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593).
- CVE-2016-8882: Null pointer access in jpc_pi_destroy (bsc#1006597).
- CVE-2016-8883: Assert triggered in jpc_dec_tiledecode() (bsc#1006598).
- CVE-2016-8886: Memory allocation failure in jas_malloc (jas_malloc.c)
(bsc#1006599).
For additional change description please have a look at the changelog. (Moderate)SUSE bug 1005084SUSE bug 1005090SUSE bug 1005242SUSE bug 1006591SUSE bug 1006593SUSE bug 1006597SUSE bug 1006598SUSE bug 1006599SUSE bug 1006836SUSE bug 1006839SUSE bug 1007009SUSE bug 941919CVE-2008-3522CVE-2011-4516CVE-2011-4517CVE-2014-8137CVE-2014-8138CVE-2014-8157CVE-2014-8158CVE-2014-9029CVE-2015-5203CVE-2015-5221CVE-2016-1577CVE-2016-1867CVE-2016-2089CVE-2016-2116CVE-2016-8690CVE-2016-8691CVE-2016-8692CVE-2016-8693CVE-2016-8880CVE-2016-8881CVE-2016-8882CVE-2016-8883CVE-2016-8884CVE-2016-8885CVE-2016-8886CVE-2016-8887Security update for Mozilla Firefox (Important)openSUSE 13.1
Mozilla Firefox was updated to 49.0.2 to fix two security issues and some bugs.
The following vulnerabilities were fixed:
* CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
* CVE-2016-5288: Web content can read cache entries (bsc#1006476)
The following changes and fixes are included:
* Asynchronous rendering of the Flash plugins is now enabled by default
* Change D3D9 default fallback preference to prevent graphical artifacts
* Network issue prevents some users from seeing the Firefox UI on startup
* Web compatibility issue with file uploads
* Web compatibility issue with Array.prototype.values
* Diagnostic information on timing for tab switching
* Fix a Canvas filters graphics issue affecting HTML5 apps (Important)SUSE bug 1006475SUSE bug 1006476CVE-2016-5287CVE-2016-5288Security update for flash-player (Important)openSUSE 13.1 NonFree
This update to Adobe Flash Player 11.2.202.644 fixes the following security issues:
- type confusion vulnerabilities that could lead to code execution
(CVE-2016-7860, CVE-2016-7861, CVE-2016-7865)
- use-after-free vulnerabilities that could lead to code execution
(CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864)
(Important)SUSE bug 1009217CVE-2016-7857CVE-2016-7858CVE-2016-7859CVE-2016-7860CVE-2016-7861CVE-2016-7862CVE-2016-7863CVE-2016-7864CVE-2016-7865Security update for Seamonkey (Moderate)openSUSE 13.1
This update for Seamonkey fixes the following issues:
- update to Seamonkey 2.40 (bnc#959277)
* requires NSS 3.20.2 to fix
MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
server signature
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400) (Moderate)SUSE bug 1158489SUSE bug 1160890SUSE bug 1178033SUSE bug 1185256SUSE bug 1191423SUSE bug 1194818SUSE bug 1194820SUSE bug 1197059SUSE bug 1199400SUSE bug 1201183SUSE bug 1203078SUSE bug 1206211SUSE bug 1216130SUSE bug 1216748SUSE bug 1218326SUSE bug 1220493SUSE bug 1221444SUSE bug 1222809SUSE bug 1226423SUSE bug 1228950SUSE bug 959277CVE-2015-7201CVE-2015-7202CVE-2015-7203CVE-2015-7204CVE-2015-7205CVE-2015-7207CVE-2015-7208CVE-2015-7210CVE-2015-7211CVE-2015-7212CVE-2015-7213CVE-2015-7214CVE-2015-7215CVE-2015-7216CVE-2015-7217CVE-2015-7218CVE-2015-7219CVE-2015-7220CVE-2015-7221CVE-2015-7222CVE-2015-7223CVE-2015-7575Security update for Mozilla Firefox (Important)openSUSE 13.1
This update fixes the following security related issues by updating packages to a more recent version:
Update of NSPR to 4.11
Update of NSS to 3.21
Update of Firefox to 44.0
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931
Miscellaneous memory safety hazards
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761)
Out of Memory crash when parsing GIF format images
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
Buffer overflow in WebGL after out of memory allocation
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)
Firefox allows for control characters to be set in cookie names
* MFSA 2016-06/CVE-2016-1937 (bmo#724353)
Missing delay following user click events in protocol handler dialog
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248)
Errors in mp_div and mp_exptmod cryptographic functions in NSS
(fixed by requiring NSS 3.21)
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
Addressbar spoofing attacks
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
(bmo#1186621, bmo#1214782, bmo#1232096)
Unsafe memory manipulation found through code inspection
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103)
Application Reputation service disabled in Firefox 43 (Important)Security update for Privoxy (Low)openSUSE 13.1
This update to Privoxy 3.0.24 fixes two minor security issues.
The vulnerabilities should not be exploitable in the binary as compiled in openSUSE.
* CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read (boo#963151)
* CVE-2016-1983: Empty Host headers in client requests could result in invalid reads (boo#963152)
This update also contains general bug fixes and improvements as well as white and blacklist updates. (Low)SUSE bug 963151SUSE bug 963152CVE-2016-1982CVE-2016-1983Security update for java-1_7_0-openjdk (Moderate)openSUSE 13.1
- Update to 2.6.8 - OpenJDK 7u121
* Security fixes
+ S8151921: Improved page resolution
+ S8155968: Update command line options
+ S8155973, CVE-2016-5542: Tighten jar checks (boo#1005522)
+ S8157176: Improved classfile parsing
+ S8157739, CVE-2016-5554: Classloader Consistency Checking
(boo#1005523)
+ S8157749: Improve handling of DNS error replies
+ S8157753: Audio replay enhancement
+ S8157759: LCMS Transform Sampling Enhancement
+ S8157764: Better handling of interpolation plugins
+ S8158302: Handle contextual glyph substitutions
+ S8158993, CVE-2016-5568: Service Menu services (boo#1005525)
+ S8159495: Fix index offsets
+ S8159503: Amend Annotation Actions
+ S8159511: Stack map validation
+ S8159515: Improve indy validation
+ S8159519, CVE-2016-5573: Reformat JDWP messages (boo#1005526)
+ S8160090: Better signature handling in pack200
+ S8160094: Improve pack200 layout
+ S8160098: Clean up color profiles
+ S8160591, CVE-2016-5582: Improve internal array handling
(boo#1005527)
+ S8160838, CVE-2016-5597: Better HTTP service (boo#1005528)
+ PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()
+ CVE-2016-5556 (boo#1005524)
* Import of OpenJDK 7 u121 build 0
+ S6624200: Regression test fails:
test/closed/javax/swing/JMenuItem/4654927/bug4654927.java
+ S6882559: new JEditorPane("text/plain","") fails for null context
class loader
+ S7090158: Networking Libraries don't build with javac -Werror
+ S7125055: ContentHandler.getContent API changed in error
+ S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows
+ S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test
+ S8000626: Implement dead key detection for KeyEvent on Linux
+ S8003890: corelibs test scripts should pass TESTVMOPTS
+ S8005629: javac warnings compiling java.awt.EventDispatchThread and
sun.awt.X11.XIconWindow
+ S8010297: Missing isLoggable() checks in logging code
+ S8010782: clean up source files containing carriage return characters
+ S8014431: cleanup warnings indicated by the -Wunused-value compiler
option on linux
+ S8015265: revise the fix for 8007037
+ S8016747: Replace deprecated PlatformLogger isLoggable(int) with
isLoggable(Level)
+ S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo
+ S8024756: method grouping tabs are not selectable
+ S8026741: jdk8 l10n resource file translation update 5
+ S8048147: Privilege tests with JAAS Subject.doAs
+ S8048357: PKCS basic tests
+ S8049171: Additional tests for jarsigner's warnings
+ S8059177: jdk8u40 l10n resource file translation update 1
+ S8075584: test for 8067364 depends on hardwired text advance
+ S8076486: [TESTBUG]
javax/security/auth/Subject/doAs/NestedActions.java fails if extra
VM options are given
+ S8077953: [TEST_BUG]
com/sun/management/OperatingSystemMXBean/TestTotalSwap.java
Compilation failed after JDK-8077387
+ S8080628: No mnemonics on Open and Save buttons in JFileChooser
+ S8083601: jdk8u60 l10n resource file translation update 2
+ S8140530: Creating a VolatileImage with size 0,0 results in no
longer working g2d.drawString
+ S8142926: OutputAnalyzer's shouldXXX() calls return this
+ S8143134: L10n resource file translation update
+ S8147077: IllegalArgumentException thrown by
api/java_awt/Component/FlipBufferStrategy/indexTGF_General
+ S8148127: IllegalArgumentException thrown by JCK test
api/java_awt/Component/FlipBufferStrategy/indexTGF_General in
opengl pipeline
+ S8150611: Security problem on sun.misc.resources.Messages*
+ S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
+ S8158734: JEditorPane.createEditorKitForContentType throws NPE after
6882559
+ S8159684: (tz) Support tzdata2016f
+ S8160934: isnan() is not available on older MSVC compilers
+ S8162411: Service Menu services 2
+ S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing
after JDK-8155968
+ S8162511: 8u111 L10n resource file updates
+ S8162792: Remove constraint DSA keySize < 1024 from
jdk.jar.disabledAlgorithms in jdk8
+ S8164452: 8u111 L10n resource file update - msgdrop 20
+ S8165816: jarsigner -verify shows jar unsigned if it was signed with
a weak algorithm
+ S8166381: Back out changes to the java.security file to not disable
MD5
* Backports
+ S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices
fails SOMETIMES for Cups
+ S6907252, PR3162: ZipFileInputStream Not Thread-Safe
+ S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on
7u45 Embedded linux-ppc*
+ S8028479, PR3162: runNameEquals still cannot precisely detect if a
usable native krb5 is available
+ S8034057, PR3162: Files.getFileStore and Files.isWritable do not
work with SUBST'ed drives (win)
+ S8038491, PR3162: Improve synchronization in ZipFile.read()
+ S8038502, PR3162: Deflater.needsInput() should use synchronization
+ S8059411, PR3162: RowSetWarning does not correctly chain warnings
+ S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range
validation to isdefinitlyWritable
+ S8066188, PR3162: BaseRowSet returns the wrong default value for
escape processing
+ S8072466, PR3162: Deadlock when initializing MulticastSocket and
DatagramSocket
+ S8075118, PR3162: JVM stuck in infinite loop during verification
+ S8076579, PR3162: Popping a stack frame after exception breakpoint
sets last method param to exception
+ S8078495, PR3162: End time checking for native TGT is wrong
+ S8078668, PR3162: jar usage string mentions unsupported
option '-n'
+ S8080115, PR3162: (fs) Crash in libgio when calling
Files.probeContentType(path) from parallel threads
+ S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone
parsing problem
+ S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing
the LDAP context
+ S8130136, PR3162: Swing window sometimes fails to repaint partially
when it becomes exposed
+ S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two
successive stores in an iteration are determined to be equal
+ S8132551, PR3162: Initialize local variables before returning them
in p11_convert.c
+ S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after
changes for JDK-8080115
+ S8133666, PR3162: OperatingSystemMXBean reports abnormally high
machine CPU consumption on Linux
+ S8135002, PR3162: Fix or remove broken links in
objectMonitor.cpp comments
+ S8137121, PR3162: (fc) Infinite loop FileChannel.truncate
+ S8137230, PR3162: TEST_BUG:
java/nio/channels/FileChannel/LoopingTruncate.java timed out
+ S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java
failed with timeout
+ S8140249, PR3162: JVM Crashing During startUp If Flight Recording is
enabled
+ S8141491, PR3160, G592292: Unaligned memory access in Bits.c
+ S8144483, PR3162: One long Safepoint pause directly after each GC
log rotation
+ S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory
* Bug fixes
+ S8078628, PR3151: Zero build fails with pre-compiled headers disabled
+ PR3128: pax-mark-vm script calls "exit -1" which is invalid in dash
+ PR3131: PaX marking fails on filesystems which don't support
extended attributes
+ PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a
typo in add-tzdata dependency
+ PR3141: Pass $(CC) and $(CXX) to OpenJDK build
+ PR3166: invalid zip timestamp handling leads to error building
bootstrap-javac
+ PR3202: Update infinality configure test
+ PR3212: Disable ARM32 JIT by default
* CACAO
+ PR3136: CACAO is broken due to 2 new native methods in
sun.misc.Unsafe (from S8158260)
* JamVM
+ PR3134: JamVM is broken due to 2 new native methods in
sun.misc.Unsafe (from S8158260)
* AArch64 port
+ S8167200, PR3204: AArch64: Broken stack pointer adjustment in
interpreter
+ S8168888: Port 8160591: Improve internal array handling to AArch64.
+ PR3211: AArch64 build fails with pre-compiled headers disabled
- Changed patch:
* java-1_7_0-openjdk-gcc6.patch
+ Rediff to changed context
- Disable arm32 JIT, since its build broken
(http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942) (Moderate)SUSE bug 1005522SUSE bug 1005523SUSE bug 1005524SUSE bug 1005525SUSE bug 1005526SUSE bug 1005527SUSE bug 1005528CVE-2016-5542CVE-2016-5554CVE-2016-5556CVE-2016-5568CVE-2016-5573CVE-2016-5582CVE-2016-5597Security update for Mozilla Firefox, Thunderbird and NSS (Important)openSUSE 13.1
This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.
The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):
- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
(bmo#1292443)
- CVE-2016-5292: URL parsing causes crash (bmo#1288482)
- CVE-2016-5297: Incorrect argument length checking in Javascript
(bmo#1303678)
- CVE-2016-9064: Addons update must verify IDs match between current and
new versions (bmo#1303418)
- CVE-2016-9066: Integer overflow leading to a buffer overflow in
nsScriptLoadHandler (bmo#1299686)
- CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
(bmo#1301777, bmo#1308922 (CVE-2016-9069))
- CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
- CVE-2016-9075: WebExtensions can access the mozAddonManager API and use
it to gain elevated privileges (bmo#1295324)
- CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to
cross-origin images, allowing timing attacks on them (bmo#1298552)
- CVE-2016-5291: Same-origin policy violation using local HTML file and
saved shortcut file (bmo#1292159)
- CVE-2016-9070: Sidebar bookmark can have reference to chrome window
(bmo#1281071)
- CVE-2016-9073: windows.create schema doesn't specify "format":
"relativeUrl" (bmo#1289273)
- CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on
e10s (bmo#1276976)
- CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in
expat (bmo#1274777)
- CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
(bmo#1285003)
- CVE-2016-5289: Memory safety bugs fixed in Firefox 50
- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR
45.5
The following vulnerabilities were fixed in Mozilla NSS 3.26.1:
- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
(bmo#1293334)
Mozilla Firefox now requires mozilla-nss 3.26.2.
New features in Mozilla Firefox:
- Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle
through tabs in recently used order View a page in Reader Mode by using
Ctrl+Alt+R
- Added option to Find in page that allows users to limit search to whole
words only
- Added download protection for a large number of executable file types on
Windows, Mac and Linux
- Fixed rendering of dashed and dotted borders with rounded corners
(border-radius)
- Added a built-in Emoji set for operating systems without native Emoji
fonts
- Blocked versions of libavcodec older than 54.35.1
- additional locale
mozilla-nss was updated to 3.26.2, incorporating the following changes:
- the selfserv test utility has been enhanced to support ALPN (HTTP/1.1)
and 0-RTT
- The following CA certificate was added: CN = ISRG Root X1
- NPN is disabled and ALPN is enabled by default
- MD5 signature algorithms sent by the server in CertificateRequest
messages are now properly ignored (Important)SUSE bug 1009026SUSE bug 1010401SUSE bug 1010404SUSE bug 1010410SUSE bug 1010411SUSE bug 1010427SUSE bug 1012807SUSE bug 1012964SUSE bug 1227538SUSE bug 1245791SUSE bug 1245795SUSE bug 1246945SUSE bug 1246972SUSE bug 1247239SUSE bug 1274777SUSE bug 1276976SUSE bug 1281071SUSE bug 1285003SUSE bug 1288482SUSE bug 1289273SUSE bug 1292159SUSE bug 1292443SUSE bug 1293334SUSE bug 1294438SUSE bug 1295324SUSE bug 1298552SUSE bug 1299686SUSE bug 1300083SUSE bug 1301777SUSE bug 1302973SUSE bug 1303418SUSE bug 1303678SUSE bug 1306696SUSE bug 1308922SUSE bug 1317641SUSE bug 1321066CVE-2016-5289CVE-2016-5290CVE-2016-5291CVE-2016-5292CVE-2016-5293CVE-2016-5294CVE-2016-5295CVE-2016-5296CVE-2016-5297CVE-2016-5298CVE-2016-5299CVE-2016-9061CVE-2016-9062CVE-2016-9063CVE-2016-9064CVE-2016-9065CVE-2016-9066CVE-2016-9067CVE-2016-9068CVE-2016-9069CVE-2016-9070CVE-2016-9071CVE-2016-9072CVE-2016-9073CVE-2016-9074CVE-2016-9075CVE-2016-9076CVE-2016-9077CVE-2016-9078CVE-2016-9079Security update for roundcubemail (Important)openSUSE 13.1
This update for roundcubemail fixes the following issues:
- A maliciously crafted email could cause untrusted code to be executed
(cross site scripting using $lt;area href=javascript:...>) (boo#982003,
CVE-2016-5103)
- Avoid HTML styles that could cause potential click jacking (boo#1001856)
- A maliciously crafted FROM value could cause extra parameters to be
passed to the sendmail command (boo#1012493)
- Avoid sending completely empty text parts for multipart/alternative
messages
- Don't create multipart/alternative messages with empty text/plain part
- Improved validation of FROM argument when sending mails (Important)SUSE bug 1001856SUSE bug 1012493SUSE bug 982003CVE-2016-5103Security update for MozillaFirefox (Important)openSUSE 13.1
This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities:
- CVE-2016-9894: Buffer overflow in SkiaGL
- CVE-2016-9899: Use-after-free while manipulating DOM events and audio
elements
- CVE-2016-9895: CSP bypass using marquee tag
- CVE-2016-9896: Use-after-free with WebVR
- CVE-2016-9897: Memory corruption in libGLES
- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- CVE-2016-9900: Restricted external resources can be loaded by SVG images
through data URLs
- CVE-2016-9904: Cross-origin information leak in shared atoms
- CVE-2016-9901: Data from Pocket server improperly sanitized before
execution
- CVE-2016-9902: Pocket extension does not validate the origin of events
- CVE-2016-9903: XSS injection vulnerability in add-ons SDK
- CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
- CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR
45.6
The following bugs were fixed:
- boo#1011922: fix crash after a few seconds of usage on AArch64
(Important)SUSE bug 1011922SUSE bug 1015422SUSE bug 1301381SUSE bug 1306628SUSE bug 1312272SUSE bug 1314442SUSE bug 1315435SUSE bug 1315543SUSE bug 1317409SUSE bug 1317936SUSE bug 1319122SUSE bug 1320039SUSE bug 1320057CVE-2016-9080CVE-2016-9893CVE-2016-9894CVE-2016-9895CVE-2016-9896CVE-2016-9897CVE-2016-9898CVE-2016-9899CVE-2016-9900CVE-2016-9901CVE-2016-9902CVE-2016-9903CVE-2016-9904Security update to phpMyAdmin 4.4.15.4 (Moderate)openSUSE 13.1
Security update to phpMyAdmin 4.4.15.4
The followinng vulnerabilities were fixed: (boo#964024)
* CVE-2016-2038: Multiple full path disclosure vulnerabilities
* CVE-2016-2039: Unsafe generation of XSRF/CSRF token
* CVE-2016-2040: Multiple XSS vulnerabilities
* CVE-2016-1927: Insecure password generation in JavaScript
* CVE-2016-2041: Unsafe comparison of XSRF/CSRF token
* CVE-2016-2042: Multiple full path disclosure vulnerabilities
* CVE-2016-2043: XSS vulnerability in normalization page (Moderate)SUSE bug 964024CVE-2016-1927CVE-2016-2038CVE-2016-2039CVE-2016-2040CVE-2016-2041CVE-2016-2042CVE-2016-2043Security update for MySQL (Important)openSUSE 13.1
This update to MySQL 5.6.28 fixes the following issues (bsc#962779):
- CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
- CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.
- CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
- CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options.
- CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.
- CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML.
- CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
- CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
- CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
- CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
- CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF.
- CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges.
- CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
- CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf()
(Important)SUSE bug 959724SUSE bug 962779CVE-2015-7744CVE-2016-0502CVE-2016-0503CVE-2016-0504CVE-2016-0505CVE-2016-0546CVE-2016-0594CVE-2016-0595CVE-2016-0596CVE-2016-0597CVE-2016-0598CVE-2016-0600CVE-2016-0605CVE-2016-0606CVE-2016-0607CVE-2016-0608CVE-2016-0609CVE-2016-0610CVE-2016-0611Security update for curl (Moderate)openSUSE 13.1
This update for curl fixes the following issues:
- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)
The following tracked bugs only affect the test suite:
- bsc#962996: Expired cookie in test 46 caused test failures
(Moderate)SUSE bug 962983SUSE bug 962996CVE-2016-0755Security update for tiff (Moderate)openSUSE 13.1
This update for tiff fixes the following issues:
- CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (boo#964225)
(Moderate)SUSE bug 964225CVE-2015-8781CVE-2015-8782CVE-2015-8783Security update for jasper (Moderate)openSUSE 13.1
This update fixes the following issue:
* CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) (Moderate)SUSE bug 963983CVE-2016-2089Security update for flash-player (Important)openSUSE 13.1 NonFree
This update for flash-player fixes the following issues:
- Security update to 11.2.202.569 (bsc#965901):
* APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,
CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,
CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,
CVE-2016-0984, CVE-2016-0985 (Important)SUSE bug 965901CVE-2016-0964CVE-2016-0965CVE-2016-0966CVE-2016-0967CVE-2016-0968CVE-2016-0969CVE-2016-0970CVE-2016-0971CVE-2016-0972CVE-2016-0973CVE-2016-0974CVE-2016-0975CVE-2016-0976CVE-2016-0977CVE-2016-0978CVE-2016-0979CVE-2016-0980CVE-2016-0981CVE-2016-0982CVE-2016-0983CVE-2016-0984CVE-2016-0985Security update for cacti (Moderate)openSUSE 13.1
cacti was updated to fix the following vulnerabilities:
* CVE-2015-8369: SQL injection in graph.php (boo#958863)
* CVE-2015-8604: SQL injection in graphs_new.php (boo#960678)
* CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977)
* CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930)
The following non-security bugs were fixed:
boo#965864: Poller Script Parser was broken (boo#965864)
cacti-spine was updated to match the cacti version, fixing a number of upstream bugs. (Moderate)SUSE bug 958863SUSE bug 958977SUSE bug 960678SUSE bug 965864SUSE bug 965930CVE-2015-8369CVE-2015-8377CVE-2015-8604CVE-2016-2313Security update for cacti-spine (Moderate)openSUSE 13.1
cacti-spine was updated to match the cacti version, fixing a number of upstream bugs. (Moderate)Security update for openssl (Low)openSUSE 13.1
This update for openssl fixes the following issues:
- CVE-2015-3197: A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (boo#963415)
(Low)SUSE bug 963415CVE-2015-3197Security update for libnettle (Moderate)openSUSE 13.1
This update for libnettle fixes the following issues:
- CVE-2015-8803: secp256 calculation bug (boo#964845)
- CVE-2015-8804: Miscalculations on secp384 curve (boo#964847)
- CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (boo#964849)
(Moderate)SUSE bug 964845SUSE bug 964847SUSE bug 964849CVE-2015-8803CVE-2015-8804CVE-2015-8805Security update for socat (Moderate)openSUSE 13.1
This update for socat fixes the following issues:
Changes in socat:
- update to 1.7.3.1, security fixes:
* Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in
OpenSSL" (boo#938913 and CVE-2015-4000).
* Socat security advisory 8: "Stack overflow in arguments parser"
(boo#964844)
- Update to version 1.7.3.0
* Too many changes to list; please read the CHANGES file for news
(Moderate)SUSE bug 938913SUSE bug 964844CVE-2015-4000Security update for claws-mail (Moderate)openSUSE 13.1
This update for claws-mail fixes the following issues:
- CVE-2015-8614: additional fixes for buffer overrun issues which allowed remote attackers to cause a crash or have unspecified further impact (boo#959993)
(Moderate)SUSE bug 959993CVE-2015-8614Security update for Thunderbird (Moderate)openSUSE 13.1
This update to 38.6.0 fixes the following issues:
* MFSA 2016-01/CVE-2016-1930
Miscellaneous memory safety hazards
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
Buffer overflow in WebGL after out of memory allocation
(Moderate)SUSE bug 1158489SUSE bug 1220450SUSE bug 963520CVE-2015-7575CVE-2016-1930CVE-2016-1935Security update for glibc (Critical)openSUSE 13.1
This update for glibc fixes the following security issues:
* fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo(), known as CVE-2015-7547. It is a client side networked/remote vulnerability.
(Critical)CVE-2015-7547Security update for Chromium (Moderate)openSUSE 13.1
This update to Chromium 48.0.2564.109 fixes the following issues:
Security fixes (boo#965999):
- CVE-2016-1622: Same-origin bypass in Extensions
- CVE-2016-1623: Same-origin bypass in DOM
- CVE-2016-1624: Buffer overflow in Brotli
- CVE-2016-1625: Navigation bypass in Chrome Instant
- CVE-2016-1626: Out-of-bounds read in PDFium
- CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives
Non-security bug fixes:
- boo#965738: resolve issues with specific banking websites when built against system libraries
- boo#966082: chromium: sandbox related stacktrace printed
- boo#965566: Drop libva support
- Prevent graphical issues related to libjpeg
- On KDE 5 kwallet5 is the default password store now (Moderate)SUSE bug 965566SUSE bug 965738SUSE bug 965999SUSE bug 966082CVE-2016-1622CVE-2016-1623CVE-2016-1624CVE-2016-1625CVE-2016-1626CVE-2016-1627Security update for xdelta3 (Moderate)openSUSE 13.1
This update for xdelta3 fixes the following security issue:
- CVE-2014-9765: Fixed buffer overflow in main_get_appheader. (boo#965791)
(Moderate)SUSE bug 965791CVE-2014-9765Security update for Chromium (Critical)openSUSE 13.1
This update contains Chromium 48.0.2564.116 and fixes the following security flaw:
- CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. (boo#967376) (Critical)Security update for Mozilla Firefox (Moderate)openSUSE 13.1
This update for MozillaFirefox fixes the following issues:
- update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
Same-origin-policy violation using Service Workers with plugins
* Fix issue which could lead to the removal of stored passwords under
certain circumstances (bmo#1242176)
* Allows spaces in cookie names (bmo#1244505)
* Disable opus/vorbis audio with H.264 (bmo#1245696)
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
* Fix a crash in cache networking (bmo#1244076)
* Fix using WebSockets in service worker controlled pages (bmo#1243942)
(Moderate)SUSE bug 1222171SUSE bug 1242176SUSE bug 1243942SUSE bug 1244076SUSE bug 1244505SUSE bug 1245696SUSE bug 1245724SUSE bug 966438CVE-2016-1949Security update for openssl (Important)openSUSE 13.1
This update for openssl fixes various security issues:
Security issues fixed:
- CVE-2016-0800 aka the "DROWN" attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to
decryption of TLS sessions by using a server supporting SSLv2 and
EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
"OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the
SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL
protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled
if required by old legacy software using the environment variable
"OPENSSL_ALLOW_EXPORT".
- CVE-2016-0702 aka the "CacheBleed" attack. (bsc#968050)
Various changes in the modular exponentation code were added that
make sure that it is not possible to recover RSA secret keys by
analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture.
Note that this was only exploitable if the malicious code was running
on the same hyper threaded Intel Sandy Bridge processor as the victim
thread performing decryptions.
- CVE-2016-0705 (bnc#968047):
A double free() bug in the DSA ASN1 parser code was fixed that could
be abused to facilitate a denial-of-service attack.
- CVE-2016-0797 (bnc#968048):
The BN_hex2bn() and BN_dec2bn() functions had a bug that could
result in an attempt to de-reference a NULL pointer leading to crashes.
This could have security consequences if these functions were ever called by
user applications with large untrusted hex/decimal data. Also,
internal usage of these functions in OpenSSL uses data from config
files or application command line arguments. If user developed
applications generated config file data based on untrusted data,
then this could have had security consequences as well.
- CVE-2016-0798 (bnc#968265)
The SRP user database lookup method SRP_VBASE_get_by_user() had a memory
leak that attackers could abuse to facility DoS attacks. To mitigate
the issue, the seed handling in SRP_VBASE_get_by_user() was disabled
even if the user has configured a seed. Applications are advised to
migrate to SRP_VBASE_get1_by_user().
- CVE-2016-0799 (bnc#968374)
On many 64 bit systems, the internal fmtstr() and doapr_outch()
functions could miscalculate the length of a string and attempt to
access out-of-bounds memory locations. These problems could have
enabled attacks where large amounts of untrusted data is passed to
the BIO_*printf functions. If applications use these functions in
this way then they could have been vulnerable. OpenSSL itself uses
these functions when printing out human-readable dumps of ASN.1
data. Therefore applications that print this data could have been
vulnerable if the data is from untrusted sources. OpenSSL command line
applications could also have been vulnerable when they print out ASN.1
data, or if untrusted data is passed as command line arguments. Libssl
is not considered directly vulnerable.
- CVE-2015-3197 (bsc#963415):
The SSLv2 protocol did not block disabled ciphers.
Note that the March 1st 2016 release also references following CVEs
that were fixed by us with CVE-2015-0293 in 2015:
- CVE-2016-0703 (bsc#968051): This issue only affected versions of
OpenSSL prior to March 19th 2015 at which time the code was refactored
to address vulnerability CVE-2015-0293. It would have made the above
"DROWN" attack much easier.
- CVE-2016-0704 (bsc#968053): "Bleichenbacher oracle in SSLv2"
This issue only affected versions of OpenSSL prior to March 19th
2015 at which time the code was refactored to address vulnerability
CVE-2015-0293. It would have made the above "DROWN" attack much easier.
(Important)Security update for wireshark (Moderate)openSUSE 13.1
Wireshark was updated to 1.12.10, fixing a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file, specifically:
- CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03)
- CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10)
- CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10)
- CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11)
- GSM A-bis OML dissector crash (wnpa-sec-2016-14)
- ASN.1 BER dissector crash (wnpa-sec-2016-15)
- ASN.1 BER dissector crash (wnpa-sec-2016-18)
Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html
The following non-security bugs were fixed:
- boo#961170: Recommend wireshark-ui instead of requiring it to support text-only used
(Moderate)SUSE bug 961170SUSE bug 968565CVE-2016-2523CVE-2016-2530CVE-2016-2531CVE-2016-2532Security update for pigz (Moderate)openSUSE 13.1
Pigz, a multi-threaded implementation of gzip, was updated to fix one vulnerability.
The following vulnerability was fixed:
* A crafted file could have caused an unwanted directory traversal on extract (CVE-2015-1191)
(Moderate)SUSE bug 913627CVE-2015-1191Security update for phpMyAdmin (Moderate)openSUSE 13.1
This update to phpMyAdmin 4.4.15.4 fixes the following security issues:
- CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938)
- CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941)
(Moderate)SUSE bug 968938SUSE bug 968941CVE-2016-2560CVE-2016-2561Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 49.0.2623.75 to fix the following security issues: (boo#969333)
- CVE-2016-1630: Same-origin bypass in Blink
- CVE-2016-1631: Same-origin bypass in Pepper Plugin
- CVE-2016-1632: Bad cast in Extensions
- CVE-2016-1633: Use-after-free in Blink
- CVE-2016-1634: Use-after-free in Blink
- CVE-2016-1635: Use-after-free in Blink
- CVE-2016-1636: SRI Validation Bypass
- CVE-2015-8126: Out-of-bounds access in libpng
- CVE-2016-1637: Information Leak in Skia
- CVE-2016-1638: WebAPI Bypass
- CVE-2016-1639: Use-after-free in WebRTC
- CVE-2016-1640: Origin confusion in Extensions UI
- CVE-2016-1641: Use-after-free in Favicon
- CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26) (Important)SUSE bug 969333CVE-2015-8126CVE-2016-1630CVE-2016-1631CVE-2016-1632CVE-2016-1633CVE-2016-1634CVE-2016-1635CVE-2016-1636CVE-2016-1637CVE-2016-1638CVE-2016-1639CVE-2016-1640CVE-2016-1641CVE-2016-1642Security update for libotr,libotr2 (Important)openSUSE 13.1
libotr and libotr2 were updated to fix one security issue:
- CVE-2016-2851: Integer overflow vulnerability allowed remote attackers to execute arbitrary code on 64 bit platforms (boo#969785) (Important)SUSE bug 969785CVE-2016-2851Security update for Firefox (Important)openSUSE 13.1
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the
following issues:
MozillaFirefox was updated to Firefox 45.0 (boo#969894)
* requires NSPR 4.12 / NSS 3.21.1
* Instant browser tab sharing through Hello
* Synced Tabs button in button bar
* Tabs synced via Firefox Accounts from other devices are now shown in
dropdown area of Awesome Bar when searching
* Introduce a new preference (network.dns.blockDotOnion) to allow blocking
.onion at the DNS level
* Tab Groups (Panorama) feature removed
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety
hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and
potential privilege escalation through CSP reports
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip
location information for embedded iframe pages
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with
Intel drivers
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright
when deleting an array during MP4 processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be
overridden
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager
out-of-bounds read in Service Worker Manager
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in
HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in
SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using
multiple WebRTC data channels
* MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when
modifying a file being read by FileReader
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML
transformations
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though
history navigation and Location protocol property
* MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation
using perfomance.getEntries and history navigation with session restore
* MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli
decompression
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with
malicious NPAPI plugin
* MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found
through code inspection
* MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in
GetStaticInstance in WebRTC
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML
parser following a failed allocation
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1
decoding in NSS (fixed by requiring 3.21.1)
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during
processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the
Graphite 2 library
mozilla-nspr was updated to version 4.12
* added a PR_GetEnvSecure function, which attempts to detect if the
program is being executed with elevated privileges, and returns NULL if
detected. It is recommended to use this function in general purpose
library code.
* fixed a memory allocation bug related to the PR_*printf functions
* exported API PR_DuplicateEnvironment, which had already been added in
NSPR 4.10.9
* added support for FreeBSD aarch64
* several minor correctness and compatibility fixes
mozilla-nss was updated to NSS 3.21.1 (bmo#969894)
* required for Firefox 45.0
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1
decoding in NSS (fixed by requiring 3.21.1)
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during
processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
(Important)SUSE bug 1185033SUSE bug 1199923SUSE bug 1208946SUSE bug 1219339SUSE bug 1227052SUSE bug 1228103SUSE bug 1228754SUSE bug 1234949SUSE bug 1238440SUSE bug 1240760SUSE bug 1243178SUSE bug 1243335SUSE bug 1245264SUSE bug 1245528SUSE bug 1246014SUSE bug 1246054SUSE bug 1246742SUSE bug 1246956SUSE bug 1249377SUSE bug 969894CVE-2016-1950CVE-2016-1952CVE-2016-1953CVE-2016-1954CVE-2016-1955CVE-2016-1956CVE-2016-1957CVE-2016-1958CVE-2016-1959CVE-2016-1960CVE-2016-1961CVE-2016-1962CVE-2016-1963CVE-2016-1964CVE-2016-1965CVE-2016-1966CVE-2016-1967CVE-2016-1968CVE-2016-1970CVE-2016-1971CVE-2016-1972CVE-2016-1973CVE-2016-1974CVE-2016-1975CVE-2016-1976CVE-2016-1977CVE-2016-1979CVE-2016-2790CVE-2016-2791CVE-2016-2792CVE-2016-2793CVE-2016-2794CVE-2016-2795CVE-2016-2796CVE-2016-2797CVE-2016-2798CVE-2016-2799CVE-2016-2800CVE-2016-2801CVE-2016-2802Security update for Adobe Flash Player (Important)openSUSE 13.1 NonFree
This update to Adobe Flash Player 11.2.202.577 fixes a number of vulnerabilities that could have allowed remote attackers to execute arbitrary code through crafted content. (boo#970547)
* APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,
CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,
CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992,
CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,
CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000,
CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010
(Important)SUSE bug 970547CVE-2016-0960CVE-2016-0961CVE-2016-0962CVE-2016-0963CVE-2016-0986CVE-2016-0987CVE-2016-0988CVE-2016-0989CVE-2016-0990CVE-2016-0991CVE-2016-0992CVE-2016-0993CVE-2016-0994CVE-2016-0995CVE-2016-0996CVE-2016-0997CVE-2016-0998CVE-2016-0999CVE-2016-1000CVE-2016-1001CVE-2016-1002CVE-2016-1005CVE-2016-1010Security update for Chromium (Important)openSUSE 13.1
This update contains Chromium 49.0.2623.87 to fix the following issues:
- CVE-2016-1643: Type confusion in Blink (boo#970514)
- CVE-2016-1644: Use-after-free in Blink (boo#970509)
- CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)
(Important)SUSE bug 970509SUSE bug 970511SUSE bug 970514CVE-2016-1643CVE-2016-1644CVE-2016-1645Security update for bind (Important)openSUSE 13.1
This update for bind fixes the following issues:
* CVE-2016-1285: remote DoS caused by malformed data on control channel
* CVE-2016-1286: remote DoS via assertion failure in parsing of signature records for DNAME records
(Important)SUSE bug 970072SUSE bug 970073CVE-2016-1285CVE-2016-1286Security update for git (Important)openSUSE 13.1
This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). (Important)SUSE bug 971328CVE-2016-2315CVE-2016-2324Security update for cgit (Important)openSUSE 13.1
This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). (Important)SUSE bug 971328CVE-2016-2315CVE-2016-2324Security update for MozillaThunderbird (Important)openSUSE 13.1
MozillaThunderbird was updated to 38.7.0 to fix the following issues:
* Update to Thunderbird 38.7.0 (boo#969894)
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
Use-after-free in MediaStream playback
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using performance.getEntries and
history navigation
* MFSA 2016-16/CVE-2016-1952
Miscellaneous memory safety hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
Local file overwriting and potential privilege escalation through
CSP reports
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
Memory leak in libstagefright when deleting an array during MP4
processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
Displayed page address can be overridden
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
Use-after-free when using multiple WebRTC data channels
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
Addressbar spoofing though history navigation and Location protocol
property
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
Memory corruption with malicious NPAPI plugin
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
Out-of-bounds read in HTML parser following a failed allocation
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Font vulnerabilities in the Graphite 2 library
(Important)SUSE bug 969894CVE-2015-4477CVE-2015-7207CVE-2016-1952CVE-2016-1954CVE-2016-1957CVE-2016-1958CVE-2016-1960CVE-2016-1961CVE-2016-1962CVE-2016-1964CVE-2016-1965CVE-2016-1966CVE-2016-1974CVE-2016-1977CVE-2016-2790CVE-2016-2791CVE-2016-2792CVE-2016-2793CVE-2016-2794CVE-2016-2795CVE-2016-2796CVE-2016-2797CVE-2016-2798CVE-2016-2799CVE-2016-2800CVE-2016-2801CVE-2016-2802Security update for flash-player (Important)openSUSE 13.1 NonFree
flash-player was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-1019: Adobe Flash Player earlier allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016
Aliased: (bsc#974209).
(Important)SUSE bug 974209CVE-2016-1019security update for java-1_7_0-openjdk (Important)openSUSE 13.1
This update for java-1_7_0-openjdk fixes the following issues:
java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)
* Security fixes
- S8152335, CVE-2016-0636: Improve MethodHandle consistency
* Import of OpenJDK 7 u99 build 0
- S6425769, PR2858: Allow specifying an address to bind JMX remote
connector
- S6961123: setWMClass fails to null-terminate WM_CLASS string
- S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently
- S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently
for IPv6 addresses
* Backports
- S8028727, PR2814: [parfait] warnings from b116 for
jdk.src.share.native.sun.security.ec: JNI pending exceptions
- S8048512, PR2814: Uninitialised memory in
jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
- S8071705. PR2819, RH1182694: Java application menu misbehaves when
running multiple screen stacked vertically
- S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell
* Bug fixes
- PR2803: Make system CUPS optional
- PR2886: Location of 'stap' executable is hard-coded
- PR2893: test/tapset/jstaptest.pl should be executable
- PR2894: Add missing test directory in make check.
* CACAO
- PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest
&& result && x.any && y.any' failed
* AArch64 port
- PR2852: Add support for large code cache
- PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.
- S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in
interpreter
- S8131483, PR2852: aarch64: illegal stlxr instructions
- S8133352, PR2852: aarch64: generates constrained unpredictable
instructions
- S8133842, PR2852: aarch64: C2 generates illegal instructions with int
shifts >=32
- S8134322, PR2852: AArch64: Fix several errors in C2 biased locking
implementation
- S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0
- S8138575, PR2852: Improve generated code for profile counters
- S8138641, PR2852: Disable C2 peephole by default for aarch64
- S8138966, PR2852: Intermittent SEGV running ParallelGC
- S8143067, PR2852: aarch64: guarantee failure in javac
- S8143285, PR2852: aarch64: Missing load acquire when checking if
ConstantPoolCacheEntry is resolved
- S8143584, PR2852: Load constant pool tag and class status with load
acquire
- S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java
fails with
--enable-unlimited-crypto
- S8144582, PR2852: AArch64 does not generate correct branch profile data
- S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base
- S8147805, PR2852: aarch64: C1 segmentation fault due to inline
Unsafe.getAndSetObject
- S8148240, PR2852: aarch64: random infrequent null pointer exceptions
in javac
* PPC & AIX port
- S8034797, PR2851: AIX: Fix os::naked_short_sleep() in
os_aix.cpp after 8028280
- S8139258, PR2851: PPC64LE: argument passing problem when passing 15
floats in native call
- S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill
register R12
Update to 2.6.5 - OpenJDK 7u99 (boo#972468)
* Security fixes
- S8152335, CVE-2016-0636: Improve MethodHandle consistency
* Import of OpenJDK 7 u99 build 0
- S6425769, PR2858: Allow specifying an address to bind JMX remote
connector
- S6961123: setWMClass fails to null-terminate WM_CLASS string
- S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently
- S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently
for IPv6 addresses
* Backports
- S8028727, PR2814: [parfait] warnings from b116 for
jdk.src.share.native.sun.security.ec: JNI pending exceptions
- S8048512, PR2814: Uninitialised memory in
jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
- S8071705. PR2819, RH1182694: Java application menu misbehaves when
running multiple screen stacked vertically
- S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell
* Bug fixes
- PR2803: Make system CUPS optional
- PR2886: Location of 'stap' executable is hard-coded
- PR2893: test/tapset/jstaptest.pl should be executable
- PR2894: Add missing test directory in make check.
* CACAO
- PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest
&& result && x.any && y.any' failed
* AArch64 port
- PR2852: Add support for large code cache
- PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.
- S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in
interpreter
- S8131483, PR2852: aarch64: illegal stlxr instructions
- S8133352, PR2852: aarch64: generates constrained unpredictable
instructions
- S8133842, PR2852: aarch64: C2 generates illegal instructions with int
shifts >=32
- S8134322, PR2852: AArch64: Fix several errors in C2 biased locking
implementation
- S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0
- S8138575, PR2852: Improve generated code for profile counters
- S8138641, PR2852: Disable C2 peephole by default for aarch64
- S8138966, PR2852: Intermittent SEGV running ParallelGC
- S8143067, PR2852: aarch64: guarantee failure in javac
- S8143285, PR2852: aarch64: Missing load acquire when checking if
ConstantPoolCacheEntry is resolved
- S8143584, PR2852: Load constant pool tag and class status with load
acquire
- S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java
fails with
--enable-unlimited-crypto
- S8144582, PR2852: AArch64 does not generate correct branch profile data
- S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base
- S8147805, PR2852: aarch64: C1 segmentation fault due to inline
Unsafe.getAndSetObject
- S8148240, PR2852: aarch64: random infrequent null pointer exceptions
in javac
* PPC & AIX port
- S8034797, PR2851: AIX: Fix os::naked_short_sleep() in
os_aix.cpp after 8028280
- S8139258, PR2851: PPC64LE: argument passing problem when passing 15
floats in native call
- S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill
register R12 (Important)SUSE bug 972468CVE-2016-0636Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 49.0.2623.110 to fix the following security issues:
- CVE-2016-1646: Out-of-bounds read in V8
- CVE-2016-1647: Use-after-free in Navigation
- CVE-2016-1648: Use-after-free in Extensions
- CVE-2016-1649: Buffer overflow in libANGLE
- CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives
- CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33) (Important)SUSE bug 972834CVE-2016-1646CVE-2016-1647CVE-2016-1648CVE-2016-1649CVE-2016-1650CVE-2016-3679Security update for systemd (Moderate)openSUSE 13.1
This update for systemd fixes several issues:
e5e362a udev: exclude MD from block device ownership event locking
8839413 udev: really exclude device-mapper from block device ownership event locking
66782e6 udev: exclude device-mapper from block device ownership event locking (bsc#972727)
1386f57 tmpfiles: explicitly set mode for /run/log
faadb74 tmpfiles: don't allow read access to journal files to users not in systemd-journal
9b1ef37 tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in
011c39f tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories
07e2d60 tmpfiles: get rid of "m" lines
d504e28 tmpfiles: various modernizations
f97250d systemctl: no need to pass --all if inactive is explicitly requested in list-units (bsc#967122)
2686573 fstab-generator: fix automount option and don't start associated mount unit at boot (bsc#970423)
5c1637d login: support more than just power-gpio-key (fate#318444) (bsc#970860)
2c95ecd logind: add standard gpio power button support (fate#318444) (bsc#970860)
af3eb93 Revert "log-target-null-instead-kmsg"
555dad4 shorten hostname before checking for trailing dot (bsc#965897)
522194c Revert "log: honour the kernel's quiet cmdline argument" (bsc#963230)
cc94e47 transaction: downgrade warnings about wanted unit which are not found (bsc#960158)
eb3cfb3 Revert "vhangup-on-all-consoles"
0c28752 remove WorkingDirectory parameter from emergency, rescue and console-shell.service (bsc#959886)
- Don't allow read access to journal files to users (boo#972612 CVE-2014-9770 CVE-2015-8842)
Remove the world read bit from the permissions of (persistent)
archived journals. This was incorrectly set due to backported commit
18afa5c2a7a6c215.
For the same reasons we also have to fix the permissions of
/run/log/journal/&lt;machine-id&gt; directory to make sure that regular
user won't access to its content.
- spec: remove libudev1 runtime dependencies on udev (Moderate)SUSE bug 959886SUSE bug 960158SUSE bug 963230SUSE bug 965897SUSE bug 967122SUSE bug 970423SUSE bug 970860SUSE bug 972612SUSE bug 972727CVE-2014-9770CVE-2015-8842Security upate for tiff (Moderate)openSUSE 13.1
tiff was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-3186: Buffer overflow in gif2tiff (bsc#973340). (Moderate)SUSE bug 973340CVE-2016-3186security update for openssh (Critical)openSUSE 13.1
- CVE-2016-0777: A malicious or compromised server could cause the OpenSSH
client to expose part or all of the client's private key through the
roaming feature (bsc#961642)
- CVE-2016-0778: A malicious or compromised server could could trigger a
buffer overflow in the OpenSSH client through the roaming feature
(bsc#961645)
This update disables the undocumented feature supported by the OpenSSH
client and a commercial SSH server. (Critical)SUSE bug 961642SUSE bug 961645CVE-2016-0777CVE-2016-0778Security update for samba (Important)openSUSE 13.1
This update fixes these security vulnerabilities:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2114: "server signing = mandatory" not enforced (bsc#973035).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965).
The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions
are no longer supported by upstream. As a side effect, libpdb0 package
was replaced by libsamba-passdb0.
(Important)SUSE bug 11077SUSE bug 11344SUSE bug 11395SUSE bug 11529SUSE bug 11536SUSE bug 11599SUSE bug 11644SUSE bug 11648SUSE bug 11688SUSE bug 11749SUSE bug 11752SUSE bug 11756SUSE bug 11804SUSE bug 844720SUSE bug 849224SUSE bug 853347SUSE bug 917376SUSE bug 936862SUSE bug 958582SUSE bug 958583SUSE bug 958584SUSE bug 958586SUSE bug 968222SUSE bug 971965SUSE bug 973031SUSE bug 973032SUSE bug 973033SUSE bug 973034SUSE bug 973035SUSE bug 973036CVE-2012-6150CVE-2013-4408CVE-2013-4496CVE-2015-0240CVE-2015-5252CVE-2015-5296CVE-2015-5299CVE-2015-5330CVE-2015-5370CVE-2015-7560CVE-2016-2110CVE-2016-2111CVE-2016-2112CVE-2016-2113CVE-2016-2114CVE-2016-2115CVE-2016-2118Security update for apparmor (Moderate)openSUSE 13.1
This update for apparmor updates some profiles. It is specifically required for the Samba security update.
profile updates:
- sbin.syslog-ng
- usr.sbin.identd
- usr.sbin.nscd (allows nscd paranoia mode)
- usr.sbin.smbd
- usr.sbin.smbldap-useradd
- apache2.d/phpsysinfo
updated abstractions:
- aspell
- base
- cups-client
- fonts
- freedesktop.org
- nameservice
- p11-kit
- php5
- samba (including the changes needed for Samba 4.2.x)
- ssl_certs
- ssl_keys
- ubuntu-browsers.d/java
- ubuntu-browsers.d/multimedia
- ubuntu-browsers.d/plugins-common
- ubuntu-browsers.d/ubuntu-integration
- ubuntu-email
- ubuntu-helpers
- user-mail
- X (Moderate)SUSE bug 905368Security update for giflib (Moderate)openSUSE 13.1
This update fixes the following issue:
Heap buffer overflow in gif2rgb (CVE-2016-3977) (Moderate)SUSE bug 974847CVE-2016-3977Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:
- CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
- CVE-2016-1652: Universal XSS in extension bindings
- CVE-2016-1653: Out-of-bounds write in V8
- CVE-2016-1654: Uninitialized memory read in media
- CVE-2016-1655: Use-after-free related to extensions
- CVE-2016-1656: Android downloaded file path restriction bypass
- CVE-2016-1657: Address bar spoofing
- CVE-2016-1658: Potential leak of sensitive information to malicious extensions
- CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives (Important)SUSE bug 975572CVE-2016-1651CVE-2016-1652CVE-2016-1653CVE-2016-1654CVE-2016-1655CVE-2016-1656CVE-2016-1657CVE-2016-1658CVE-2016-1659Security update for java-1_7_0-openjdk (Important)openSUSE 13.1
This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues.
These security issues were fixed:
- CVE-2016-0686: Ensure thread consistency (bsc#976340).
- CVE-2016-0687: Better byte behavior (bsc#976340).
- CVE-2016-0695: Make DSA more fair (bsc#976340).
- CVE-2016-3425: Better buffering of XML strings (bsc#976340).
- CVE-2016-3427: Improve JMX connections (bsc#976340). (Important)SUSE bug 976340CVE-2016-0686CVE-2016-0687CVE-2016-0695CVE-2016-3425CVE-2016-3427Security update for openssl (Important)openSUSE 13.1
This update for openssl fixes the following issues:
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- bsc#976943: Buffer overrun in ASN1_parse
(Important)SUSE bug 976942SUSE bug 976943SUSE bug 977614SUSE bug 977615SUSE bug 977616SUSE bug 977617CVE-2016-2105CVE-2016-2106CVE-2016-2107CVE-2016-2108CVE-2016-2109Security update for libopenssl0_9_8 (Important)openSUSE 13.1
This update for libopenssl0_9_8 fixes the following issues:
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050)
- bsc#976943: Buffer overrun in ASN1_parse
and updates the package to version 0.9.8zh which collects many other
fixes, including security ones.
(Important)SUSE bug 963415SUSE bug 968046SUSE bug 968048SUSE bug 968050SUSE bug 968374SUSE bug 976942SUSE bug 976943SUSE bug 977614SUSE bug 977615SUSE bug 977617CVE-2015-3197CVE-2016-0702CVE-2016-0797CVE-2016-0799CVE-2016-0800CVE-2016-2105CVE-2016-2106CVE-2016-2108CVE-2016-2109Security update to Firefox 46.0 (Moderate)openSUSE 13.1
This update to Mozilla Firefox 46.0 fixes several security issues and bugs (boo#977333).
The following vulnerabilities were fixed:
- CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39
(boo#977373)
- CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39
(boo#977375)
- CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39
(boo#977376)
- CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()
- MFSA 2016-47 (boo#977386)
- CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42
(boo#977379)
- CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42
(boo#977379)
- CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -
MFSA 2016-44 (boo#977381)
- CVE-2016-2816: CSP not applied to pages sent with
multipart/x-mixed-replace - MFSA 2016-45 (boo#977382)
- CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web
extensions - MFSA 2016-46 (boo#977384)
- CVE-2016-2820: Firefox Health Reports could accept events from untrusted
domains - MFSA 2016-48 (boo#977388)
The following miscellaneous changes are included:
- Improved security of the JavaScript Just In Time (JIT) Compiler
- WebRTC fixes to improve performance and stability
- Added support for document.elementsFromPoint
- Added HKDF support for Web Crypto API
The minimum requirements increased to NSPR 4.12 and NSS 3.22.3.
Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox 46.0, with the following changes:
- Increase compatibility of TLS extended master secret, don't send an
empty TLS extension last in the handshake (bmo#1243641)
- RSA-PSS signatures are now supported
- Pseudorandom functions based on hashes other than SHA-1 are now supported
- Enforce an External Policy on NSS from a config file
(Moderate)SUSE bug 1009429SUSE bug 1197901SUSE bug 1212939SUSE bug 1215295SUSE bug 1223743SUSE bug 1227462SUSE bug 1229681SUSE bug 1230955SUSE bug 1243641SUSE bug 1246061SUSE bug 1249572SUSE bug 1252330SUSE bug 1254503SUSE bug 1254694SUSE bug 1254721SUSE bug 1254856SUSE bug 1254980SUSE bug 1255139SUSE bug 1255605SUSE bug 1255735SUSE bug 1257861SUSE bug 1258562SUSE bug 1259482SUSE bug 1261776SUSE bug 2714650SUSE bug 870870SUSE bug 977333SUSE bug 977373SUSE bug 977375SUSE bug 977376SUSE bug 977377SUSE bug 977378SUSE bug 977379SUSE bug 977380SUSE bug 977381SUSE bug 977382SUSE bug 977384SUSE bug 977386SUSE bug 977388CVE-2016-2804CVE-2016-2806CVE-2016-2807CVE-2016-2808CVE-2016-2809CVE-2016-2810CVE-2016-2811CVE-2016-2812CVE-2016-2813CVE-2016-2814CVE-2016-2816CVE-2016-2817CVE-2016-2820Security update for flash-player (Important)openSUSE 13.1 NonFree
This security update for flash-player to 11.2.202.621 fixes the following
issues (boo#979422):
A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player
21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome
OS. Successful exploitation could cause a crash and potentially allow an
attacker to take control of the affected system. (APSA16-02)
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
(Important)SUSE bug 979422CVE-2016-4117Security update for phpMyAdmin (Moderate)openSUSE 13.1
This phpMyAdmin update to version 4.4.15.6 fixes the following issues:
Security issues fixed:
- PMASA-2016-16 (CVE-2016-5099, CWE-661):
Self XSS, see
https://www.phpmyadmin.net/security/PMASA-2016-16/
- PMASA-2016-15 (CVE-2016-5098, CWE-661):
File Traversal Protection Bypass on Error Reporting, see
https://www.phpmyadmin.net/security/PMASA-2016-15/
- PMASA-2016-14 (CVE-2016-5097, CWE-661):
Sensitive Data in URL GET Query Parameters, see
https://www.phpmyadmin.net/security/PMASA-2016-14/
(Moderate)SUSE bug 982128CVE-2016-5097CVE-2016-5098CVE-2016-5099Security update for proftpd (Moderate)openSUSE 13.1
proftpd was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-3125: The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
Aliased: (boo#970890).
(Moderate)SUSE bug 970890CVE-2016-3125Security update for MozillaFirefox, mozilla-nss (Important)openSUSE 13.1
This update to Mozilla Firefox 47 fixes the following issues (boo#983549):
Security fixes:
- CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA
2016-50)
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
- CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652
MFSA 2016-52)
- CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
- CVE-2016-2825: Partial same-origin-policy through setting location.host
through data URI (boo#983649 MFSA 2016-54)
- CVE-2016-2828: Use-after-free when textures are used in WebGL operations
after recycle pool destruction (boo#983646 MFSA 2016-56)
- CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
- CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
- CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)
Mozilla NSS was updated to 3.23 to address the following vulnerabilities:
- CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)
The following non-security changes are included:
- Enable VP9 video codec for users with fast machines
- Embedded YouTube videos now play with HTML5 video if Flash is not
installed
- View and search open tabs from your smartphone or another computer in a
sidebar
- Allow no-cache on back/forward navigations for https resources
The following packaging changes are included:
- boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
- boo#980384: enable build with PIE and full relro on x86_64
The following new functionality is provided:
- ChaCha20/Poly1305 cipher and TLS cipher suites now supported
- The list of TLS extensions sent in the TLS handshake has been reordered
to increase compatibility of the Extended Master Secret with with servers
(Important)SUSE bug 1025267SUSE bug 1193093SUSE bug 1206283SUSE bug 1221620SUSE bug 1223810SUSE bug 1234147SUSE bug 1241034SUSE bug 1241037SUSE bug 1241896SUSE bug 1242798SUSE bug 1243466SUSE bug 1245528SUSE bug 1245743SUSE bug 1248329SUSE bug 1248580SUSE bug 1256493SUSE bug 1256739SUSE bug 1256968SUSE bug 1261230SUSE bug 1261752SUSE bug 1261933SUSE bug 1263384SUSE bug 1264300SUSE bug 1264575SUSE bug 1265577SUSE bug 1267130SUSE bug 1269729SUSE bug 1270381SUSE bug 1271037SUSE bug 1271460SUSE bug 1273129SUSE bug 1273202SUSE bug 1273701SUSE bug 908933SUSE bug 980384SUSE bug 981695SUSE bug 983549SUSE bug 983632SUSE bug 983638SUSE bug 983639SUSE bug 983640SUSE bug 983643SUSE bug 983644SUSE bug 983646SUSE bug 983649SUSE bug 983651SUSE bug 983652SUSE bug 983653SUSE bug 983655CVE-2016-1950CVE-2016-2815CVE-2016-2818CVE-2016-2819CVE-2016-2821CVE-2016-2822CVE-2016-2824CVE-2016-2825CVE-2016-2828CVE-2016-2829CVE-2016-2831CVE-2016-2832CVE-2016-2833CVE-2016-2834Security update for bind (Important)openSUSE 13.1
This update for bind fixes the following issues:
- CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) (Important)SUSE bug 962189CVE-2015-8704Security update for flash-player (Critical)openSUSE 13.1 NonFree
Adobe flash-player was updated to 11.2.202.626 to fix the following security issues:
Security update to 11.2.202.626 (boo#984695):
* APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124,
CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129,
CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133,
CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137,
CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141,
CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145,
CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149,
CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153,
CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166,
CVE-2016-4171
Please see https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
for more information.
(Critical)SUSE bug 984695CVE-2016-4122CVE-2016-4123CVE-2016-4124CVE-2016-4125CVE-2016-4127CVE-2016-4128CVE-2016-4129CVE-2016-4130CVE-2016-4131CVE-2016-4132CVE-2016-4133CVE-2016-4134CVE-2016-4135CVE-2016-4136CVE-2016-4137CVE-2016-4138CVE-2016-4139CVE-2016-4140CVE-2016-4141CVE-2016-4142CVE-2016-4143CVE-2016-4144CVE-2016-4145CVE-2016-4146CVE-2016-4147CVE-2016-4148CVE-2016-4149CVE-2016-4150CVE-2016-4151CVE-2016-4152CVE-2016-4153CVE-2016-4154CVE-2016-4155CVE-2016-4156CVE-2016-4166CVE-2016-4171Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives (shared identifier) (boo#985397)
Includes vulnerability fixes from 50.0.2661.102 (boo#979859):
- CVE-2016-1667: Same origin bypass in DOM
- CVE-2016-1668: Same origin bypass in Blink V8 bindings
- CVE-2016-1669: Buffer overflow in V8
- CVE-2016-1670: Race condition in loader
Includes vulnerability fixes from 50.0.2661.94 (boo#977830):
- CVE-2016-1660: Out-of-bounds write in Blink
- CVE-2016-1661: Memory corruption in cross-process frames
- CVE-2016-1662: Use-after-free in extensions
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings
- CVE-2016-1664: Address bar spoofing
- CVE-2016-1665: Information leak in V8
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
(Important)SUSE bug 977830SUSE bug 979859SUSE bug 985397CVE-2016-1660CVE-2016-1661CVE-2016-1662CVE-2016-1663CVE-2016-1664CVE-2016-1665CVE-2016-1666CVE-2016-1667CVE-2016-1668CVE-2016-1669CVE-2016-1670CVE-2016-1704Security update for giflib (Important)openSUSE 13.1
The following patch fixes
- a heap overflow in giffix
- a memory leak in libgif6
(Important)SUSE bug 949160SUSE bug 960319CVE-2015-7555Security update for libtorrent-rasterbar (Moderate)openSUSE 13.1
This update for libtorrent-rasterbar fixes the following issues:
- CVE-2016-5301: Crash on invalid input in http_parser could have allowed
a remote attacker to perform a denial of service attack (boo#983228).
In addition, the package was updated to 1.0.9 / 1.16.19, fixing various
upstream bugs.
(Moderate)SUSE bug 983228security update for phpMyAdmin (Moderate)openSUSE 13.1
This phpMyAdmin update to version 4.4.15.7 fixes the following issues:
Issues fixed:
Setup script doesn't use input type 'password' in all relevant locations
Security issues fixed:
- PMASA-2016-17 (CVE-2016-5701, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-17/
- BBCode injection vulnerability
- PMASA-2016-19 (CVE-2016-5703, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-19/
- SQL injection attack
- PMASA-2016-21 (CVE-2016-5705, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-21/
- Multiple XSS vulnerabilities
- PMASA-2016-22 (CVE-2016-5706, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-22/
- DOS attack
- PMASA-2016-23 (CVE-2016-5730, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-23/
- Multiple full path disclosure vulnerabilities
- PMASA-2016-24 (CVE-2016-5731, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-24/
- XSS through FPD
- PMASA-2016-26 (CVE-2016-5733, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-26/
- Multiple XSS vulnerabilities
- PMASA-2016-28 (CVE-2016-5739, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-28/
- Referrer leak in transformations
(Moderate)SUSE bug 986154CVE-2016-5701CVE-2016-5703CVE-2016-5705CVE-2016-5706CVE-2016-5730CVE-2016-5731CVE-2016-5733CVE-2016-5739Security update for libvirt (Moderate)openSUSE 13.1
Maintenance update for openSUSE13.1 libvirt package.
- Fix cve-2015-5313: directory directory traversal privilege
escalation vulnerability.
e8643ef6-cve-2015-5313.patch
bsc#953110
- qemu: Call qemuSetupHostdevCGroup later during hotplug
05e149f9-call-qemuSetupHostdevCGroup-later.patch
qemu: hotplug: Only label hostdev after checking device conflicts
ee414b5d-fix-qemu-hotplug-usb-hostdev.patch
bsc#863933
- libxl: support virtual sound devices in HVM domains
c0d3f608-libxl-soundhw.patch
bsc#875216 (Moderate)SUSE bug 863933SUSE bug 875216SUSE bug 953110CVE-2015-5313security update for jasper (Low)openSUSE 13.1
This update for jasper fixes the following issues:
- CVE-2016-1867: Out-of-bounds Read could cause a crash (boo#961886) (Low)SUSE bug 469786SUSE bug 725758SUSE bug 830803SUSE bug 881716SUSE bug 961886CVE-2014-8138CVE-2016-1867Security update for roundcubemail (Important)openSUSE 13.1
Update to 1.0.8
- Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
- Fix HTML sanitizer to skip &lt;!-- node type X --&gt; in output (#1490583)
- Fix charset encoding of message/rfc822 part bodies (#1490606)
- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
- Fix PDF support detection in Firefox &gt; 19 (#1490610)
- Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) [CVE-2015-8770] [bnc#962067]
- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
- Updated apache2 config (Important)SUSE bug 962067CVE-2015-8770Security update for libircclient (Moderate)openSUSE 13.1
This update fixes an issue with libircclient using an insecure openssl cipher suite.
- cipher suite fix from ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH to
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
bnc#857151 (Moderate)SUSE bug 857151Security update for Mozilla Thunderbird (Important)openSUSE 13.1
This update contains Mozilla Thunderbird 45.2. (boo#983549)
It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail.
The following vulnerabilities were fixed:
- CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49)
Contains the following security fixes from the 45.1 release: (boo#977333)
- CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39)
Contains the following security fixes from the 45.0 release: (boo#969894)
- CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16)
- CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)
- CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18)
- CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)
- CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)
- CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)
- CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)
- CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)
- CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)
The graphite font shaping library was disabled, addressing the following font vulnerabilities:
- MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
The following tracked packaging changes are included:
- fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)
- gcc6 fixes (boo#986162)
- running on 48bit va aarch64 (boo#984126) (Important)SUSE bug 969894SUSE bug 977333SUSE bug 977375SUSE bug 977376SUSE bug 983549SUSE bug 984126SUSE bug 984637SUSE bug 986162CVE-2016-1952CVE-2016-1953CVE-2016-1954CVE-2016-1955CVE-2016-1956CVE-2016-1957CVE-2016-1960CVE-2016-1961CVE-2016-1964CVE-2016-1974CVE-2016-1977CVE-2016-2790CVE-2016-2791CVE-2016-2792CVE-2016-2793CVE-2016-2794CVE-2016-2795CVE-2016-2796CVE-2016-2797CVE-2016-2798CVE-2016-2799CVE-2016-2800CVE-2016-2801CVE-2016-2802CVE-2016-2806CVE-2016-2807CVE-2016-2815CVE-2016-2818Security update for tiff (Moderate)openSUSE 13.1
This update to tiff 4.0.6 fixes the following issues:
- CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact (bsc#960341)
- bsc#942690: potential out-of-bound write in NeXTDecode() (#2508) (Moderate)SUSE bug 942690SUSE bug 960341CVE-2015-7554Security update for cgit (Moderate)openSUSE 13.1
This update to cgit 0.12 fixes the following issues:
- CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String
- CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter
- CVE-2016-1901: Integer Overflow resulting in Buffer Overflow
The bundled git version was updated to 2.7.0.
(Moderate)SUSE bug 948969SUSE bug 961916CVE-2016-1899CVE-2016-1900CVE-2016-1901Security update for flash-player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.632 to fix many security issues tracked under the upstream advisory APSB16-25, allowing remote attackers to execute arbitrary code when delivering specially crafted Flash content.
The following vulnerabilities were fixed:
- CVE-2016-4172: memory corruption vulnerability that could lead to code execution
- CVE-2016-4173: use-after-free vulnerability that could lead to code execution
- CVE-2016-4174: use-after-free vulnerability that could lead to code execution
- CVE-2016-4175: memory corruption vulnerability that could lead to code execution
- CVE-2016-4176: stack corruption vulnerability that could lead to code execution
- CVE-2016-4177: stack corruption vulnerability that could lead to code execution
- CVE-2016-4178: security bypass vulnerability that could lead to information disclosure
- CVE-2016-4179: memory corruption vulnerability that could lead to code execution
- CVE-2016-4180: memory corruption vulnerability that could lead to code execution
- CVE-2016-4181: memory corruption vulnerability that could lead to code execution
- CVE-2016-4182: memory corruption vulnerability that could lead to code execution
- CVE-2016-4183: memory corruption vulnerability that could lead to code execution
- CVE-2016-4184: memory corruption vulnerability that could lead to code execution
- CVE-2016-4185: memory corruption vulnerability that could lead to code execution
- CVE-2016-4186: memory corruption vulnerability that could lead to code execution
- CVE-2016-4187: memory corruption vulnerability that could lead to code execution
- CVE-2016-4188: memory corruption vulnerability that could lead to code execution
- CVE-2016-4189: memory corruption vulnerability that could lead to code execution
- CVE-2016-4190: memory corruption vulnerability that could lead to code execution
- CVE-2016-4217: memory corruption vulnerability that could lead to code execution
- CVE-2016-4218: memory corruption vulnerability that could lead to code execution
- CVE-2016-4219: memory corruption vulnerability that could lead to code execution
- CVE-2016-4220: memory corruption vulnerability that could lead to code execution
- CVE-2016-4221: memory corruption vulnerability that could lead to code execution
- CVE-2016-4222: use-after-free vulnerability that could lead to code execution
- CVE-2016-4223: type confusion vulnerability that could lead to code execution
- CVE-2016-4224: type confusion vulnerability that could lead to code execution
- CVE-2016-4225: type confusion vulnerability that could lead to code execution
- CVE-2016-4226: use-after-free vulnerability that could lead to code execution
- CVE-2016-4227: use-after-free vulnerability that could lead to code execution
- CVE-2016-4228: use-after-free vulnerability that could lead to code execution
- CVE-2016-4229: use-after-free vulnerability that could lead to code execution
- CVE-2016-4230: use-after-free vulnerability that could lead to code execution
- CVE-2016-4231: use-after-free vulnerability that could lead to code execution
- CVE-2016-4232: memory leak vulnerability
- CVE-2016-4233: memory corruption vulnerability that could lead to code execution
- CVE-2016-4234: memory corruption vulnerability that could lead to code execution
- CVE-2016-4235: memory corruption vulnerability that could lead to code execution
- CVE-2016-4236: memory corruption vulnerability that could lead to code execution
- CVE-2016-4237: memory corruption vulnerability that could lead to code execution
- CVE-2016-4238: memory corruption vulnerability that could lead to code execution
- CVE-2016-4239: memory corruption vulnerability that could lead to code execution
- CVE-2016-4240: memory corruption vulnerability that could lead to code execution
- CVE-2016-4241: memory corruption vulnerability that could lead to code execution
- CVE-2016-4242: memory corruption vulnerability that could lead to code execution
- CVE-2016-4243: memory corruption vulnerability that could lead to code execution
- CVE-2016-4244: memory corruption vulnerability that could lead to code execution
- CVE-2016-4245: memory corruption vulnerability that could lead to code execution
- CVE-2016-4246: memory corruption vulnerability that could lead to code execution
- CVE-2016-4247: race condition vulnerability that could lead to information disclosure
- CVE-2016-4248: use-after-free vulnerability that could lead to code execution
- CVE-2016-4249: heap buffer overflow vulnerability that could lead to code execution (Important)SUSE bug 988579CVE-2016-4172CVE-2016-4173CVE-2016-4174CVE-2016-4175CVE-2016-4176CVE-2016-4177CVE-2016-4178CVE-2016-4179CVE-2016-4180CVE-2016-4181CVE-2016-4182CVE-2016-4183CVE-2016-4184CVE-2016-4185CVE-2016-4186CVE-2016-4187CVE-2016-4188CVE-2016-4189CVE-2016-4190CVE-2016-4217CVE-2016-4218CVE-2016-4219CVE-2016-4220CVE-2016-4221CVE-2016-4222CVE-2016-4223CVE-2016-4224CVE-2016-4225CVE-2016-4226CVE-2016-4227CVE-2016-4228CVE-2016-4229CVE-2016-4230CVE-2016-4231CVE-2016-4232CVE-2016-4233CVE-2016-4234CVE-2016-4235CVE-2016-4236CVE-2016-4237CVE-2016-4238CVE-2016-4239CVE-2016-4240CVE-2016-4241CVE-2016-4242CVE-2016-4243CVE-2016-4244CVE-2016-4245CVE-2016-4246CVE-2016-4247CVE-2016-4248CVE-2016-4249Security update for p7zip (Moderate)openSUSE 13.1
fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability [boo#979823],[CVE-2016-2335] (Moderate)SUSE bug 979823CVE-2016-2335Security update for dropbear (Critical)openSUSE 13.1
This update for dropbear fixes four security issues (bnc#990363):
- A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including "%" symbols could be created on the target system. If a dbclient user can control usernames or host arguments, or untrusted input is processed, potentially arbitrary code could have been executed as the dbclient user.
- When importing malicious OpenSSH key files via dropbearconvert, arbitrary code could have been executed as the local dropbearconvert user
- If particular -m or -c arguments were provided, as used in scripts, dbclient could have executed arbitrary code
- dbclient or dropbear server could have exposed process memory to the running user if compiled with DEBUG_TRACE and running with -v
Dropbear was updated to the upstream 2016.74 release, including fixes for the following upstream issues:
- Port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses
- 100% CPU use while waiting for rekey to complete
- Fix crash when fallback initshells() is used
scp failing when the local user doesn't exist
The following upstream improvements are included:
- Support syslog in dbclient, option -o usesyslog=yes
- Kill a proxycommand when dbclient exits
- Option to exit when a TCP forward fails
- Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
(Critical)SUSE bug 990363Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901):
- CVE-2016-1706: Sandbox escape in PPAPI
- CVE-2016-1707: URL spoofing on iOS
- CVE-2016-1708: Use-after-free in Extensions
- CVE-2016-1709: Heap-buffer-overflow in sfntly
- CVE-2016-1710: Same-origin bypass in Blink
- CVE-2016-1711: Same-origin bypass in Blink
- CVE-2016-5127: Use-after-free in Blink
- CVE-2016-5128: Same-origin bypass in V8
- CVE-2016-5129: Memory corruption in V8
- CVE-2016-5130: URL spoofing
- CVE-2016-5131: Use-after-free in libxml
- CVE-2016-5132: Limited same-origin bypass in Service Workers
- CVE-2016-5133: Origin confusion in proxy authentication
- CVE-2016-5134: URL leakage via PAC script
- CVE-2016-5135: Content-Security-Policy bypass
- CVE-2016-5136: Use after free in extensions
- CVE-2016-5137: History sniffing with HSTS and CSP
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives
(Important)SUSE bug 989901CVE-2016-1705CVE-2016-1706CVE-2016-1707CVE-2016-1708CVE-2016-1709CVE-2016-1710CVE-2016-1711CVE-2016-5127CVE-2016-5128CVE-2016-5129CVE-2016-5130CVE-2016-5131CVE-2016-5132CVE-2016-5133CVE-2016-5134CVE-2016-5135CVE-2016-5136CVE-2016-5137Important security fixes for Typo3 (Important)openSUSE 13.1
Important security fixes for vulnerabilities in typo3 which can be used for Cross-Site Scripting or Denial of Service attacks or for authentication bypassing. (Important)CVE-2013-4701CVE-2013-7073CVE-2014-3941Security update for MozillaFirefox, mozilla-nss (Important)openSUSE 13.1
Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements.
The following major changes are included:
- Process separation (e10s) is enabled for some users
- Add-ons that have not been verified and signed by Mozilla will not load
- WebRTC enhancements
- The media parser has been redeveloped using the Rust programming language
- better Canvas performance with speedy Skia support
- Now requires NSS 3.24
The following security issues were fixed: (boo#991809)
- CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards
- CVE-2016-2830: Favicon network connection can persist when page is closed
- CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content
- CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
- CVE-2016-5251: Location bar spoofing via data URLs with malformed/invalid mediatypes
- CVE-2016-5252: Stack underflow during 2D graphics rendering
- CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library
- CVE-2016-5254: Use-after-free when using alt key and toplevel menus
- CVE-2016-5255: Crash in incremental garbage collection in JavaScript
- CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown
- CVE-2016-5259: Use-after-free in service workers with nested sync events
- CVE-2016-5260: Form input type change from password to text can store plain text password in session restore file
- CVE-2016-5261: Integer overflow in WebSockets during data buffering
- CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes
- CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
- CVE-2016-5263: Type confusion in display transformation
- CVE-2016-5264: Use-after-free when applying SVG effects
- CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file
- CVE-2016-5266: Information disclosure and local file manipulation through drag and drop
- CVE-2016-5268: Spoofing attack through text injection into internal error pages
- CVE-2016-5250: Information disclosure through Resource Timing API during page navigation
The following non-security changes are included:
- The AppData description and screenshots were updated.
- Fix Firefox crash on startup on i586 (boo#986541)
- The Selenium WebDriver may have caused Firefox to crash at startup
- fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)
- Fix running on 48bit va aarch64 (boo#984126)
- fix XUL dialog button order under KDE session (boo#984403)
Mozilla NSS was updated to 3.24 as a dependency.
Changes in mozilla-nss:
- NSS softoken updated with latest NIST guidance
- NSS softoken updated to allow NSS to run in FIPS Level 1 (no password)
- Various added and deprecated functions
- Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello.
- Protect against the Cachebleed attack.
- Disable support for DTLS compression.
- Improve support for TLS 1.3. This includes support for DTLS 1.3. (experimental)
(Important)SUSE bug 984126SUSE bug 984403SUSE bug 984637SUSE bug 986541SUSE bug 991809CVE-2016-0718CVE-2016-2830CVE-2016-2835CVE-2016-2836CVE-2016-2837CVE-2016-2838CVE-2016-2839CVE-2016-5250CVE-2016-5251CVE-2016-5252CVE-2016-5254CVE-2016-5255CVE-2016-5258CVE-2016-5259CVE-2016-5260CVE-2016-5261CVE-2016-5262CVE-2016-5263CVE-2016-5264CVE-2016-5265CVE-2016-5266CVE-2016-5268Security update for python-requests (Moderate)openSUSE 13.1
This update for python-requests fixes the following issue:
- CVE-2014-1830: Proxy-Authorization header leak
(bnc#897658)
(Moderate)SUSE bug 897658CVE-2014-1830Security update for OpenJDK7 (Important)openSUSE 13.1
Update to 2.6.7 - OpenJDK 7u111
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729) (Important)SUSE bug 988651SUSE bug 989722SUSE bug 989723SUSE bug 989725SUSE bug 989727SUSE bug 989728SUSE bug 989729SUSE bug 989730SUSE bug 989731SUSE bug 989732SUSE bug 989733SUSE bug 989734CVE-2016-3458CVE-2016-3485CVE-2016-3498CVE-2016-3500CVE-2016-3503CVE-2016-3508CVE-2016-3511CVE-2016-3550CVE-2016-3598CVE-2016-3606CVE-2016-3610Security update for MozillaThunderbird (Moderate)openSUSE 13.1
This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs.
In general, these flaws cannot be exploited through email in Thunderbird
because scripting is disabled when reading mail, but are potentially risks
in browser or browser-like contexts.
The following vulnerabilities were fixed: (boo#1015422)
- CVE-2016-9899: Use-after-free while manipulating DOM events and audio
elements
- CVE-2016-9895: CSP bypass using marquee tag
- CVE-2016-9897: Memory corruption in libGLES
- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- CVE-2016-9900: Restricted external resources can be loaded by SVG images
through data URLs
- CVE-2016-9904: Cross-origin information leak in shared atoms
- CVE-2016-9905: Crash in EnumerateSubDocuments
- CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
The following bugs were fixed:
- The system integration dialog was shown every time when starting
Thunderbird
(Moderate)SUSE bug 1015422SUSE bug 1293985SUSE bug 1301381SUSE bug 1312272SUSE bug 1314442SUSE bug 1317409SUSE bug 1317936SUSE bug 1319122CVE-2016-9893CVE-2016-9895CVE-2016-9897CVE-2016-9898CVE-2016-9899CVE-2016-9900CVE-2016-9904CVE-2016-9905update for rubygem-i18n, rubygem-i18n-0_6 (Moderate)openSUSE 13.1
This update fixes the following security issue with rubygem-i18n:
- fix bnc#854166: CVE-2013-4492: rubygem-i18n: missing translation
XSS. File CVE-2013-4492.patch.i18n.0.6.x contains the fix.
(Moderate)SUSE bug 854166CVE-2013-4492update for rubygem-activesupport-3_2 (Moderate)openSUSE 13.1
This update fixes the following security issues with rubygem-activesupport-3_2:
- fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS
vulnerability in the log subscriber component (bnc#846239)
File CVE-2013-4389.patch contains the fix.
(Moderate)SUSE bug 846239CVE-2013-4389update for rubygem-actionmailer-3_2 (Moderate)openSUSE 13.1
This update fixes the following security issue with rubygem-actionmailer-3_2:
- fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS
vulnerability in the log subscriber component (bnc#846239)
File CVE-2013-4389.patch contains the fix.
(Moderate)SUSE bug 846239CVE-2013-4389update for MozillaThunderbird (Moderate)openSUSE 13.1
- update to Thunderbird 24.2.0 (bnc#854370)
* requires NSS 3.15.3.1 or higher
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- update to Thunderbird 24.1.1
* requires NSPR 4.10.2 and NSS 3.15.3 for security reasons
* fix binary compatibility issues for patch level updates
(bmo#927073)
(Moderate)SUSE bug 854370CVE-2013-5609CVE-2013-5610CVE-2013-5613CVE-2013-5615CVE-2013-5616CVE-2013-5618CVE-2013-6629CVE-2013-6630CVE-2013-6671CVE-2013-6673security update for v8 (Moderate)openSUSE 13.1
- Update spec-file to fit the changes in V8 (addition of internal
ICU)
* Building against system ICU
* Regenerate Makefiles before using them
- Update to 3.22.24.8
- Security fixes (bcn#854473):
* CVE-2013-6638: Buffer overflow in v8
* CVE-2013-6639: Out of bounds write in v8
* CVE-2013-6640: Out of bounds read in v8
(Moderate)SUSE bug 854473CVE-2013-6638CVE-2013-6639CVE-2013-6640Fixes a local vulnerability (Important)openSUSE 13.1
Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit) (Important)SUSE bug 851116CVE-2013-3709update for apache2-mod_nss (Moderate)openSUSE 13.1
- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
If 'NSSVerifyClient none' is set in the server / vhost context
(i.e. when server is configured to not request or require client
certificate authentication on the initial connection), and client
certificate authentication is expected to be required for a
specific directory via 'NSSVerifyClient require' setting,
mod_nss fails to properly require certificate authentication.
Remote attacker can use this to access content of the restricted
directories. [bnc#853039]
- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
* simultaneaous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for apache configuration, Listen directive
* module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
or mod_nss.conf, respectively. This also leads to the removal of
nss.conf.in specific chunks in mod_nss-negotiate.patch and
mod_nss-tlsv1_1.patch .
- mod_nss_migrate.pl conversion script added; not patched from
source, but partially rewritten.
- README-SUSE.txt added with step-by-step instructions on how to
convert and manage certificates and keys, as well as a rationale
about why mod_nss was included in SLES.
- package ready for submission [bnc#847216]
- generic cleanup of the package:
- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support
came with this version - this is the objective behind this
version update of apache2-mod_nss. Tracker bug [bnc#847216]
- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid
ambiguously interpreted name of directory.
- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if
/etc/apache2/alias exists.
- set explicit filemodes 640 for %post generated *.db files in
/etc/apache2/mod_nss.d
(Moderate)SUSE bug 847216SUSE bug 853039CVE-2013-4566aaa_base: fixed root users default group and /etc/shadow permissions (Moderate)openSUSE 13.1
On systems installed via the Live Media that /etc/shadow file was readable
by the "users" group, which was not intended. (bnc#843230, CVE-2013-3713)
Reason for this was that the user "root" was put into the "users" group.
Also a commandline completion bug was fixed:
- Use only bash and readline defaults for fallback completion (bnc#851908)
(Moderate)SUSE bug 843230SUSE bug 851908CVE-2013-3713update for php5 (Moderate)openSUSE 13.1
- security update
* CVE-2013-6420.patch [bnc#854880]
* CVE-2013-6712.patch [bnc#853045]
* CVE-2013-4248.patch [bnc#837746]
(Moderate)SUSE bug 837746SUSE bug 853045SUSE bug 854880CVE-2013-4248CVE-2013-6420CVE-2013-6712xorg-x11-server: fixed an overflow in trapezoid handling (Moderate)openSUSE 13.1
The X server was updated to fix a possible X server crash using invalid trapezoids.
(bnc#853846 CVE-2013-6424)
(Moderate)SUSE bug 853846CVE-2013-6424testupdate for the 13.1 update stack (Low)openSUSE 13.1
This is a testupdate for the 13.1 update stack,
a trivial security update. (Low)testupdate for the 13.1 update stack (Low)openSUSE 13.1
This is a testupdate for the 13.1 update stack, a trivial security update (Low)update for dropbear (Moderate)openSUSE 13.1
dropbear was updated to version 2013.60 to fix following bugs:
* Fix "make install" so that it doesn't always install to /bin and /sbin
* Fix "make install MULTI=1", installing manpages failed
* Fix "make install" when scp is included since it has no manpage
* Make --disable-bundled-libtom work
- used as bug fix release for bnc#845306 - VUL-0: CVE-2013-4421 and CVE-2013-4434
- provided links for download sources
- employed gpg-offline - verify sources
- imported upstream version 2013.59
* Fix crash from -J command
Thanks to Llu??s Batlle i Rossell and Arnaud Mouiche for patches
* Avoid reading too much from /proc/net/rt_cache since that causes
system slowness.
* Improve EOF handling for half-closed connections
Thanks to Catalin Patulea
* Send a banner message to report PAM error messages intended for the user
Patch from Martin Donnelly
* Limit the size of decompressed payloads, avoids memory exhaustion denial
of service
Thanks to Logan Lamb for reporting and investigating it
* Avoid disclosing existence of valid users through inconsistent delays
Thanks to Logan Lamb for reporting
* Update config.guess and config.sub for newer architectures
* Avoid segfault in server for locked accounts
* "make install" now installs manpages
dropbearkey.8 has been renamed to dropbearkey.1
manpage added for dropbearconvert
* Get rid of one second delay when running non-interactive commands
(Moderate)SUSE bug 845306CVE-2013-4421CVE-2013-4434ibus: avoid showing the password ont he GNOME lock screen (Low)openSUSE 13.1
-
This is an additional fix patch for ibus to avoid the wrong
IBus.InputPurpose.PASSWORD advertisement, which leads to the
password text appearance on GNOME3 lockscreen (bnc#847718) (Low)SUSE bug 847718CVE-2013-4509update for python-django (Moderate)openSUSE 13.1
python-django was updated to version 1.5.5:
+ Readdressed denial-of-service via password hashers (CVE-2013-1443)
+ Properly rotate CSRF token on login
(Moderate)SUSE bug 840518CVE-2013-1443update for gnutls (Moderate)openSUSE 13.1
the following security issue was fixed:
- Fix bug[ bnc#848510], CVE-2013-4487( off-by-one security fix in libdane)
(Moderate)SUSE bug 848510CVE-2013-4487update for varnish (Moderate)openSUSE 13.1
This update fixes the following security issue with varnish:
- bnc#848451, CVE-2013-4484: fixed denial of service flaw in certain GET requests when using certain configurations in Varnish Cache handling
- bnc#839358: Deactivate libpcre JIT (Moderate)SUSE bug 839358SUSE bug 848451CVE-2013-4484openssh: security fix for remote code execution with AES-GCM (Important)openSUSE 13.1
openssh was updated to fix a memory corruption when AES-GCM is used
which could lead to remote code execution after successful authentication. (CVE-2013-4548)
(Important)SUSE bug 849536CVE-2013-4548update for mozilla-nss and mozilla-nspr (Moderate)openSUSE 13.1
the following security issues were fixed in mozilla-nss and mozilla nspr:
- mozilla-nss:
+ update to 3.15.3 (bnc#850148)
* CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438)
* NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677)
* fix CVE-2013-5605
- mozilla-nspr:
+ update to version 4.10.2
relevant changes:
* bmo#770534: possible pointer overflow in PL_ArenaAllocate()
* bmo#888546: ptio.c:PR_ImportUDPSocket doesn't work (Moderate)SUSE bug 770534SUSE bug 850148SUSE bug 888546CVE-2013-5605flash-player: security update to 11.2.202.327 (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.327: (bnc#850220)
* APSB13-26, CVE-2013-5329, CVE-2013-5330
(Important)SUSE bug 850220CVE-2013-5329CVE-2013-5330samba: security and bugfix update (Moderate)openSUSE 13.1
Samba received bug and security fixes:
- Unconditionally create the CUPS smb backend sym link pointing to smbspool;
(bnc#850656).
- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
- ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
(Moderate)SUSE bug 848101SUSE bug 848103SUSE bug 850656CVE-2013-4475CVE-2013-4476nginx: fixed restriction bypass problem (Moderate)openSUSE 13.1
The nginx webserver was fixed to avoid a restriction bypass when a space in not
correctly escaped. (CVE-2013-4547)
On openSUSE 12.2, nginx was updated to version 1.4.4 stable
* CVE-2013-4547 a character following an unescaped space
in a request line was handled incorrectly [bnc#851295]
* bugfix: segmentation fault might occur in the spdy module
* bugfix: segmentation fault might occur on start if
if the "try_files" directive was used with an empty
parameter.
(Moderate)SUSE bug 851295CVE-2013-4547ibus-pinyin: fixed typed password visibility (Low)openSUSE 13.1
This update fixes the following issue with ibus-pinyin:
- Fix visible password entry in GNOME lock screen (CVE-2013-4509, bnc#847718) (Low)SUSE bug 847718CVE-2013-4509update for ruby19 (Moderate)openSUSE 13.1
The following security issue was fixed in ruby19:
(Moderate)SUSE bug 851803CVE-2013-4164update for krb5 (Moderate)openSUSE 13.1
the following security issues were fixed in krb5:
- Fix a KDC null pointer dereference [CVE-2013-1417] that could
affect realms with an uncommon configuration. (bnc#850660)
bug-850660-CVE-2013-1417-KDC-null-deref-due-to-referrals.dif
- Fix a KDC null pointer dereference [CVE-2013-1418] that could
affect KDCs that serve multiple realms. (bnc#849240)
bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif
(Moderate)SUSE bug 849240SUSE bug 850660CVE-2013-1417CVE-2013-1418subversion: update to 1.8.5 (Moderate)openSUSE 13.1
This update fixes the following issues with subversion (CVE-2013-4505,CVE-2013-4558):
- bnc#850747: update to 1.8.5
* CVE-2013-4505: mod_dontdothat does not restrict requests from
serf clients.
* CVE-2013-4558: mod_dav_svn assertion triggered by
autoversioning commits.
+ Client-side bugfixes:
* fix externals that point at redirected locations
* diff: fix assertion with move inside a copy
+ Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party modules
* mod_dav_svn: canonicalize paths properly
* mod_authz_svn: fix crash of mod_authz_svn with invalid config
* hotcopy: fix hotcopy losing revprop files in packed repos
+ Other tool improvements and bugfixes:
* mod_dontdothat: Fix the uri parser
+ Developer-visible changes:
* fix compilation with '--enable-optimize' with clang
* add test to fail when built against broken ZLib
+ Bindings:
* ctypes-python: build with compiler selected via configure
- require python-sqlite when running regression tests for all targets, no longer pulled in implicitly
- print error logs on regression test failures
- fix regression tests for ppc/ppc64 architectures, found in openSUSE package build and fixed with upstream developers
- if running regression tests, also run them against bdb backend
- update keyring, use Subversion Project Management Committee keyring rather than all committers
(Moderate)SUSE bug 850667SUSE bug 850747CVE-2013-4505CVE-2013-4558update for ruby20 (Moderate)openSUSE 13.1
the following security issue was fixed in ruby20:
- fix CVE-2013-4164: heap overflow in float point parsing (bnc#851803)
The file CVE-2013-4164.patch contains the patch
(Moderate)SUSE bug 851803CVE-2013-4164chromium: update to 31.0.1650.57 (Important)openSUSE 13.1
Chromium was updated to 31.0.1650.57:
Stable channel update:
- Security Fixes:
* CVE-2013-6632: Multiple memory corruption issues.
- Update to Chromium 31.0.1650.48
Stable Channel update:
- Security fixes:
* CVE-2013-6621: Use after free related to speech input elements..
* CVE-2013-6622: Use after free related to media elements.
* CVE-2013-6623: Out of bounds read in SVG.
* CVE-2013-6624: Use after free related to “id” attribute strings.
* CVE-2013-6625: Use after free in DOM ranges.
* CVE-2013-6626: Address bar spoofing related to interstitial warnings.
* CVE-2013-6627: Out of bounds read in HTTP parsing.
* CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
* CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
* CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
* CVE-2013-6631: Use after free in libjingle.
- Added patch chromium-fix-chromedriver-build.diff to fix the
chromedriver build
- Enable ARM build for Chromium.
* Added patches chromium-arm-webrtc-fix.patch,
chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch
to resolve ARM specific build issues
- Update to Chromium 30.0.1599.114
Stable Channel update: fix build for 32bit systems
- Drop patch chromium-fix-chromedriver-build.diff. This is now
fixed upstream
- For openSUSE versions lower than 13.1, build against the in-tree
libicu
- Update to Chromium 30.0.1599.101
- Security Fixes:
+ CVE-2013-2925: Use after free in XHR
+ CVE-2013-2926: Use after free in editing
+ CVE-2013-2927: Use after free in forms.
+ CVE-2013-2928: Various fixes from internal audits,
fuzzing and other initiatives.
- Update to Chromium 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Security fixes:
+ CVE-2013-2906: Races in Web Audio
+ CVE-2013-2907: Out of bounds read in Window.prototype object
+ CVE-2013-2908: Address bar spoofing related to the
“204 No Content” status code
+ CVE-2013-2909: Use after free in inline-block rendering
+ CVE-2013-2910: Use-after-free in Web Audio
+ CVE-2013-2911: Use-after-free in XSLT
+ CVE-2013-2912: Use-after-free in PPAPI
+ CVE-2013-2913: Use-after-free in XML document parsing
+ CVE-2013-2914: Use after free in the Windows color chooser
dialog
+ CVE-2013-2915: Address bar spoofing via a malformed scheme
+ CVE-2013-2916: Address bar spoofing related to the “204 No
Content” status code
+ CVE-2013-2917: Out of bounds read in Web Audio
+ CVE-2013-2918: Use-after-free in DOM
+ CVE-2013-2919: Memory corruption in V8
+ CVE-2013-2920: Out of bounds read in URL parsing
+ CVE-2013-2921: Use-after-free in resource loader
+ CVE-2013-2922: Use-after-free in template element
+ CVE-2013-2923: Various fixes from internal audits, fuzzing and
other initiatives
+ CVE-2013-2924: Use-after-free in ICU. Upstream bug (Important)CVE-2013-2906CVE-2013-2907CVE-2013-2908CVE-2013-2909CVE-2013-2910CVE-2013-2911CVE-2013-2912CVE-2013-2913CVE-2013-2914CVE-2013-2915CVE-2013-2916CVE-2013-2917CVE-2013-2918CVE-2013-2919CVE-2013-2920CVE-2013-2921CVE-2013-2922CVE-2013-2923CVE-2013-2924CVE-2013-2925CVE-2013-2926CVE-2013-2927CVE-2013-2928CVE-2013-2931CVE-2013-6621CVE-2013-6622CVE-2013-6623CVE-2013-6624CVE-2013-6625CVE-2013-6626CVE-2013-6627CVE-2013-6628CVE-2013-6629CVE-2013-6630CVE-2013-6631CVE-2013-6632xtrabackup: update to 2.1.6 (Moderate)openSUSE 13.1
Percona XtraBackup was updated to 2.1.6 [bnc#852224]
- New Features:
* New innobackupex --force-non-empty-directories option
* now supports logs created with the new log block checksums
- New Features specific to MySQL 5.6:
option innodb_log_checksum_algorithm in Percona Server 5.6
- Bugs Fixed:
* innobackupex --copy-back fails on empty innodb_data_home_dir
* A fixed initialization vector (constant string) was used while
encrypting the data. This opened the encrypted stream/data to
plaintext attacks among others.
CVE-2013-6394
* innobackupex --version-check is now on by default.
* Since Version Check is enabled by default, new optin
--no-version-check option has been introduced to disable it.
* xtrabackup_slave_info didn't contain any GTID information, which
could cause master_auto_position not to work properly
* now supports absolute paths in innodb_data_file_path variable.
* wouldn't back up the empty directory created with mkdir
(i.e. test) outside of the server which could lead to
inconsistencies during the Percona XtraDB Cluster State Snapshot
Transfer.
* wasn't able to perform backups to the NFS mount in some NFS
configurations, because it was trying to preserve file ownership.
* unable to perform backup if innodb_log_arch_dir variable was
used in server configuration
* Race condition in start_query_killer child code could cause
parent MySQL connection to close.
- Bugs Fixed specific to MySQL 5.6:
* xtrabackup_56 was using CRC32 as the default checksum algorithm
This could cause error if the innodb_checksum_algorithm value
was changed to strict_innodb value after a restore.
* xtrabackup_56 binary didn't store the server’s
innodb_checksum_algorithm value to backup-my.cnf. This value is
needed because it affects the on-disk data format.
- update and tag percona-xtrabackup-2.1.x-nodoc.patch
(Moderate)SUSE bug 852224CVE-2013-6394update for curl (Moderate)openSUSE 13.1
This update fixes the following security issues with curl:
- fix CVE-2013-4545 (bnc#849596)
= acknowledge VERIFYHOST without VERIFYPEER
(Moderate)SUSE bug 849596CVE-2013-4545update for nodejs (Moderate)openSUSE 13.1
This update fixes the following security issue with nodejs:
- fix CVE-2013-4450: nodejs: HTTP Pipelining DoS (bnc#846808)
CVE-2013-4450-v0.10.x.patch: contains the fix
(Moderate)SUSE bug 846808CVE-2013-4450update for thttpd (Moderate)openSUSE 13.1
This update fixes the following security issue with thttpd:
- fix CVE-2013-0348 (bnc#853381)
* don't create a world readable logfile
(Moderate)SUSE bug 853381CVE-2013-0348update for mozilla-nss (Moderate)openSUSE 13.1
This update fixes the following security issue with mozilla-nss:
- update to 3.15.3.1 (bnc#854367)
* includes certstore update (1.95) (bmo#946351)
(explicitely distrust AC DG Tresor SSL)
- adapt specfile to ppc64le
(Moderate)SUSE bug 854367xen: security and bugfix update (Moderate)openSUSE 13.1
Xen was updated to 4.3.1 and also to fix various security issues and bugs:
- bnc#851749 - Xen service file does not call xend properly
xend.service
- Add missing requires to pciutils package for xend-tools
- bnc#851386 - xen: XSA-78: Insufficient TLB flushing in VT-d (iommu) code
- Make -devel package depend on libuuid-devel, since libxl.h
includes uuid.h
- bnc#849667 - CVE-2013-4553: xen: XSA-74: Lock order reversal between
page_alloc_lock and mm_rwlock
- bnc#849665 - CVE-2013-4551: xen: XSA-75: Host crash due to guest VMX instruction execution
- bnc#849668 - CVE-2013-4554: xen: XSA-76: Hypercalls exposed to privilege
rings 1 and 2 of HVM guests
- bnc#848657 - xen: CVE-2013-4494: XSA-73: Lock order
reversal between page allocation and grant table locks
- Update to Xen 4.3.1
- bnc#845520 - CVE-2013-4416: xen: ocaml xenstored
mishandles oversized message replies
(Moderate)SUSE bug 845520SUSE bug 848657SUSE bug 849665SUSE bug 849667SUSE bug 849668SUSE bug 851386SUSE bug 851749CVE-2013-4416CVE-2013-4494CVE-2013-4551CVE-2013-4553CVE-2013-4554ca-certificates-mozilla: add, remove or blacklist some certificates (Important)openSUSE 13.1
The Mozilla CA certificates package was updated to match the current Mozilla revision
1.95 of certdata.txt.
It blacklists some misused certificate authorities, adds some new and adjusts some others.
On openSUSE 13.1 a problem with names was also fixed.
* distrust: AC DG Tresor SSL (bnc#854367)
* new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
server auth, code signing, email signing
* new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
server auth, code signing, email signing
* new: China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt
server auth
* changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt
removed code signing and server auth abilities
* changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt
removed code signing and server auth abilities
* new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
server auth
* new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt
server auth
* removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
* new: PSCProcert:2.1.11.crt
server auth, code signing, email signing
* new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt
server auth, code signing, email signing
* new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt
server auth, code signing
* changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt
removed all abilities
* new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
server auth, code signing
* changed: TWCA_Root_Certification_Authority:2.1.1.crt
added code signing ability
(Important)SUSE bug 854163SUSE bug 854367update for rubygem-actionpack-3_2 (Moderate)openSUSE 13.1
- fix CVE-2013-4491: rubygem-actionpack: i18n missing translation
XSS (bnc#853625). File CVE-2013-4491.patch contains the patch
- fix CVE-2013-6414: rubygem-actionpack: Action View DoS
(bnc#853633). File CVE-2013-6414.patch contains the patch.
- fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS
(bnc#853632). File CVE-2013-6415.patch contains the patch.
- fix CVE-2013-6417: rubygem-actionpack: unsafe query generation
risk (incomplete fix for CVE-2013-0155) (bnc#853627). File
CVE-2013-6417.patch contains the patch.
(Moderate)SUSE bug 853625SUSE bug 853627SUSE bug 853632SUSE bug 853633CVE-2013-0155CVE-2013-4491CVE-2013-6414CVE-2013-6415CVE-2013-6417update for flash-player (Moderate)openSUSE 13.1 NonFree
This update fixes the following security issues with flash-player:
- Security update to 11.2.202.332: (bnc#854881)
* APSB13-28, CVE-2013-5331, CVE-2013-5332
* Prevents possible remote code execution!
(Moderate)SUSE bug 854881CVE-2013-5331CVE-2013-5332update for MozillaFirefox (Moderate)openSUSE 13.1
- update to Firefox 26.0 (bnc#854367, bnc#854370)
* rebased patches
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- removed gecko.js preference file as GStreamer is enabled by
default now
(Moderate)SUSE bug 854367SUSE bug 854370CVE-2013-5609CVE-2013-5610CVE-2013-5611CVE-2013-5612CVE-2013-5613CVE-2013-5614CVE-2013-5615CVE-2013-5616CVE-2013-5618CVE-2013-5619CVE-2013-6629CVE-2013-6630CVE-2013-6671CVE-2013-6672CVE-2013-6673update for samba (Moderate)openSUSE 13.1
- Update to 4.1.3.
+ DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408;
(bnc#844720).
+ pam_winbind login without require_membership_of restrictions;
CVE-2012-6150; (bnc#853347).
- Make use of the full gpg pub key file name including the key ID.
- Add transparent file compression support; (fate#316266).
+ Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers.
+ Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support.
+ Extend vfs_btrfs VFS module to utilize get/set compression hooks.
- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).
- Remove bogus libsmbclient0 package description and cleanup the libsmbclient
line from baselibs.conf; (bnc#853021).
- BuildRequire systemd on post-12.2 systems.
- Update to 4.1.2.
+ s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091).
+ dfs_server: Use dsdb_search_one to catch 0 results as well as
NO_SUCH_OBJECT errors; (bso#10052).
+ Missing talloc_free can leak stackframe in error path; (bso#10187).
+ Fix memset used with constant zero length parameter; (bso#10190).
+ s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName';
(bso#10193).
+ Make offline logon cache updating for cross child domain group membership;
(bso#10194).
+ nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
+ RW Deny for a specific user is not overriding RW Allow for a group;
(bso#10196).
+ vfs_glusterfs: Fix excessive debug output from vfs_gluster_open();
(bso#10224).
+ vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs;
(bso#10224).
+ VFS plugin was sending the actual size of the volume instead of the total
number of block units because of which windows was getting the wrong
volume capacity; (bso#10224).
+ libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232).
+ xattr: Fix listing EAs on *BSD for non-root users; (bso#10247).
+ Fix the build of vfs_glusterfs; (bso#10253).
+ s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries;
(bso#10264).
+ util: Remove 32bit macros breaking strict aliasing; (bso#10269).
- Let gpg verify execution condition not fail on non SUSE systems.
- Add systemd support for post-12.2 systems.
- Update to 4.1.1.
+ ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
+ Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). (Moderate)SUSE bug 844720SUSE bug 848101SUSE bug 848103SUSE bug 853021SUSE bug 853347CVE-2012-6150CVE-2013-4408CVE-2013-4475CVE-2013-4476update for quassel (Moderate)openSUSE 13.1
- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated
malicious user using a custom client, could access the backlog of all users
of a quassel core. This fixes CVE-2013-6404 (bnc#852847).
(Moderate)SUSE bug 852847CVE-2013-6404update for openttd (Moderate)openSUSE 13.1
This update fixes the following security issue with openttd:
- add patch 60.patch:
Aircraft crashing near the map's border due to a lack of airports
could trigger a crash [CVE-2013-6411] [FS#5820] (bnc#853041)
(Moderate)SUSE bug 853041CVE-2013-6411update for rubygem-actionpack-3_2 (Moderate)openSUSE 13.1
This update fixes the following security issues with rubygem-actionpack-3_2:
- fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS
vulnerability in the log subscriber component (bnc#846239)
File CVE-2013-4389.patch contains the fix.
- fix CVE-2013-4491: rubygem-actionpack: i18n missing translation
XSS (bnc#853625). File CVE-2013-4491.patch contains the patch
- fix CVE-2013-6414: rubygem-actionpack: Action View DoS
(bnc#853633). File CVE-2013-6414.patch contains the patch.
- fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS
(bnc#853632). File CVE-2013-6415.patch contains the patch.
- fix CVE-2013-6417: rubygem-actionpack: unsafe query generation
risk (incomplete fix for CVE-2013-0155) (bnc#853627). File
CVE-2013-6417.patch contains the patch.
(Moderate)SUSE bug 846239SUSE bug 853625SUSE bug 853627SUSE bug 853632SUSE bug 853633CVE-2013-4389CVE-2013-4491CVE-2013-6414CVE-2013-6415CVE-2013-6417poppler: fixed a denial of service problem (Moderate)openSUSE 13.1
poppler was updated to fix a security issue:
- Fix a DoS due to a format string error (bnc#859427 CVE-2013-7296)
(Moderate)SUSE bug 859427CVE-2013-7296flash-player: security update to 11.2.202.336 (Critical)openSUSE 13.1 NonFree
Flash Player received an out of band critical security update to fix
an integer underflow vulnerability that could be exploited to execute
arbitrary code on the affected system (CVE-2014-0497).
More information can be found on:
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
(Critical)SUSE bug 862288CVE-2014-0497update for bind (Moderate)openSUSE 13.1
- Update to version 9.9.4P2
* Fixes named crash when handling malformed NSEC3-signed zones
(CVE-2014-0591, bnc#858639)
* Obsoletes workaround-compile-problem.diff
- Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now
supported upstream (--enable-rrl).
(Moderate)SUSE bug 858639CVE-2014-0591QEMU accumulated security and maintenance updates (Low)openSUSE 13.1
Running QEMU in a configuration with more than 256 emulated SCSI devices attached could have caused a buffer overflow when the guest issues a REPORT LUNS command. Fix this as part of upgrading to the latest stable version on 13.1. Also fix unintentional building against gtk2 rather than gtk3 on 13.1, and fix serial retry logic on 12.3. (Low)SUSE bug 779727SUSE bug 840607SUSE bug 842006SUSE bug 849587CVE-2013-4344update for python-apache-libcloud (Moderate)openSUSE 13.1
- Updated to 0.13.3 (bnc#857209, CVE-2013-6480)
+ Security fix release, for destroying nodes on digitalOcean
'data_scrub' method is always invoked
- Require python-setuptools instead of distribute (upstreams merged)
- Updated to 0.13.2
- General:
- Don't sent Content-Length: 0 header with POST and PUT request if "raw"
mode is used. This fixes a regression which could cause broken behavior
in some storage driver when uploading a file from disk.
- Compute:
- Added Ubuntu Linux 12.04 image to ElasticHost driver image list.
(LIBCLOUD-364)
- Update ElasticHosts driver to store drive UUID in the node 'extra' field.
(LIBCLOUD-357)
- Storage:
- Store last_modified timestamp in the Object extra dictionary in the S3
driver. (LIBCLOUD-373)
- Load Balancer:
- Expose CloudStack driver directly through the Provider.CLOUDSTACK
constant.
- DNS:
- Modify Zerigo driver to include record TTL in the record 'extra' attribute
if a record has a TTL set.
- Modify values in the Record 'extra' dictionary attribute in the Zerigo DNS
driver to be set to None instead of an empty string ('') if a value for
the provided key is not set.
(Moderate)SUSE bug 857209CVE-2013-6480kernel: security update to 3.11.10 (Important)openSUSE 13.1
The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs:
- floppy: bail out in open() if drive is not responding to block0
read (bnc#773058).
- compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).
- HID: usbhid: fix sis quirk (bnc#859804).
- hwmon: (coretemp) Fix truncated name of alarm attributes
- HID: usbhid: quirk for Synaptics Quad HD touchscreen
(bnc#859804).
- HID: usbhid: quirk for Synaptics HD touchscreen (bnc#859804).
- HID: usbhid: merge the sis quirk (bnc#859804).
- HID: hid-multitouch: add support for SiS panels (bnc#859804).
- HID: usbhid: quirk for SiS Touchscreen (bnc#859804).
- HID: usbhid: quirk for Synaptics Large Touchccreen (bnc#859804).
- drivers: net: cpsw: fix dt probe for one port ethernet.
- drivers: net: cpsw: fix for cpsw crash when build as modules.
- dma: edma: Remove limits on number of slots.
- dma: edma: Leave linked to Null slot instead of DUMMY slot.
- dma: edma: Find missed events and issue them.
- dma: edma: Write out and handle MAX_NR_SG at a given time.
- dma: edma: Setup parameters to DMA MAX_NR_SG at a time.
- ARM: edma: Add function to manually trigger an EDMA channel.
- ARM: edma: Fix clearing of unused list for DT DMA resources.
- ACPI: Add Toshiba NB100 to Vista _OSI blacklist.
- ACPI: add missing win8 OSI comment to blacklist (bnc#856294).
- ACPI: update win8 OSI blacklist.
- ACPI: blacklist win8 OSI for buggy laptops.
- ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A
(bnc#856294).
- ACPI: Blacklist Win8 OSI for some HP laptop 2013 models
(bnc#856294).
- floppy: bail out in open() if drive is not responding to
block0 read (bnc#773058).
- ping: prevent NULL pointer dereference on write to msg_name
(bnc#854175 CVE-2013-6432).
- x86/dumpstack: Fix printk_address for direct addresses
(bnc#845621).
- Refresh patches.suse/stack-unwind.
- Refresh patches.xen/xen-x86_64-dump-user-pgt.
- KVM: x86: Convert vapic synchronization to _cached functions
(CVE-2013-6368) (bnc#853052 CVE-2013-6368).
- KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
(bnc#853053 CVE-2013-6376).
- Build the KOTD against openSUSE:13.1:Update
- xencons: generalize use of add_preferred_console() (bnc#733022,
bnc#852652).
- Update Xen patches to 3.11.10.
- Rename patches.xen/xen-pcpu-hotplug to patches.xen/xen-pcpu.
- KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
(bnc#853051 CVE-2013-6367).
- KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050
CVE-2013-4587).
- ipv6: fix headroom calculation in udp6_ufo_fragment (bnc#848042
CVE-2013-4563).
- net: rework recvmsg handler msg_name and msg_namelen logic
(bnc#854722).
- patches.drivers/gpio-ucb1400-add-module_alias.patch: Update upstream reference
- patches.drivers/gpio-ucb1400-can-be-built-as-a-module.patch: Update upstream reference
- Delete patches.suse/ida-remove-warning-dump-stack.patch.
Already included in kernel 3.11 (WARN calls dump_stack.)
- xhci: Limit the spurious wakeup fix only to HP machines
(bnc#852931).
- iscsi_target: race condition on shutdown (bnc#850072).
- Linux 3.11.10.
- Refresh patches.xen/xen3-patch-2.6.29.
- Delete
patches.suse/btrfs-relocate-csums-properly-with-prealloc-extents.patch.
- patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Haswell.patch:
(bnc#852931).
- Build mei and mei_me as modules (bnc#852656)
- Linux 3.11.9.
- Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021).
- Delete patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ.
- Delete
patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pfn_range-ca.patch.
- Add USB PHY support (needed to get USB and Ethernet working on beagle and panda boards) Add CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at least for beagle and panda boards) Add ARM SoC sound support Add SPI bus support Add user-space access to I2C and SPI
- patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-remapping-warning.patch:
Fix forward porting, sorry.
- iommu: Remove stack trace from broken irq remapping warning
(bnc#844513).
- gpio: ucb1400: Add MODULE_ALIAS.
- Allow NFSv4 username mapping to work properly (bnc#838024).
- nfs: check if gssd is running before attempting to use krb5i
auth in SETCLIENTID call.
- sunrpc: replace sunrpc_net->gssd_running flag with a more
reliable check.
- sunrpc: create a new dummy pipe for gssd to hold open.
- Set CONFIG_GPIO_TWL4030 as built-in (instead of module) as a requirement to boot on SD card on beagleboard xM
- armv6hl, armv7hl: Update config files.
Set CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration files
have.
- Update config files:
* CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options are all
enabled so why not this one.
* CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support all other
features of these pieces of hardware.
* CONFIG_INTEL_POWERCLAMP=m, because this small driver might be
useful in specific cases, and there's no obvious reason not to
include it.
- Fix a few incorrectly checked [io_]remap_pfn_range() calls
(bnc#849021, CVE-2013-4511).
- Linux 3.11.7.
(Important)SUSE bug 733022SUSE bug 773058SUSE bug 838024SUSE bug 844513SUSE bug 845621SUSE bug 846529SUSE bug 848042SUSE bug 849021SUSE bug 850072SUSE bug 852652SUSE bug 852656SUSE bug 852931SUSE bug 853050SUSE bug 853051SUSE bug 853052SUSE bug 853053SUSE bug 854175SUSE bug 854722SUSE bug 856294SUSE bug 859804SUSE bug 860993CVE-2013-4511CVE-2013-4563CVE-2013-4587CVE-2013-6367CVE-2013-6368CVE-2013-6376CVE-2013-6432CVE-2014-0038Mozilla Firefox 27 release (Important)openSUSE 13.1
Mozilla Firefox was updated to version 27.
Mozilla Seamonkey was updated to 2.24, fixing similar issues as Firefox 27.
Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27.
The Firefox 27 release brings TLS 1.2 support as a major security feature.
It also fixes following security issues:
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726)
UI selection timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427)
Information disclosure with *FromPoint on iframes
* MFSA 2014-06/CVE-2014-1484 (bmo#953993)
Profile path leaks to Android system log
* MFSA 2014-07/CVE-2014-1485 (bmo#910139)
XSLT stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers
* MFSA 2014-10/CVE-2014-1489 (bmo#959531)
Firefox default start page UI content invokable by script
* MFSA 2014-11/CVE-2014-1488 (bmo#950604)
Crash when using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
Mozilla NSS was updated to 3.15.4:
* required for Firefox 27
* regular CA root store update (1.96)
* Reordered the cipher suites offered in SSL/TLS client hello
messages to match modern best practices.
* Improved SSL/TLS false start. In addition to enabling the
SSL_ENABLE_FALSE_START option, an application must now register
a callback using the SSL_SetCanFalseStartCallback function.
* When false start is enabled, libssl will sometimes return
unencrypted, unauthenticated data from PR_Recv
(CVE-2013-1740, bmo#919877)
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
NSS ticket handling issues
New functionality
* Implemented OCSP querying using the HTTP GET method, which is
the new default, and will fall back to the HTTP POST method.
* Implemented OCSP server functionality for testing purposes
(httpserv utility).
* Support SHA-1 signatures with TLS 1.2 client authentication.
* Added the --empty-password command-line option to certutil,
to be used with -N: use an empty password when creating a new
database.
* Added the -w command-line option to pp: don't wrap long output
lines.
(Important)nagios: fixed a denial of service in CGI executables (Moderate)openSUSE 13.1
nagios was updated to fix a possible denial of service in CGI executables.
(Moderate)SUSE bug 856837CVE-2013-7108update for pidgin, pidgin-branding-openSUSE (Moderate)openSUSE 13.1
- Update to version 2.10.8 (bnc#861019):
+ General: Python build scripts and example plugins are now
compatible with Python 3 (pidgin.im#15624).
+ libpurple:
- Fix potential crash if libpurple gets an error attempting to
read a reply from a STUN server (CVE-2013-6484).
- Fix potential crash parsing a malformed HTTP response
(CVE-2013-6479).
- Fix buffer overflow when parsing a malformed HTTP response
with chunked Transfer-Encoding (CVE-2013-6485).
- Better handling of HTTP proxy responses with negative
Content-Lengths.
- Fix handling of SSL certificates without subjects when
using libnss.
- Fix handling of SSL certificates with timestamps in the
distant future when using libnss (pidgin.im#15586).
- Impose maximum download size for all HTTP fetches.
+ Pidgin:
- Fix crash displaying tooltip of long URLs (CVE-2013-6478).
- Better handling of URLs longer than 1000 letters.
- Fix handling of multibyte UTF-8 characters in smiley themes
(pidgin.im#15756).
+ AIM: Fix untrusted certificate error.
+ AIM and ICQ: Fix a possible crash when receiving a malformed
message in a Direct IM session.
+ Gadu-Gadu:
- Fix buffer overflow with remote code execution potential.
Only triggerable by a Gadu-Gadu server or a
man-in-the-middle (CVE-2013-6487).
- Disabled buddy list import/export from/to server.
- Disabled new account registration and password change
options.
+ IRC:
- Fix bug where a malicious server or man-in-the-middle
could trigger a crash by not sending enough arguments with
various messages (CVE-2014-0020).
- Fix bug where initial IRC status would not be set correctly.
- Fix bug where IRC wasn't available when libpurple was
compiled with Cyrus SASL support (pidgin.im#15517).
+ MSN:
- Fix NULL pointer dereference parsing headers in MSN
(CVE-2013-6482).
- Fix NULL pointer dereference parsing OIM data in MSN
(CVE-2013-6482).
- Fix NULL pointer dereference parsing SOAP data in MSN
(CVE-2013-6482).
- Fix possible crash when sending very long messages. Not
remotely-triggerable.
+ MXit:
- Fix buffer overflow with remote code execution potential
(CVE-2013-6487).
- Fix sporadic crashes that can happen after user is
disconnected.
- Fix crash when attempting to add a contact via search
results.
- Show error message if file transfer fails.
- Fix compiling with InstantBird.
- Fix display of some custom emoticons.
+ SILC: Correctly set whiteboard dimensions in whiteboard
sessions.
+ SIMPLE: Fix buffer overflow with remote code execution
potential (CVE-2013-6487).
+ XMPP:
- Prevent spoofing of iq replies by verifying that the
'from' address matches the 'to' address of the iq request
(CVE-2013-6483).
- Fix crash on some systems when receiving fake delay
timestamps with extreme values (CVE-2013-6477).
- Fix possible crash or other erratic behavior when selecting a
very small file for your own buddy icon.
- Fix crash if the user tries to initiate a voice/video session
with a resourceless JID.
- Fix login errors when the first two available auth mechanisms
fail but a subsequent mechanism would otherwise work when
using Cyrus SASL (pidgin.im#15524).
- Fix dropping incoming stanzas on BOSH connections when we
receive multiple HTTP responses at once (pidgin.im#15684).
+ Yahoo!:
- Fix possible crashes handling incoming strings that are not
UTF-8 (CVE-2012-6152).
- Fix a bug reading a peer to peer message where a remote user
could trigger a crash (CVE-2013-6481).
+ Plugins:
- Fix crash in contact availability plugin.
- Fix perl function Purple::Network::ip_atoi.
- Add Unity integration plugin.
+ Windows specific fixes: (CVE-2013-6486, pidgin.im#15520,
pidgin.im#15521, bgo#668154).
- Drop pidgin-irc-sasl.patch, fixed upstream.
- Obsolete pidgin-facebookchat: the package is no longer maintained
and pidgin as built-in support for Facebook Chat.
- Protect buildrequires for mono-devel with with_mono macro.
- Add pidgin-gstreamer1.patch: Port to GStreamer 1.0. Only enabled
on openSUSE 13.1 and newer.
- On openSUSE 13.1 and newer, use gstreamer-devel and
gstreamer-plugins-base-devel BuildRequires.
(Moderate)SUSE bug 861019CVE-2012-6152CVE-2013-6477CVE-2013-6478CVE-2013-6479CVE-2013-6481CVE-2013-6482CVE-2013-6483CVE-2013-6484CVE-2013-6485CVE-2013-6486CVE-2013-6487CVE-2014-0020chromium: security update to 32.0.1700.102 (Important)openSUSE 13.1
Chromium was updated to version 32.0.1700.102:
Stable channel update:
- Security Fixes:
* CVE-2013-6649: Use-after-free in SVG images
* CVE-2013-6650: Memory corruption in V8
* and 12 other fixes
- Other:
* Mouse Pointer disappears after exiting full-screen mode
* Drag and drop files into Chromium may not work properly
* Quicktime Plugin crashes in Chromium
* Chromium becomes unresponsive
* Trackpad users may not be able to scroll horizontally
* Scrolling does not work in combo box
* Chromium does not work with all CSS minifiers such as
whitespace around a media query's `and` keyword
- Update to Chromium 32.0.1700.77
Stable channel update:
- Security fixes:
* CVE-2013-6646: Use-after-free in web workers
* CVE-2013-6641: Use-after-free related to forms
* CVE-2013-6643: Unprompted sync with an attacker’s
Google account
* CVE-2013-6645: Use-after-free related to speech input
elements
* CVE-2013-6644: Various fixes from internal audits, fuzzing
and other initiatives
- Other:
* Tab indicators for sound, webcam and casting
* Automatically blocking malware files
* Lots of under the hood changes for stability and performance
- Remove patch chromium-fix-chromedriver-build.diff as that
chromedriver is fixed upstream
- Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le.
This is based on missing build requires (valgrind, v8, etc)
(Important)SUSE bug 861013CVE-2013-6641CVE-2013-6643CVE-2013-6644CVE-2013-6645CVE-2013-6646CVE-2013-6649CVE-2013-6650opera was updated to 12.16 (Moderate)openSUSE 13.1 NonFree
Opera was upgraded to 12.16 (Moderate)SUSE bug 832559update for xtrabackup (Moderate)openSUSE 13.1
This update fixes the following security and non-security issues with xtrabackup:
- update to 2.1.7 [bnc#860488]
- general changes:
* rebased on MySQL versions 5.5.35 and 5.6.15
* now uses libgcrypt randomization functions for setting the IV
[lp#1255300] [bnc#852224] CVE-2013-6394
- bugs fixed:
* After being rebased on MySQL 5.6.11 Percona XtraBackup has been
affected by the upstream bug #69780 (backward compatibility for
InnoDB recovery) [lp#1203669]
* Backup directory would need to be specified even for running the
innobackupex with --help and --version options. [lp#1223716]
- bugs fixed specific to MySQL 5.6:
* xtrabackpu did not roll back prepared XA transactions when
applying the log. [lp#1254227]
(Moderate)SUSE bug 852224SUSE bug 860488CVE-2013-6394update for curl (Moderate)openSUSE 13.1
This update fixes the following security issues with curl:
- bnc#858673: re-use of wrong HTTP NTLM connection (CVE-2014-0015)
- bnc#862144: fix test failure because of an expired cookie
(Moderate)SUSE bug 858673SUSE bug 862144CVE-2014-0015update for libyaml (Moderate)openSUSE 13.1
This update fixes the following security issue with libyaml:
- bnc#860617: Fixed heap based buffer overflow due to integer misuse (CVE-2013-6393)
(Moderate)SUSE bug 860617CVE-2013-6393update for mumble (Moderate)openSUSE 13.1
This update fixes two security issues with mumble:
- bnc#862527: updated to version 1.2.5 to address two Denial of Service
security issues (CVE-2014-0044, CVE-2014-0045).
(Moderate)SUSE bug 855478SUSE bug 862527CVE-2014-0044CVE-2014-0045update for icinga (Moderate)openSUSE 13.1
This update fixes the following security issue with icinga:
- bnc#859424: Fixed vulnerability against CSRF attacks (CVE-2013-7107).
(Moderate)SUSE bug 859424CVE-2013-7107update for libvirt (Moderate)openSUSE 13.1
This update fixes the following security and non security issues with libvirt:
- bnc#857492: Fix libvirtd crash when hot-plugging disks for qemu
domains (CVE-2013-6458)
- bnc#858817: Don't crash if a connection closes early (CVE-2014-1447)
- bnc#858824: avoid crashing libvirtd when calling `virsh numatune' on
inactive Xen libxl domain (CVE-2013-6457)
- bnc#859051: filter global events by domain:getattr ACL (CVE-2014-0028)
- bnc#817407: Add CAP_SYS_PACCT capability to libvirtd AppArmor profile
- bnc#859041: Following the upstream pattern, introduce the
daemon-config-network subpackage to handle defining the default network
- bnc#857271: Fix initialization of emulated NICs
- bnc#857271: Fix potential segfault in libxl driver when domain create
fails
(Moderate)SUSE bug 817407SUSE bug 857271SUSE bug 857492SUSE bug 858817SUSE bug 858824SUSE bug 859041SUSE bug 859051CVE-2013-6457CVE-2013-6458CVE-2014-0028CVE-2014-1447flash-player: update to 11.2.202.341 security release (Critical)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)
* APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
- Contents of flashplayer_11_sa.i386.tar.gz changed back:
spec file updated, supplementary script (update.sh) updated.
(Critical)SUSE bug 865021CVE-2014-0498CVE-2014-0499CVE-2014-0502rubygem-actionpack-3_2: fixed two security issues (Moderate)openSUSE 13.1
rubygem-actionpack-3_2 was updated to fix security issues:
- fix CVE-2014-0081: XSS Vulnerability in number_to_currency,
number_to_percentage and number_to_human (bnc#864433)
- fix CVE-2014-0082: Denial of Service Vulnerability in Action View
when using render :text (bnc#864431)
(Moderate)SUSE bug 864431SUSE bug 864433CVE-2014-0081CVE-2014-0082mupdf: fixed security problem (Moderate)openSUSE 13.1
mupdf received a security updated to fix a stack based array overflow in xps_parse_color() (bnc#863975, CVE-2014-2013)
(Moderate)SUSE bug 863975CVE-2014-2013subversion: 1.8.8 security and bugfix update (Moderate)openSUSE 13.1
Apache Subversion was updated to version 1.8.8:
It fix a remotely triggerable segfault in mod_dav_svn when svn is
handling the server root and SVNListParentPath is on
[bnc#862459] CVE-2014-0032
- Client-side bugfixes:
* fix automatic relocate for wcs not at repository root
* wc: improve performance when used with SQLite 3.8
* copy: fix some scenarios that broke the working copy
* move: fix errors when moving files between an external and the
parent working copy
* log: resolve performance regression in certain scenarios
* merge: decrease work to detect differences between 3 files
* commit: don't change file permissions inappropriately
* commit: fix assertion due to invalid pool lifetime
* version: don't cut off the distribution version on Linux
* flush stdout before exiting to avoid information being lost
* status: fix missing sentinel value on warning codes
* update/switch: improve some WC db queries that may return
incorrect results depending on how SQLite is built
- Server-side bugfixes:
* reduce memory usage during checkout and export
* fsfs: create rep-cache.db with proper permissions
* mod_dav_svn: prevent crashes with SVNListParentPath on
[bnc#862459] CVE-2014-0032
* mod_dav_svn: fix SVNAllowBulkUpdates directive merging
* mod_dav_svn: include requested property changes in reports
* svnserve: correct default cache size in help text
* svnadmin dump: reduce size of dump files with '--deltas'
* resolve integer underflow that resulted in infinite loops
- developer visible changes:
* fix ocassional failure of check_tests.py 12
* fix failure with SQLite 3.8.1-3.8.3 when built with
SQLITE_ENABLE_STAT3/4 due to bug in SQLite
* specify SQLite defaults that can be changed when SQLite is
built to avoid unexpected behavior with Subversion
* numerous documentation fixes
* svn_client_commit_item3_dup() fix pool lifetime issues
* ra_serf: properly ask multiple certificate validation providers
for acceptance of certificate failures
* release internal fs objects when closing commit editor
* svn_client_proplist4() don't call the callback multiple times
for the same path in order to deliver inherited properties
- Bindings:
* swig-pl: fix with --enable-sqlite-compatibility-version
* swig: fix building from tarball with an out-of-tree build
- removed patches:
* subversion-1.8.x-fix-ppc-tests.patch, committed upstream
- packaging changes:
* only require and build with junit when building with java and
running regression tests
- 1.8.6 and 1.8.7 were not released
(Moderate)SUSE bug 862459CVE-2014-0032python-logilab-common: fixed multiple temp file problems (Moderate)openSUSE 13.1
The Python logilab-common module was updated to fix several
temporary file problems, one in the PDF generator (CVE-2014-1838)
and one in the shellutils helper (CVE-2014-1839).
(Moderate)SUSE bug 861822CVE-2014-1838CVE-2014-1839icedtea-web: 1.4.2 bugfix update (Moderate)openSUSE 13.1
icedtea-web was updated to version 1.4.2 (bnc#864364),
fixing various bugs and a security issues:
* Dialogs center on screen before becoming visible
* Support for u45 new manifest attributes (Application-Name)
* Custom applet permission policies panel in itweb-settings control panel
* Plugin
- PR1271: icedtea-web does not handle 'javascript:'-protocol URLs
- RH976833: Multiple applets on one page cause deadlock
- Enabled javaconsole
* Security Updates
- CVE-2013-6493/RH1010958: insecure temporary file use flaw in LiveConnect implementation
* Except above also:
- Christmas splashscreen extension
- fixed classloading deadlocks
- cleaned code from warnings
- pipes moved to XDG runtime dir
* Patches changes:
* rebased icedtea-web-1.1-moonlight-symbol-clash.patch
* add icedtea-web-1.4.2-mkdir.patch
* add icedtea-web-1.4.2-softkiller-link.patch
* build with rhino support
* use fdupes
* run make run-netx-dist-tests in %check on openSUSE > 13.1
(Moderate)SUSE bug 864364CVE-2013-6493vlc: version update to 2.1.3 (Moderate)openSUSE 13.1
VLC was updated to version 2.1.3 (bnc#864422):
+ Core:
- Fix broken behaviour with SOCKSv5 proxies
- Fix integer overflow on error when using vlc_readdir
+ Access:
- Fix DVB-T2 tuning on Linux.
- Fix encrypted DVD playback.
- Fix v4l2 frequency conversion.
+ Decoders:
- Fix numerous issues (M2TS, VC1 interlaced, Lagarith, FFv1.3,
Xvid) by updating codec libraries.
- Bring fluidsynth back on Mac OS X
- Fix some Opus crashes with some filters
- Fix teletext crash on Windows
+ Demuxers:
- Avoid an infinite recursion in MKV tags parsing
- Fix an issue with some Vobsub tracks
- Fix missing samples at the end of some wav files
- Fix divide by 0 on ASF/WMV parsing
+ Audio output:
- Fix audio device selection via command line on Mac OS X
- Fix audio crashes on Mac OS X
+ Video Output:
- Fix selection of DirectDraw as the default output for XP
- Fix transform off-by-one issue
- Fix screensaver disabling on Windows outputs
- Fix DirectDraw device enumeration and multi-display output
- Fix a potential crash when playing a fullscreen game at the same time as VLC
+ Stream output:
- Fix 24bits audio MTU alignment in RTP
- Fix record file names
+ Qt interface:
- Fix minimal size possible on start
- Fix a crash with the simple volume widget
- Fix a crash in the audio menu building
- Fix multimedia keys issues on Windows
- Fix opening of DVD and BD folders on Windows
+ HTTP interface: Fix album art display on Windows.
+ Updated translations.
- Add update-desktop-files BuildRequires and
%desktop_database_post/postun calls to respective scriptlets: Fix
https://bugs.links2linux.org/browse/PM-108.
- Update to version 2.1.2:
+ Audio output:
- Fix digital playback on OS X when more than one audio device
is installed.
- Fix digital playback (SPDIF/HDMI) on Windows.
- Fix stuttering or silent playback when using sound enhancers
or external audio devices on OS X.
- Improve responsiveness on OS X when playback starts or is
being paused.
- Improve responsiveness, silent playback intervals and
reliability on iOS.
+ Demuxers:
- Fix Vimeo and DailyMotion parsing.
- Various WMV playback improvements and fixes.
+ Decoders:
- Fix LPCM 20/24-bit decoding and 16 bits with channel padding.
- Fix playback of some HEVC samples.
+ Video filters: Fix crash on deinterlace selection.
+ Qt interface:
- Fix some streaming profiles when copy existed.
- Improve A-B loop control.
- Fix album art update when changing media.
+ Mac OS X interface adjustments.
+ Win32 installer: Kill running VLC process on uninstall/update.
+ Updated translations.
- More features (by adding BuildRequires):
+ IDN Support (International Domain Names): libidn-devel
+ SFTP Access: libssh2-devel
+ HotKey Support: xcb-util-keysyms-devel
+ Complete SDL Stack: SDL_image-devel
+ ProjectM suppor (for openSUSE >= 12.3)
- Update to version 2.1.1:
+ Core:
- Fix random and reshuffling behaviour.
- Fix recording.
- Fix some subtitles track selection.
+ Decoders:
- VP9 support in WebM.
- HEVC/H.265 support in MKV, MP4 and raw files.
- Fix GPU decoding under Windows (DxVA2) crashes.
+ Demuxers:
- Fix crashes on wav, mlp and mkv and modplug files.
- Support Speex in ogg files.
- Fix some .mov playlists support.
- Support Alac in mkv.
- Fix WMV3 and palette in AVI.
- Fix FLAC packetizer issues in some files.
+ Access:
- Fix DVB options parsing.
- Fix DeckLink HDMI input.
- Fix HTTPS connectivity on OS X by loading root certificates
from Keychain.
+ Audio output:
- Fixes for DirectSound pass-through.
- Fixes for OSS output, notably on BSD.
+ Interfaces:
- Fix HTTP interface infinite loop.
- Fix D-Bus volume setting.
+ Qt:
- Reinstore right click subtitle menu to open a subtitle.
- Fix saving the hotkeys in preferences.
- Fix saving the audio volume on Win32, using DirectSound.
- Fix play after drag'n drop.
- Fix streaming options edition and scale parameter.
+ Stream out:
- Fix transcoding audio drift issues.
- Fix numerous audio encoding issues.
+ Win32 installer:
- Important rewrite to fix numerous bugs, notably about
updates.
- Simplification of the upgrade mechanism.
+ Mac OS X interface:
- Reintroduce the language selector known from pre-2.1
releases.
- Fix fullscreen behaviour and various crashes.
- Fix about dialog crash in Japanese.
- Fix crashes on proxy lookups.
- Fixes on the playlist and information behaviours.
- Fixes on the streaming dialogs.
- Improves interface resizings.
+ Updated translations.
- Pass --with-default-font=[path] and
--with-default-monospace-font=[path] to configure.
- Drop fix_font_path.patch: replaced with configure parameters
above.
- Recommend 'vlc' by vlc-qt: some users might go installing the UI
package directly. Having Qt most likely also means the user has X,
so we at least recommend the vlc package relying on X.
- Force creation of plugins cache in vlc-nox %post, instead of just
touching the file, for details see
https://trac.videolan.org/vlc/ticket/9807#comment:2
- Update License: A lot has been relicensed to LGPL-2.1.
(Moderate)SUSE bug 864422CVE-2013-3565gnutls: fixed SSL certificate validation problems (Critical)openSUSE 13.1
The gnutls library was updated to fixed x509 certificate validation problems, where
man-in-the-middle attackers could hijack SSL connections.
This update also reenables Elliptic Curve support to meet current day cryptographic
requirements.
(Critical)SUSE bug 865804CVE-2014-0092chromium: update to 33.0.1750.117 security and bugfix release (Moderate)openSUSE 13.1
Chromium was updated to 33.0.1750.117 Stable channel update:
- Security Fixes:
* CVE-2013-6653: Use-after-free related to web contents
* CVE-2013-6654: Bad cast in SVG
* CVE-2013-6655: Use-after-free in layout
* CVE-2013-6656: Information leak in XSS auditor
* CVE-2013-6657: Information leak in XSS auditor
* CVE-2013-6658: Use-after-free in layout
* CVE-2013-6659: Issue with certificates validation in TLS
handshake
* CVE-2013-6660: Information leak in drag and drop
* CVE-2013-6661: Various fixes from internal audits, fuzzing
and other initiatives. Of these, seven are
fixes for issues that could have allowed for
sandbox escapes from compromised renderers.
- Other:
- Google Chrome Frame has been retired
(Moderate)CVE-2013-6653CVE-2013-6654CVE-2013-6655CVE-2013-6656CVE-2013-6657CVE-2013-6658CVE-2013-6659CVE-2013-6660CVE-2013-6661percona-toolkit,xtrabackup: disable remote version check (Important)openSUSE 13.1
percona-toolkit and xtrabackup were updated:
- disable automatic version check for all tools [bnc#864194]
Prevents transmission of version information to an external host
in the default configuration. CVE-2014-2029
Can be used by owner of a Percona Server (or an attacker who can
control this destination for the client) to collect arbitrary
MySQL configuration parameters and execute commands (with -v).
Now the version check needs to be requested via command line or
global/tool specific/user configuration. (--version-check)
- added /etc/percona-toolkit/percona-toolkit.conf configuration
directory and template configuration file
(Important)SUSE bug 864194CVE-2014-2029rubygems: fix applying rubygem patches correctly to the tree (Moderate)openSUSE 13.1
This update fixes the following issue with some rubygems:
- bnc#864873: fix rubygem patches are not applied to the gem but only to the tree. Packages embedding rubygems via their
.gem files were not receiving security updates.
(Moderate)SUSE bug 864873freeradius-server: fixed denial of service problem (Moderate)openSUSE 13.1
FreeRadius received a security fix:
A denial of service in rlm_pap hash processing was fixed (CVE-2014-2015 bnc#864576)
(Moderate)SUSE bug 864576CVE-2014-2015postgresql92: update to 9.2.7 security release (Moderate)openSUSE 13.1
The PostgreSQL database was updated to the security and bugfix release
9.2.7, which following fixes:
* Shore up GRANT ... WITH ADMIN OPTION restrictions
(CVE-2014-0060, bnc#864845)
* Prevent privilege escalation via manual calls to PL validator
functions (CVE-2014-0061, bnc#864846)
* Avoid multiple name lookups during table and index DDL
(CVE-2014-0062, bnc#864847)
* Prevent buffer overrun with long datetime strings
(CVE-2014-0063, bnc#864850)
* Prevent buffer overrun due to integer overflow in size
calculations (CVE-2014-0064, bnc#864851)
* Prevent overruns of fixed-size buffers (CVE-2014-0065,
bnc#864852)
* Avoid crashing if crypt() returns NULL (CVE-2014-0066,
bnc#864853)
* Document risks of make check in the regression testing
instructions (CVE-2014-0067)
* For the other (many!) bug fixes, see the release notes:
http://www.postgresql.org/docs/9.3/static/release-9-2-7.html
(Moderate)SUSE bug 864845SUSE bug 864846SUSE bug 864847SUSE bug 864850SUSE bug 864851SUSE bug 864852SUSE bug 864853CVE-2014-0060CVE-2014-0061CVE-2014-0062CVE-2014-0063CVE-2014-0064CVE-2014-0065CVE-2014-0066CVE-2014-0067phpMyAdmin: update to 4.1.8 (Moderate)openSUSE 13.1
phpMyAdmin was updated to 4.1.8 to fix bugs, security issues and
also bring new features.
Fixed security issue:
* PMASA-2014-1 ( CVE-2014-1879, CWE-661 CWE-79)
- update to 4.1.8 (2014-02-22)
* sf#4276 Login loop on session expiry
* sf#4249 Incorrect number of result rows for SQL with subqueries
* sf#4275 Broken Link to php extension manual
* sf#4053 List of procedures is not displayed after executing with Enter
* sf#4081 Setup page content shifted to the right edge of its tabs
* sf#4284 Reordering a column erases comments for other columns
* sf#4286 Open "Browse" in a new tab
* sf#4287 Printview - Always one column too much
* sf#4288 Expand database (+ icon) after timeout doesn't do anything
* sf#4285 Fixed CSS for setup
* Fixed altering table to DOUBLE/FLOAT field
* sf#4292 Success message and failure message being shown together
* sf#4293 opening new tab (using selflink) for import.php based actions
results in error and logout
(Moderate)SUSE bug 864917CVE-2014-1879fail2ban: security and bugfix upgrade to version 0.8.12 (Moderate)openSUSE 13.1
The fail2ban tool was updated to version 0.8.12 to fix various security issues
and also brings bugfixes and features.
Security issues fixed:
A remote unauthenticated attacker may cause arbitrary IP addresses to
be blocked by Fail2ban causing legitimate users to be blocked from accessing
services protected by Fail2ban. CVE-2013-7177 (cyrus-imap) and CVE-2013-7176
(postfix)
- Use new flushlogs syntax after logrotate
- Update to version 0.8.12
* Log rotation can now occur with the command "flushlogs" rather than
reloading fail2ban or keeping the logtarget settings consistent in
jail.conf/local and /etc/logrotate.d/fail2ban. (dep#697333, rh#891798).
* Added ignorecommand option for allowing dynamic determination as to ignore
and IP or not.
* Remove indentation of name and loglevel while logging to SYSLOG to resolve
syslog(-ng) parsing problems. (dep#730202). Log lines now also
report "[PID]" after the name portion too.
* Epoch dates can now be enclosed within []
* New actions: badips, firewallcmd-ipset, ufw, blocklist_de
* New filters: solid-pop3d, nsd, openwebmail, horde, freeswitch, squid,
ejabberd, openwebmail, groupoffice
* Filter improvements:
- apache-noscript now includes php cgi scripts
- exim-spam filter to match spamassassin log entry for option SAdevnull.
- Added to sshd filter expression for
"Received disconnect from : 3: Auth fail"
- Improved ACL-handling for Asterisk
- Added improper command pipelining to postfix filter.
* General fixes:
- Added lots of jail.conf entries for missing filters that creaped in
over the last year.
- synchat changed to use push method which verifies whether all data was
send. This ensures that all data is sent before closing the connection.
- Fixed python 2.4 compatibility (as sub-second in date patterns weren't
2.4 compatible)
- Complain/email actions fixed to only include relevant IPs to reporting
* Filter fixes:
- Added HTTP referrer bit of the apache access log to the apache filters.
- Apache 2.4 perfork regexes fixed
- Kernel syslog expression can have leading spaces
- allow for ",milliseconds" in the custom date format of proftpd.log
- recidive jail to block all protocols
- smtps not a IANA standard so may be missing from /etc/services. Due to
(still) common use 465 has been used as the explicit port number
- Filter dovecot reordered session and TLS items in regex with wider scope
for session characters
* Ugly Fixes (Potentially incompatible changes):
- Unfortunately at the end of last release when the action
firewall-cmd-direct-new was added it was too long and had a broken action
check. The action was renamed to firewallcmd-new to fit within jail name
name length. (gh#fail2ban/fail2ban#395).
- Last release added mysqld-syslog-iptables as a jail configuration. This
jailname was too long and it has been renamed to mysqld-syslog.
- Fixed formating of github references in changelog
- reformatted spec-file
- Update to version 0.8.11
- In light of CVE-2013-2178 that triggered our last release we have put a
significant effort into tightening all of the regexs of our filters to avoid
another similar vulnerability. We haven't examined all of these for a potential
DoS scenario however it is possible that another DoS vulnerability exists that
is fixed by this release. A large number of filters have been updated to
include more failure regexs supporting previously unbanned failures and support
newer application versions too. We have test cases for most of these now
however if you have other examples that demonstrate that a filter is
insufficient we welcome your feedback. During the tightening of the regexs to
avoid DoS vulnerabilities there is the possibility that we have inadvertently,
despite our best intentions, incorrectly allowed a failure to continue.
Addresses a possible DoS. Closes gh#fail2ban/fail2ban#248, bnc#824710
within [Init]. Closes gh#fail2ban/fail2ban#232
* Updates to asterisk filter. Closes gh#fail2ban/fail2ban#227,
gh#fail2ban/fail2ban#230.
* Updates to asterisk to include AUTH_UNKNOWN_DOMAIN. Closes
gh#fail2ban/fail2ban#244.
on Fedora. Closes gh#fail2ban/fail2ban#112. Thanks to Camusensei for the
bug report.
insight. Closes gh#fail2ban/fail2ban#103.
* [f2156604] pyinotify -- monitor IN_MOVED_TO events. Closes
gh#fail2ban/fail2ban#184. Thanks to Jon Foster for report and
troubleshooting. Orion Poplawski
* [39667ff6] Avoid leaking file descriptors. Closes gh#fail2ban/fail2ban#167.
Closes gh#fail2ban/fail2ban#147, gh#fail2ban/fail2ban#148.
* [b6a68f51] Fix delaction on server side. Closes gh#fail2ban/fail2ban#124.
the fail2ban-client. Closes gh#fail2ban/fail2ban#134.
gh#fail2ban/fail2ban#70. Thanks to iGeorgeX for the idea.
* [96eb8986] ' and " should also be escaped in action tags Closes
gh#fail2ban/fail2ban#109
beilber for the idea. Closes gh#fail2ban/fail2ban#114.
fail2ban is running. Closes gh#fail2ban/fail2ban#166.
* [29d0df5] Add mysqld filter. Closes gh#fail2ban/fail2ban#152.
* [bba3fd8] Add Sogo filter. Closes gh#fail2ban/fail2ban#117.
* [be06b1b] Add action for iptables-ipsets. Closes gh#fail2ban/fail2ban#102.
* [f336d9f] Add filter for webmin. Closes gh#fail2ban/fail2ban#99.
consistently. Closes gh#fail2ban/fail2ban#172.
* [b36835f] Add get cinfo to fail2ban-client. Closes gh#fail2ban/fail2ban#124.
Closes gh#fail2ban/fail2ban#142.
Closes gh#fail2ban/fail2ban#126. Bug report by Michael Heuberger.
* [3aeb1a9] Add jail.conf manual page. Closes gh#fail2ban/fail2ban#143.
banning due to misconfigured DNS. Close gh#fail2ban/fail2ban#64
* [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes.
Close gh#fail2ban/fail2ban#83
in the console. Close gh#fail2ban/fail2ban#91
the log file to take 'banip' or 'unbanip' in effect.
Close gh#fail2ban/fail2ban#81, gh#fail2ban/fail2ban#86
* [f52ba99] downgraded "already banned" from WARN to INFO level.
Closes gh#fail2ban/fail2ban#79
for this gh#fail2ban/fail2ban#87)
message stays non-unicode. Close gh#fail2ban/fail2ban#32
friend to developers stuck with Windows (Closes gh#fail2ban/fail2ban#66)
repeated offenders. Close gh#fail2ban/fail2ban#19
Close gh#fail2ban/fail2ban#47 (Closes: #669063)
(Moderate)SUSE bug 824710SUSE bug 861503SUSE bug 861504CVE-2013-2178CVE-2013-7176CVE-2013-7177update for seamonkey (Moderate)openSUSE 13.1
This update fixes the following security issues with SeaMonkey:
- update to SeaMonkey 2.23 (bnc#854370))
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- rebased patches:
* mozilla-nongnome-proxies.patch
* mozilla-shared-nss-db.patch
(Moderate)SUSE bug 854370CVE-2013-5609CVE-2013-5610CVE-2013-5611CVE-2013-5612CVE-2013-5613CVE-2013-5614CVE-2013-5615CVE-2013-5616CVE-2013-5618CVE-2013-5619CVE-2013-6629CVE-2013-6630CVE-2013-6671CVE-2013-6672CVE-2013-6673libpng16: fixed endless loop in png reader (Moderate)openSUSE 13.1
libpng16 was updated to fix a endless loop denial of service
in the png reader code. (CVE-2014-0333 [bnc#866298])
(Moderate)SUSE bug 866298CVE-2014-0333otrs: security and bugfix update to 3.1.20/3.2.15 (Moderate)openSUSE 13.1
The OTRS ticket system was updated to 3.1.20 / 3.2.15:
On openSUSE 12.3 it was updated to 3.1.20:
(fix for OSA-2014-03, CVE-2014-1695)
* Improved HTML filter.
- 3.1.19 2014-01-28
* Fixed bug#10158 - Missing quoting in State::StateGetStatesByType().
* Fixed bug#10099 - Missing challenge token checks on customer interface.
* Fixed bug#8489 - setting Tickets per page resets AgentTicketQueue.
* Fixed bug#9661 - Useless code in DynamicField backend.
* Fixed bug#9622 - Actions in Small ticket overview don't work when cookies
are turned off.
* Fixed bug#9541 - Package manager cannot use https proxy.
* Fixed bug#9594 - No auto-reply sent with multiple From addresses in
AgentTicketPhone on PostgreSQL and Oracle.
* Fixed bug#3434 - Validity of search time frame not checked by OTRS.
* Fixed bug#9596 - On merge and bounce screens is confusing when fill or not
'To', 'Subject' and 'Body' fields.
* Fixed bug#9595 - Incomplete page reload handling in merge and bounce.
* Fixed bug#3007 - CheckMXRecord and CheckEmailAddresses have no effect on
AgentTicketBounce.
* Fixed bug#9512 - Database error for invalid date in AgentTicketSearch.
* Fixed bug#8835 - No article found for TicketID <TICKET ID> when showing
group tickets
* Fixed bug#9583 - Dynamic Fields of type Date have timestamp in notifications.
* Fixed bug#9579 - SOAP Serializer used in Kernel/GenericInterface/Transport/
HTTP/SOAP.pm does not correctly set namespace.
* Fixed bug#7359 - Setting pending states via generic agent does not set
pending time.
* Fixed bug#8380 - Middle name not displayed in AdminCustomerUser.
* Fixed bug#9576 - GI TicketSearch Date and Date/Time dynamic fields are
ignored.
* Changed Dynamic Field SearchFieldParameterBuild() API, LayoutObject is now
optional.
* Fixed bug#9573 - Date and DateTime dynamic fields not considered in
GenericAgent Jobs.
On openSUSE 13.1 it was updated to 3.2.15:
(fix for OSA-2014-03, CVE-2014-1695)
* Improved HTML filter.
* Fixed bug#10207 - DynamicField Search-Function in CustomerFrontend is not
working.
* Followup for bug#9011 - New value after value mapping can't be 0.
* Fixed bug#10214 - Value "0" for DynamicsFields prevents TicketCreation.
* Fixed bug#9616 - Too long activities and transitions are not displayed
correctly.
* Fixed bug#10212 - My tickets & Company tickets in 3.3.4.
* Fixed bug#10205 - GenericInterface: Mandatory TimeUnits can't be 0.
* Fixed bug#10196 - Ticket merge action does not notify the owner of the
existing ticket.
* Fixed bug#9692 - On PhoneOutbound articles, the FROM field shows Customer
ID instead Agent ID.
* Fixed bug#10189 - ProcessManagement: Use article subject if no ticket title
is set.
* Fixed bug#9654 - TicketUpdate operation doesn't work when authenticated as
a customer.
* Fixed bug#10137 - Generic interface TicketCreate operation doesn't work
when authenticated as a customer.
- 3.2.14
* Fixed bug#10172 - Can't create process tickets with disabled richtext.
* Fixed bug#10121 - QQMails break in OTRS.
* Fixed bug#10158 - Missing quoting in State::StateGetStatesByType().
* Fixed bug#8969 - FAQ module Language files installation fails
(Kernel/Language permissions).
* Fixed bug#9959 - & breaks ExpandCustomerName.
* Fixed bug#10099 - Missing challenge token checks on customer interface.
* Fixed bug#10103 - ArticleTypeID is always undef in AgentTicketCompose.
* Added functionality to disable access to tickets of other customers with
the same customer company in customer interface.
* Fixed bug#9650 - Special character in customer id breaks Open Tickets in
AgentTicketZoom.
* Fixed bug#9723 - TicketAccountedTime stat does not run on Oracle with many
tickets
* Fixed bug#10077 - regular expressions in postmaster filter return 1 if no
regex match.
* Fixed bug#10070 - Wrong error message if Transition contains no transition
actions.
(Moderate)SUSE bug 866476CVE-2014-1695ImageMagick: fixed buffer overflow in PSD image handling (Moderate)openSUSE 13.1
ImageMagick was updated to fix a buffer overflow in handling
of PSD images.
(Moderate)SUSE bug 863838CVE-2014-1958CVE-2014-2030xtrabackup: security update to 2.1.8 (Moderate)openSUSE 13.1
xtrabackup was updated to 2.1.8:
Disabled the "binary version check" functionality in the
VersionCheck module due to security concerns. The automatic
version check remains disabled in the openSUSE package.
[bnc#864194] CVE-2014-2029
More bugs fixed:
* do not discard read-ahead buffers through incorrect usage of
posic_fadvise() hints, which resulted in higher I/O rate on
the backup stage
* Spurious trailing data blocks that would normally be ignored
by InnoDB could lead to an assertion failure on the backup stage
* A spurious warning message could cause issues with third-party
wrapper scripts
* xbcrypt could fail with the xbcrypt:xb_crypt_read_chunk: unable
to read chunk iv size at offset error under some circumstances
* xbstream could sometimes hang when extracting a broken or
incomplete input stream
(Moderate)SUSE bug 864194CVE-2014-2029libssh: reseed randomness on forking server instances (Moderate)openSUSE 13.1
libssh was updated to fix a random generator reseeding issue
when forking multiple servers. Forking multiple servers might
under some circumstances get them the same random seed state.
(Moderate)SUSE bug 866278CVE-2014-0017file: security fixes (Moderate)openSUSE 13.1
file was updated to fix two security issues.
- A possible endless recursion. (CVE-2014-1943)
- A crash in PE file handling (CVE-2014-2270)
(Moderate)SUSE bug 864589SUSE bug 866750CVE-2014-1943CVE-2014-2270roundcubemail: update to 0.9.5 (Moderate)openSUSE 13.1
roundcubemail was updated to 0.9.5 to fix bugs and security issues.
Fixed security issues:
* CVE-2013-6172: vulnerability in handling _session argument of utils/save-prefs
New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)
* Fix failing vCard import when email address field contains spaces
* Fix default spell-check configuration after Google suspended their spell service
* Fix vulnerability in handling _session argument of utils/save-prefs
* Fix iframe onload for upload errors handling
* Fix address matching in Return-Path header on identity selection
* Fix text wrapping issue with long unwrappable lines
* Fixed mispelling: occured -> occurred
* Fixed issues where HTML comments inside style tag would hang Internet Explorer
* Fix setting domain in virtualmin password driver
* Hide Delivery Status Notification option when smtp_server is unset
* Display full attachment name using title attribute when name is too long to display
* Fix attachment icon issue when rare font/language is used
* Fix expanded thread root message styling after refreshing messages list
* Fix issue where From address was removed from Cc and Bcc fields when editing a draft
* Fix error_reporting directive check
* Fix de_DE localization of "About" label in Help plugin
(Moderate)SUSE bug 847179CVE-2013-6172flash-player: security update to 11.2.202.346 (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to version 11.2.202.346 to fix security issues:
CVE-2014-0503: A vulnerability that could be used to bypass the same origin policy was fixed.
CVE-2014-0504: A vulnerability that could be used to read the contents
of the clipboard was fixed.
More information can be found on:
http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
(Important)SUSE bug 867808CVE-2013-0504CVE-2014-0503python: update to 2.7.6 (Moderate)openSUSE 13.1
Python was updated to 2.7.6 to fix bugs and security issues:
* bugfix-only release
* SSL-related fixes
* upstream fix for CVE-2013-4238
* upstream fixes for CVE-2013-1752
- added patches for CVE-2013-1752 (bnc#856836) issues that are
missing in 2.7.6:
python-2.7.6-imaplib.patch
python-2.7.6-poplib.patch
smtplib_maxline-2.7.patch
- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client:
xmlrpc_gzip_27.patch
- python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command
(bnc#857470, issue18045)
- multilib patch: add "~/.local/lib64" paths to search path
(bnc#637176)
- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow
in socket.recvfrom_into (CVE-2014-1912, bnc#863741)
- Add Obsoletes/Provides for python-ctypes.
- reintroduce audioop.so as the problems with it seem to be fixed
(bnc#831442)
(Moderate)SUSE bug 637176SUSE bug 831442SUSE bug 856835SUSE bug 856836SUSE bug 857470SUSE bug 863741CVE-2013-1752CVE-2013-1753CVE-2013-4238CVE-2014-1912wireshark: security update to 1.8.13/1.10.6 (Moderate)openSUSE 13.1
Wireshark was updated to version 1.8.13 on openSUSE 12.3
and 1.10.6 on openSUSE 13.1 to fix security issues and bugs.
Wireshark update to 1.8.13 [bnc#867485]
+ vulnerabilities fixed:
* The NFS dissector could crash
wnpa-sec-2014-01 CVE-2014-2281
* The RLC dissector could crash
wnpa-sec-2014-03 CVE-2014-2283
* The MPEG file parser could overflow a buffer
wnpa-sec-2014-04 CVE-2014-2299
+ Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.html
Wireshark update to 1.10.6 [bnc#867485]
+ vulnerabilities fixed:
* The NFS dissector could crash
wnpa-sec-2014-01 CVE-2014-2281
* The M3UA dissector could crash
wnpa-sec-2014-02 CVE-2014-2282
* The RLC dissector could crash
wnpa-sec-2014-03 CVE-2014-2283
* The MPEG file parser could overflow a buffer
wnpa-sec-2014-04 CVE-2014-2299
+ Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.6.html
(Moderate)SUSE bug 867485CVE-2014-2281CVE-2014-2282CVE-2014-2283CVE-2014-2299libyaml: fixed regression in previous security update (Moderate)openSUSE 13.1
libyaml was updated to fix a regression introduced by the previous
security patch for CVE-2013-6393.
(Moderate)SUSE bug 860617CVE-2013-6393udisks: fixed a buffer overflow (Moderate)openSUSE 13.1
udisks was updated to fix a buffer overflow in mount path parsing.
If users have the possibility to create very long mount points, such as with
FUSE, they could cause udisksd to crash, or even to run arbitrary
code as root with specially crafted mount paths.
(bnc#865854, CVE-2014-0004)
(Moderate)SUSE bug 865854CVE-2014-0004udisks2: fixed buffer overflow in mountpoint parsing (Moderate)openSUSE 13.1
udisks2 was updated to fix a buffer overflow in mount path parsing. If users have
the possibility to create very long mount points, such as with
FUSE, they could cause udisksd to crash, or even to run arbitrary
code as root with specially crafted mount paths.
(bnc#865854, CVE-2014-0004)
(Moderate)SUSE bug 865854CVE-2014-0004libjansson: fixed denial of service problem in hash table (Moderate)openSUSE 13.1
libjansson was updated to fix a hash table collission CPU usage denial of service issue,
when an attacker can supply his own JSON file.
(Moderate)SUSE bug 863301CVE-2013-6401net-snmp: security fixes for remote denial of service problems (Moderate)openSUSE 13.1
net-snmp was updated to fix potential remote denial of service problems:
- fixed a potential remote denial of service problem within the Linux
ICMP-MIB implementation (CVE-2014-2284)(bnc#866942)
- fixed a potential remote denial of service problem inside the snmptrapd
Perl trap handler (CVE-2014-2285)(bnc#866942)
(Moderate)SUSE bug 866942CVE-2014-2284CVE-2014-2285samba: security and bugfix update to 4.1.6 (Moderate)openSUSE 13.1
Samba was updated to 4.1.6, fixing bugs and security issues:
- Password lockout not enforced for SAMR password changes, this allowed brute forcing of passwords; CVE-2013-4496; (bnc#849224).
- smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; (bnc#855866).
Also the following bugs were fixed:
- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).
- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484);
(bnc#865095).
- Propagate snapshot enumeration permissions errors to SMB clients;
(bnc#865641).
- Properly handle empty 'requires_membership_of' entries in
/etc/security/pam_winbind.conf; (bnc#865771).
- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).
- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).
- Use libarchive to provide improved smbclient tarmode functionality;
(bso#9667); (bnc#861135).
- Depend on %version-%release with all manual Provides and Requires;
(bnc#844307).
- Update to 4.1.5.
+ Fix 100% CPU utilization in winbindd when trying to free memory in
winbindd_reinit_after_fork; (bso#10358); (bnc#786677).
+ smbd: Fix memory overwrites; (bso#10415).
+ s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done();
(bso#2191).
+ ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind;
(bso#10087).
+ s3: smbpasswd: Fix crashes on invalid input; (bso#10320).
+ s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous
directories are open; (bso#10406).
+ Add support for Heimdal's unified krb5 and hdb plugin system, cope with
first element in hdb_method having a different name in different heimdal
versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
+ vfs_btrfs: Fix incorrect zero length server-side copy request handling;
(bso#10424).
+ s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429).
+ smbd: Fix an ancient oplock bug; (bso#10436).
+ Fix crash bug in smb2_notify code; (bso#10442).
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079).
+ Improve vfs_snapper documentation.
- Fix Winbind 100% CPU utilization caused by domain list corruption;
(bso#10358); (bnc#786677).
- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415);
(bnc#862370).
- Streamline the vendor suffix handling and add support for SLE 12.
- Fix zero length server-side copy request handling; (bso#10424);
(bnc#862558).
- Set the PID directory to /run/samba on post-12.2 systems.
- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.
- Make winbindd print the interface version when it gets an INTERFACE_VERSION
request; (bnc#726937).
- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH
definitions; (bnc#860832).
- Check for NULL gensec_security in gensec_security_by_auth_type();
(bnc#860809).
- Ensure ndr table initialization; (bnc#860648).
- Add File Server Remote VSS Protocol (FSRVP) server for SMB share
shadow-copies; (fate#313346).
- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662).
- shadow_copy2: module "Previous Version" not working in Windows 7;
(bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
(bso#10384)
- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
(bso#10358); (bnc#786677).
- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).
- Add /var/cache/samba to the client file list; (bnc#846586).
- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).
- Correct sysconfig variable names by adding the missing D char; (bnc#857454).
- Update to 4.1.4.
+ Fix segfault in smbd; (bso#10284).
+ Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).
- Call stop_on_removal from preun and restart_on_update and insserv_cleanup
from postun on pre-12.3 systems only; (bnc#857454).
- BuildRequire gamin-devel instead of unmaintained fam-devel package on
post-12.1 systems.
- smbd: allow updates on directory write times on open handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).
- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).
- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems;
(bnc#856759).
- Fix broken rc{nmb,smb,winbind} sym links which should point to the service
binary on post-12.2 systems; (bnc#856759).
- Add Snapper VFS module for snapshot manipulation; (fate#313347).
+ dbus-1-devel required at build time.
- Add File Server Remote VSS Protocol (FSRVP) client for SMB share
shadow-copies; (fate#313345).
- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part
of the minimum build environment.
- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
the add, delete, modify and set operations now support automatic
propagation of inheritable ACE(s); (FATE#316474).
(Moderate)SUSE bug 437293SUSE bug 726937SUSE bug 786677SUSE bug 844307SUSE bug 846586SUSE bug 849224SUSE bug 855866SUSE bug 856759SUSE bug 857454SUSE bug 860648SUSE bug 860809SUSE bug 860832SUSE bug 861135SUSE bug 862370SUSE bug 862558SUSE bug 863079SUSE bug 863748SUSE bug 865095SUSE bug 865397SUSE bug 865561SUSE bug 865641SUSE bug 865771SUSE bug 867665CVE-2013-4496CVE-2013-6442icinga: fixed potential buffer overflows (Moderate)openSUSE 13.1
The monitoring system icinga received security fixes in the cgi helpers where buffers could be
overflowed by 1 byte. Note that this will be caught by the FORTIFY_SOURCE static overflow detection.
(Moderate)SUSE bug 868426CVE-2014-2386mutt: fixed remote triggerable crash in header view (Moderate)openSUSE 13.1
The mailreader mutt was updated to fix a crash in header view that
could be triggered by malformed e-mails and potentially be used to
execute code.
(Moderate)SUSE bug 868115CVE-2014-0467perl-HTTP-Body: update to 1.19 release with security fixes (Important)openSUSE 13.1
perl-HTTP-Body was updated to 1.19 and also received
a security fix for a potential remote code injection when upload files.
(Important)SUSE bug 844951CVE-2013-4407file: fixed off-by-one errors (Moderate)openSUSE 13.1
The file magic scanning tool/library was updated to fix a off-by-one error in the
last security fixes.
(Moderate)SUSE bug 866750CVE-2014-2270MozillaFirefox: Update to version 28.0 (Important)openSUSE 13.1
Mozilla Firefox was updated to version 28.0, receiving enhancements, bug and security fixes.
Mozilla NSPR was updated to 4.10.4 receiving enhancements, bug and security fixes.
Mozilla NSS was updated to 3.15.5 receiving enhancements, bug and security fixes.
Changes in MozillaFirefox:
- update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
- new build dependency (and recommends):
* libpulse
* JS math correctness issue (bmo#941381)
Changes in mozilla-nspr:
- update to version 4.10.4
* bmo#767759: Add support for new x32 abi
* bmo#844784: Thread data race in PR_EnterMonitor
* bmo#939786: data race nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root
* bmo#958796: Users of _beginthreadex that set a custom stack size
may not be getting the behavior they want
* bmo#963033: AArch64 support update for NSPR
* bmo#969061: Incorrect end-of-list test when iterating over a
PRCList in prcountr.c and prtrace.c
* bmo#971152: IPv6 detection on linux depends on availability of
/proc/net/if_inet6
- update to version 4.10.3
* bmo#749849: ensure we'll free the thread-specific data key.
* bmo#941461: don't compile android with unaligned memory access.
* bmo#932398: Add PR_SyncMemMap, a portable version of
msync/FlushViewOfFile.
* bmo#952621: Fix a thread-unsafe access to lock->owner in PR_Lock.
* bmo#957458: Fix several bugs in the lock rank checking code.
* bmo#936320: Use an alternative test for IPv6 support on Linux to
avoid opening a socket.
Changes in mozilla-nss:
- update to 3.15.5
* required for Firefox 28
* export FREEBL_LOWHASH to get the correct default headers
(bnc#865539)
New functionality
* Added support for the TLS application layer protocol negotiation
(ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
should be used for application layer protocol negotiation.
* Added the TLS padding extension. The extension type value is 35655,
which may change when an official extension type value is assigned
by IANA. NSS automatically adds the padding extension to ClientHello
when necessary.
* Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
the tail of a CERTCertList.
Notable Changes
* bmo#950129: Improve the OCSP fetching policy when verifying OCSP
responses
* bmo#949060: Validate the iov input argument (an array of PRIOVec
structures) of ssl_WriteV (called via PR_Writev). Applications should
still take care when converting struct iov to PRIOVec because the
iov_len members of the two structures have different types
(size_t vs. int). size_t is unsigned and may be larger than int.
(Important)SUSE bug 865539SUSE bug 868603CVE-2014-1493CVE-2014-1494CVE-2014-1497CVE-2014-1498CVE-2014-1499CVE-2014-1500CVE-2014-1502CVE-2014-1504CVE-2014-1505CVE-2014-1508CVE-2014-1509CVE-2014-1510CVE-2014-1511CVE-2014-1512CVE-2014-1513CVE-2014-1514lighttpd: security update to 1.4.35 (Important)openSUSE 13.1
lighttpd was updated to version 1.4.35, fixing bugs and security issues:
CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in
lighttpd allowed remote attackers to execute arbitrary SQL commands via
the host name, related to request_check_hostname.
CVE-2014-2323: Multiple directory traversal vulnerabilities in (1)
mod_evhost and (2) mod_simple_vhost in lighttpd allowed remote attackers
to read arbitrary files via a .. (dot dot) in the host name, related
to request_check_hostname.
More information can be found on the lighttpd advisory page:
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
Other changes:
* [network/ssl] fix build error if TLSEXT is disabled
* [mod_fastcgi] fix use after free (only triggered if fastcgi
debug is active)
* [mod_rrdtool] fix invalid read (string not null terminated)
* [mod_dirlisting] fix memory leak if pcre fails
* [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends
* [mod_magnet] fix memory leak
* add comments for switch fall throughs
* remove logical dead code
* [buffer] fix length check in buffer_is_equal_right_len
* fix resource leaks in error cases on config parsing and other
initializations
* add force_assert() to enforce assertions as simple assert()s
are disabled by -DNDEBUG (fixes #2546)
* [mod_cml_lua] fix null pointer dereference
* force assertion: setting FD_CLOEXEC must work (if available)
* [network] check return value of lseek()
* fix unchecked return values from
stream_open/stat_cache_get_entry
* [mod_webdav] fix logic error in handling file creation error
* check length of unix domain socket filenames
* fix SQL injection / host name validation (thx Jann Horn)
for all the changes see /usr/share/doc/packages/lighttpd/NEWS
(Important)SUSE bug 867350CVE-2014-2323CVE-2014-2324nginx: update to 1.4.7 (Moderate)openSUSE 13.1
nginx was updated to 1.4.7 to fix bugs and security issues.
Fixed security issues:
* CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation
New upstream release 1.4.7 (bnc#869076) (CVE-2014-0133)
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundaci?n Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Ristić.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: memory leak in nginx/Windows. (Moderate)SUSE bug 869076CVE-2014-0133openssl: fix for ECDSA side channel attack (Moderate)openSUSE 13.1
openssl was updated to fix a timing attack, where it was theoretically possible to recover ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
(Moderate)SUSE bug 869945CVE-2014-0076update for openssl (Moderate)openSUSE 13.1
This update of openssl fixes several security issues.
- Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss
Add file: CVE-2013-6450.patch
- Fixed bnc#856687, openssl: crash when using TLS 1.2
Add file: CVE-2013-6449.patch
(Moderate)SUSE bug 856687SUSE bug 857203CVE-2013-6449CVE-2013-6450xen: update to 4.3.2 c/s 27404 security and bugfix release (Moderate)openSUSE 13.1
Xen was updated to fix security issues and bugs.
Update to bug fix release Xen 4.3.2 c/s 27404
- CVE-2013-6885: xen: XSA-82: A guest triggerable
AMD CPU erratum may cause host hangs.
- CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be inadvertently
suppressed, potentially leaking information to other guests.
- CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with
HVM guests with PCI passthrough
- pygrub: Support (/dev/xvda) style disk specifications
(Moderate)SUSE bug 831120SUSE bug 853048SUSE bug 853049CVE-2013-2212CVE-2013-4553CVE-2013-4554CVE-2013-6400CVE-2013-6885update for openssl (Important)openSUSE 13.1
This openssl update fixes one security issue:
- bnc#872299: Fixed missing bounds checks for heartbeat messages
(CVE-2014-0160).
(Important)SUSE bug 872299CVE-2014-0160python3: security and bugfix update to 3.3.5 (Moderate)openSUSE 13.1
Python was updated to 3.3.5 fixing bugs and security issues:
* bugfix-only release, closes several security bugs
* CVE-2013-1752 (bnc#856836) - DoS flaws with unbounded reads
from network
* disable SSLv2 by default
* DoS on maliciously crafted zip files (CVE-2013-7338, bnc#869222)
* CGIHttpRequestHandler directory traversal
* gzip decompression bomb in xmlrpc client (CVE-2013-1753, bnc#856835)
xmlrpc_gzip_33.patch
* potential buffer overflow in recvfrom_into (CVE-2014-1912, bnc#863741)
* hundreds of non-security-related bugfixes
(Moderate)SUSE bug 856835SUSE bug 856836SUSE bug 863741SUSE bug 869222CVE-2013-1752CVE-2013-1753CVE-2013-4238CVE-2013-7338CVE-2014-1912a2ps: fixed commandinjection in fixps (Moderate)openSUSE 13.1
a2ps was updated to fix a security issue:
fixps called ghostscript without -dSAFER, enabling postscript files processed
by fixps to execute code on the system. (CVE-2014-0466)
(Moderate)SUSE bug 871097CVE-2014-0466chromium: security update to 33.0.1750.152 stable release (Important)openSUSE 13.1
Chromium was updated to the 33.0.1750.152 stable channel uodate:
- Security fixes:
* CVE-2014-1713: Use-after-free in Blink bindings
* CVE-2014-1714: Windows clipboard vulnerability
* CVE-2014-1705: Memory corruption in V8
* CVE-2014-1715: Directory traversal issue
Previous stable channel update 33.0.1750.149:
- Security fixes:
* CVE-2014-1700: Use-after-free in speech
* CVE-2014-1701: UXSS in events
* CVE-2014-1702: Use-after-free in web database
* CVE-2014-1703: Potential sandbox escape due to a
use-after-free in web sockets
* CVE-2014-1704: Multiple vulnerabilities in V8 fixed in
version 3.23.17.18
(Important)SUSE bug 866959CVE-2014-1700CVE-2014-1701CVE-2014-1702CVE-2014-1703CVE-2014-1704CVE-2014-1705CVE-2014-1713CVE-2014-1714CVE-2014-1715libyaml: fixed heap overflow (Moderate)openSUSE 13.1
libyaml was updated to fix a heap overflow during parsing.
(Moderate)SUSE bug 868944CVE-2014-2525nagios: fixed a buffer overflow (Moderate)openSUSE 13.1
Nagios was updated to fix a stack-based buffer overflow in the cmd_submitf function
in the CGI handler. (CVE-2014-1878)
(Moderate)SUSE bug 864843CVE-2014-1878xinetd: security update for tcpmux service (Moderate)openSUSE 13.1
xinetd was updated to receive security fixes and a bug fix.
Security issues fixed:
* CVE-2013-4342 (bnc#844230)
- xinetd ignored user and group directives for tcpmux services
* CVE-2012-0862 (bnc#762294)
- xinetd enabled all services when tcp multiplexing is used
Also added support for setting maximum number of open files (bnc#855685).
(Moderate)SUSE bug 762294SUSE bug 844230SUSE bug 855685CVE-2012-0862CVE-2013-4342update for rubygem-rack-ssl (Moderate)openSUSE 13.1
This rubygem-rack-ssl updated fixes the following security issue:
- bnc#869162: Fixed XSS in error page (CVE-2014-2538).
(Moderate)SUSE bug 869162CVE-2014-2538update for jakarta-commons-fileupload (Moderate)openSUSE 13.1
This jakarta-commons-fileupload update fixes the follwoing security issue:
- bnc#862781: Fixed buffer overflow and resulting DoS (CVE-2014-0050).
(Moderate)SUSE bug 862781CVE-2014-0050update for couchdb (Moderate)openSUSE 13.1
This couchdb update fixes one security issue:
- bnc#871111: Fixed remote denial of service via /_uuids that allowed
remote attackers to cause CPU and memory consumption.
(Moderate)SUSE bug 871111CVE-2014-2668update for flash-player (Moderate)openSUSE 13.1 NonFree
This flash-player update fixes several security issues:
- bnc#872692: Security update to 11.2.202.350:
* APSB14-09, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508,
CVE-2014-0509
(Moderate)SUSE bug 872692CVE-2014-0506CVE-2014-0507CVE-2014-0508CVE-2014-0509CVE-2014-0128: squid can crash when SSLBump is used in combination with range requests. (Low)openSUSE 13.1
The SSLBump feature acts as TLS/SSL termination for clients. If this feature is enabled, squid can crash with range requests, leading to a potential Denial of Service condition. (Low)SUSE bug 867533CVE-2014-0128update for json-c (Moderate)openSUSE 13.1
This json-c update fixes the following two security issue:
- bnc#870147: Fixed buffer overflow if size_t is larger than int
(CVE-2013-6370).
- bnc#870147: Fixed possible hash collision DoS (CVE-2013-6371).
(Moderate)SUSE bug 870147CVE-2013-6370CVE-2013-6371update for openssl (Moderate)openSUSE 13.1
This is an openssl version update to 1.0.1g.
- The main reason for this upgrade was to be clear about the TLS
heartbeat problem know as "Heartbleed" (CVE-2014-0160). That
problem was already fixed in our previous openssl update.
(Moderate)CVE-2014-0160update for otrs (Moderate)openSUSE 13.1
This otrs update fixes the following security and non security issues:
- bnc#871758: Fixed OSA-2014-04 (CVE-2014-2553) and OSA-2014-05
(CVE-2014-2554).
(Moderate)SUSE bug 871758CVE-2014-2553CVE-2014-2554MozillaThunderbird,seamonkey: security update (Important)openSUSE 13.1
Mozilla Thunderbird was updated to 24.4.0.
Mozilla SeaMonkey was updated to 2.25.
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
(Important)SUSE bug 868603CVE-2014-1493CVE-2014-1494CVE-2014-1497CVE-2014-1498CVE-2014-1499CVE-2014-1500CVE-2014-1502CVE-2014-1504CVE-2014-1505CVE-2014-1508CVE-2014-1509CVE-2014-1510CVE-2014-1511CVE-2014-1512CVE-2014-1513CVE-2014-1514update for flash-player (Critical)openSUSE 13.1 NonFree
This flash-player update fixes a critical buffer overflow vulnerability
that leads to arbitrary code execution.
The flash-player package was updated to version 11.2.202.356.
* bnc#875577, APSB14-13, CVE-2014-0515
(Critical)SUSE bug 875577CVE-2014-0515OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer.
(Moderate)openSUSE 13.1
A use-after-free race condition in OpenSSL's read buffer was fixed that could cause connections to drop (CVE-2010-5298).
(Moderate)SUSE bug 873351CVE-2010-5298python-imaging: Fix for temporary file race condition (Low)openSUSE 13.1
A temporary file race condition has been fixed in python-imaging when converting images (CVE-2014-1932, CVE-2014-1933).
(Low)SUSE bug 863541CVE-2014-1932CVE-2014-1933update for libmms (Moderate)openSUSE 13.1
This libmss update fixes the following security issue.
- bnc#874723: Fixed a possible heap memory overrun (CVE-2014-2892).
(Moderate)SUSE bug 874723CVE-2014-2892libvirt: security update (Moderate)openSUSE 13.1
libvirt was updated to fix various bugs and security issues:
CVE-2013-7336: libvirt: unprivileged user can crash libvirtd during spice migration
CVE-2013-6456: unsafe usage of paths under /proc/$PID/root
Bugfixes for libvirt client killed on reboot shutdown. (bnc#852005)
Also notify systemd when we are ready to accept connections.
(Moderate)SUSE bug 852005SUSE bug 857490SUSE bug 868943SUSE bug 871154SUSE bug 873103CVE-2013-6456CVE-2013-7336update for curl (Moderate)openSUSE 13.1
This curl update fixes two security issues:
- bnc#868627: Fixed wrong re-use of connections (CVE-2014-0138).
- bnc#868629: Fixed IP address wildcard certificate validation
(CVE-2014-0139).
(Moderate)SUSE bug 868627SUSE bug 868629CVE-2014-0138CVE-2014-0139update for chromium (Moderate)openSUSE 13.1
This chromium version update fixes the following security and
non-security issues:
- Add patch chromium-fix-arm-skia-memset.patch to resolve a linking
issue on ARM with regards to missing symbols.
- Add patch arm_use_gold.patch to use the right gold binaries on
ARM. Hopefully this resolves the build issues with running out of
memory
- bnc#872805: Update to Chromium 34.0.1847.116
* Responsive Images and Unprefixed Web Audio
* Import supervised users onto new computers
* A number of new apps/extension APIs
* Lots of under the hood changes for stability and performance
- Security fixes:
* CVE-2014-1716: UXSS in V8
* CVE-2014-1717: OOB access in V8
* CVE-2014-1718: Integer overflow in compositor
* CVE-2014-1719: Use-after-free in web workers
* CVE-2014-1720: Use-after-free in DOM
* CVE-2014-1721: Memory corruption in V8
* CVE-2014-1722: Use-after-free in rendering
* CVE-2014-1723: Url confusion with RTL characters
* CVE-2014-1724: Use-after-free in speech
* CVE-2014-1725: OOB read with window property
* CVE-2014-1726: Local cross-origin bypass
* CVE-2014-1727: Use-after-free in forms
* CVE-2014-1728: Various fixes from internal audits,
fuzzing and other initiatives
* CVE-2014-1729: Multiple vulnerabilities in V8
- No longer build against system libraries as that Chromium works
a lot better and crashes less on websites than with system libs
- Added package depot_tools.tar.gz as that the chromium build now
requires it during the initial build phase. It just contains some
utilities and nothing from it is being installed.
- If people want to install newer versions of the ffmpeg library
then let them. This is what they want.
- Remove the buildscript from the sources
(Moderate)SUSE bug 872805CVE-2014-1716CVE-2014-1717CVE-2014-1718CVE-2014-1719CVE-2014-1720CVE-2014-1721CVE-2014-1722CVE-2014-1723CVE-2014-1724CVE-2014-1725CVE-2014-1726CVE-2014-1727CVE-2014-1728CVE-2014-1729cacti: security fixes; cacti-spine: update to 0.8.8b (Moderate)openSUSE 13.1
cacti was patched to fix several security issues:
* CVE-2013-5588: XSS injection vulnerability
* CVE-2013-5589: SQL injection vulnerability
* CVE-2014-2326: XSS injection vulnerability
* CVE-2014-2328: Remote Command Execution Vulnerability
* CVE-2014-2708: SQL Injection Vulnerability
* CVE-2014-2709: Remote Command Execution Vulnerability
cacti-spine was updated to 0.8.8b to fix the following issue:
* bug: set appropriate mysql 5.5+ timeouts (Moderate)SUSE bug 837440SUSE bug 870821SUSE bug 872008CVE-2013-5588CVE-2013-5589CVE-2014-2326CVE-2014-2328CVE-2014-2708CVE-2014-2709Rsync: fixed remote denial of service (Moderate)openSUSE 13.1
Rsync was updated to fix a denial of service attack that could be used by remote attackers without authentification (CVE-2014-2855).
(Moderate)SUSE bug 873740CVE-2014-2855update for python3 (Moderate)openSUSE 13.1
This python update fixes the following security issue:
- bnc#871152: Fixed race condition with umask when creating directories
with os.mkdirs (CVE-2014-2667).
(Moderate)SUSE bug 871152CVE-2014-2667update for nrpe (Moderate)openSUSE 13.1
This nrpe update fixes the following security documentation problem.
- bnc#874743: Documented a possible command injection when command
arguments are enabled (CVE-2014-2913). More details can be found
inside the documentation of this package.
(Moderate)SUSE bug 874743CVE-2014-2913update for MozillaFirefox (Moderate)openSUSE 13.1
This is a MozillaFirefox update to version 29.0:
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-599882cfb998.diff
* mozilla-aarch64-bmo-963028.patch
* mozilla-aarch64-bmo-963029.patch
* mozilla-aarch64-bmo-963030.patch
* mozilla-aarch64-bmo-963031.patch
- requires NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
- add mozilla-aarch64-599882cfb998.patch,
mozilla-aarch64-bmo-810631.patch,
mozilla-aarch64-bmo-962488.patch,
mozilla-aarch64-bmo-963030.patch,
mozilla-aarch64-bmo-963027.patch,
mozilla-aarch64-bmo-963028.patch,
mozilla-aarch64-bmo-963029.patch,
mozilla-aarch64-bmo-963023.patch,
mozilla-aarch64-bmo-963024.patch,
mozilla-aarch64-bmo-963031.patch: AArch64 porting
- Add patch for bmo#973977
* mozilla-ppc64-xpcom.patch
- Refresh mozilla-ppc64le-xpcom.patch patch
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system
This is also a mozilla-nss update to version 3.16:
* required for Firefox 29
* bmo#903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
character should not be embedded within the U-label of an
internationalized domain name. See the last bullet point in RFC 6125,
Section 7.2.
* Supports the Linux x32 ABI. To build for the Linux x32 target, set
the environment variable USE_X32=1 when building NSS.
New Functions:
* NSS_CMSSignerInfo_Verify
New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
cipher suites that were first defined in SSL 3.0 can now be referred
to with their official IANA names in TLS, with the TLS_ prefix.
Previously, they had to be referred to with their names in SSL 3.0,
with the SSL_ prefix.
Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
text that aren't in base64 format.
* The certutil utility has been improved to support creation of
version 1 and version 2 certificates, in addition to the existing
version 3 support.
(Moderate)SUSE bug 875378CVE-2014-1492CVE-2014-1518CVE-2014-1519CVE-2014-1522CVE-2014-1523CVE-2014-1524CVE-2014-1525CVE-2014-1526CVE-2014-1528CVE-2014-1529CVE-2014-1530CVE-2014-1531CVE-2014-1532update for wireshark (Moderate)openSUSE 13.1
This wireshark update to version 1.10.7 fixes the following security
issue:
- bnc#874760: Fixed RTP dissector vulnerabilities (CVE-2014-2907).
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.7.html
(Moderate)SUSE bug 874760CVE-2014-2907update for libpng12 (Moderate)openSUSE 13.1
This libpng12 update fixes the following two security issues.
- bnc#873123: Fixed integer overflow leading to a heap-based buffer
overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354).
- bnc#873124: Fixed integer overflow leading to a heap-based buffer
overflow in png_set_unknown_chunks() (CVE-2013-7353).
(Moderate)SUSE bug 873123SUSE bug 873124CVE-2013-7353CVE-2013-7354update for python-eyeD3 (Moderate)openSUSE 13.1
This python-eyeD3 fixes the following security issue.
- bnc#863744: Fixed insecure use of temporary files (CVE-2014-1934).
(Moderate)SUSE bug 863744CVE-2014-1934update for seamonkey (Moderate)openSUSE 13.1
This is a SeaMonkey update to version 2.26:
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- added aarch64 porting patches
* mozilla-aarch64-bmo-810631.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch
* mozilla-aarch64-bmo-963024.patch
* mozilla-aarch64-bmo-963027.patch
- requires NSPR 4.10.3 and NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
(Moderate)SUSE bug 875378CVE-2014-1492CVE-2014-1518CVE-2014-1519CVE-2014-1522CVE-2014-1523CVE-2014-1524CVE-2014-1525CVE-2014-1526CVE-2014-1528CVE-2014-1529CVE-2014-1530CVE-2014-1531CVE-2014-1532update for android-tools (Moderate)openSUSE 13.1
- Fix overflow in adb CVE-2014-1909 [bnc#863074]
* fix-overflow-in-adb_client.patch
(Moderate)SUSE bug 863074CVE-2014-1909update for openssl (Moderate)openSUSE 13.1
- Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write
Add file: CVE-2014-0198.patch
(Moderate)SUSE bug 876282CVE-2014-0198update for MozillaThunderbird (Moderate)openSUSE 13.1
This is a MozillaThunderbird update to version 24.5.0:
* MFSA 2014-34/CVE-2014-1518
Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
- use shipped-locales as the authoritative source for supported
locales (some unsupported locales disappear from -other package)
(Moderate)SUSE bug 875378CVE-2014-1518CVE-2014-1523CVE-2014-1524CVE-2014-1529CVE-2014-1530CVE-2014-1531CVE-2014-1532libxml2 security update (Low)openSUSE 13.1
- fix for CVE-2014-0191 (bnc#876652)
* libxml2: external parameter entity loaded when entity
substitution is disabled
* added libxml2-CVE-2014-0191.patch
(Low)SUSE bug 876652CVE-2014-0191update for chromium (Moderate)openSUSE 13.1
- Update to Chromium 31.0.1650.63
Stable channel update:
- Security fixes:
* CVE-2013-6634: Session fixation in sync related to 302 redirects
* CVE-2013-6635: Use-after-free in editing
* CVE-2013-6636: Address bar spoofing related to modal dialogs
* CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2013-6638: Buffer overflow in v8
* CVE-2013-6639: Out of bounds write in v8.
* CVE-2013-6640: Out of bounds read in v8
* and 12 other security fixes.
- Remove the build flags to build according to the Chrome ffmpeg
branding and the proprietary codecs. (bnc#847971)
- Update to Chromium 31.0.1650.57
Stable channel update:
- Security Fixes:
* CVE-2013-6632: Multiple memory corruption issues.
- Update to Chromium 31.0.1650.48
Stable Channel update:
- Security fixes:
* CVE-2013-6621: Use after free related to speech input elements..
* CVE-2013-6622: Use after free related to media elements.
* CVE-2013-6623: Out of bounds read in SVG.
* CVE-2013-6624: Use after free related to “id” attribute strings.
* CVE-2013-6625: Use after free in DOM ranges.
* CVE-2013-6626: Address bar spoofing related to interstitial warnings.
* CVE-2013-6627: Out of bounds read in HTTP parsing.
* CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
* CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
* CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
* CVE-2013-6631: Use after free in libjingle.
- Added patch chromium-fix-chromedriver-build.diff to fix the
chromedriver build
- Enable ARM build for Chromium.
* Added patches chromium-arm-webrtc-fix.patch,
chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch
to resolve ARM specific build issues
- Update to Chromium 30.0.1599.114
Stable Channel update: fix build for 32bit systems
- Drop patch chromium-fix-chromedriver-build.diff. This is now
fixed upstream
- For openSUSE versions lower than 13.1, build against the in-tree
libicu
- Update to Chromium 30.0.1599.101
- Security Fixes:
+ CVE-2013-2925: Use after free in XHR
+ CVE-2013-2926: Use after free in editing
+ CVE-2013-2927: Use after free in forms.
+ CVE-2013-2928: Various fixes from internal audits,
fuzzing and other initiatives.
- Update to Chromium 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Security fixes:
+ CVE-2013-2906: Races in Web Audio
+ CVE-2013-2907: Out of bounds read in Window.prototype object
+ CVE-2013-2908: Address bar spoofing related to the
“204 No Content” status code
+ CVE-2013-2909: Use after free in inline-block rendering
+ CVE-2013-2910: Use-after-free in Web Audio
+ CVE-2013-2911: Use-after-free in XSLT
+ CVE-2013-2912: Use-after-free in PPAPI
+ CVE-2013-2913: Use-after-free in XML document parsing
+ CVE-2013-2914: Use after free in the Windows color chooser
dialog
+ CVE-2013-2915: Address bar spoofing via a malformed scheme
+ CVE-2013-2916: Address bar spoofing related to the “204 No
Content” status code
+ CVE-2013-2917: Out of bounds read in Web Audio
+ CVE-2013-2918: Use-after-free in DOM
+ CVE-2013-2919: Memory corruption in V8
+ CVE-2013-2920: Out of bounds read in URL parsing
+ CVE-2013-2921: Use-after-free in resource loader
+ CVE-2013-2922: Use-after-free in template element
+ CVE-2013-2923: Various fixes from internal audits, fuzzing and
other initiatives
+ CVE-2013-2924: Use-after-free in ICU. Upstream bug (Moderate)SUSE bug 847971SUSE bug 854472SUSE bug 854473CVE-2013-2906CVE-2013-2907CVE-2013-2908CVE-2013-2909CVE-2013-2910CVE-2013-2911CVE-2013-2912CVE-2013-2913CVE-2013-2914CVE-2013-2915CVE-2013-2916CVE-2013-2917CVE-2013-2918CVE-2013-2919CVE-2013-2920CVE-2013-2921CVE-2013-2922CVE-2013-2923CVE-2013-2924CVE-2013-2925CVE-2013-2926CVE-2013-2927CVE-2013-2928CVE-2013-2931CVE-2013-6621CVE-2013-6622CVE-2013-6623CVE-2013-6624CVE-2013-6625CVE-2013-6626CVE-2013-6627CVE-2013-6628CVE-2013-6629CVE-2013-6630CVE-2013-6631CVE-2013-6632CVE-2013-6634CVE-2013-6635CVE-2013-6636CVE-2013-6637CVE-2013-6638CVE-2013-6639CVE-2013-6640update for chromium (Moderate)openSUSE 13.1
- Update to Chromium 34.0.1847.132
* Security update:
- CVE-2014-1730: Type confusion in V8
- CVE-2014-1731: Type confusion in DOM
- CVE-2014-1732: Use-after-free in Speech Recognition
- CVE-2014-1733: Compiler bug in Seccomp-BPF
- CVE-2014-1734: Various fixes from internal audits, fuzzing
and other initiatives
- CVE-2014-1735: Multiple vulnerabilities in V8 fixed in
version 3.24.35.33
- Update to Chromium 34.0.1847.131
* Bugfixes
(Moderate)SUSE bug 875408CVE-2014-1730CVE-2014-1731CVE-2014-1732CVE-2014-1733CVE-2014-1734CVE-2014-1735libvirt: Fix migration with QEMU 1.6 and unsafe parsing of XML documents (Moderate)openSUSE 13.1
This update fixes the following issues with libvirt:
- bnc#875694: Fix migration with QEMU 1.6.
QEMU 1.6.0 introduced new migration status: setup. Libvirt does not expect such string in QMP and refuses to migrate with error "unexpected migration status in setup"
- Patch to prevent expansion of entities when parsing XML files. This vulnerability allowed malicious users to read arbitrary files or cause a denial of service (CVE-2014-0179).
(Moderate)SUSE bug 873705SUSE bug 875694CVE-2014-0179kernel: security and bugfix update (Important)openSUSE 13.1
This Linux kernel security update fixes various security
issues and bugs.
The Linux Kernel was updated to fix various security issues and bugs.
Main security issues fixed:
A security issue in the tty layer that was fixed that could be used
by local attackers for code execution (CVE-2014-0196).
Two security issues in the floppy driver were fixed that could be
used by local attackers on machines with the floppy to crash the kernel
or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).
Other security issues and bugfixes:
- netfilter: nf_nat: fix access to uninitialized buffer in IRC
NAT helper (bnc#860835 CVE-2014-1690).
- net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH
(bnc#866102, CVE-2014-0101).
- [media] ivtv: Fix Oops when no firmware is loaded (bnc#875440).
- ALSA: hda - Add dock pin setups for Thinkpad T440 (bnc#876699).
- ip6tnl: fix double free of fb_tnl_dev on exit (bnc#876531).
- Update arm config files: Enable all USB-to-serial drivers
Specifically, enable USB_SERIAL_WISHBONE and USB_SERIAL_QT2 on all
arm flavors.
- mei: limit the number of consecutive resets
(bnc#821619,bnc#852656).
- mei: revamp mei reset state machine (bnc#821619,bnc#852656).
- mei: use hbm idle state to prevent spurious resets (bnc#821619).
- mei: do not run reset flow from the interrupt thread
(bnc#821619,bnc#852656).
- mei: don't get stuck in select during reset (bnc#821619).
- mei: wake also writers on reset (bnc#821619).
- mei: remove flash_work_queue (bnc#821619,bnc#852656).
- mei: me: do not load the driver if the FW doesn't support MEI
interface (bnc#821619).
- Update ec2 config files: Disable CONFIG_CAN
CAN support is disabled everywhere else, so disable it in ec2 too.
- Refresh Xen patches (bnc#851244).
- Update arm/exynos config file: disable AHCI_IMX
This driver is only used on Freescale i.MX systems so it isn't needed
on Exynos.
- drm: Prefer noninterlace cmdline mode unless explicitly
specified (bnc#853350).
- kabi/severities: add exception for irda.
The changes resulted in a 4x performance increase. Any external users
of this API will also want to rebuild their modules.
- i7core_edac: Fix PCI device reference count.
- KABI: revert tcp: TSO packets automatic sizing.
- KABI: revert tcp: TSQ can use a dynamic limit.
- kabi: add exceptions for kvm and l2tp
- patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch:
Move include of utsname.h to where it's needed to avoid kABI
breakage due to utsname becoming defined.
- Update kabi files.
The kABI references were never establishd at release.
- Refresh patches.rpmify/chipidea-clean-up-dependencies
Replace OF_DEVICE by OF (OF_DEVICE does not exist anymore.)
- inet: fix addr_len/msg->msg_namelen assignment in recv_error
and rxpmtu functions (bnc#857643 CVE-2013-7263 CVE-2013-7264
CVE-2013-7265).
- inet: prevent leakage of uninitialized memory to user in recv
syscalls (bnc#857643 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
CVE-2013-7281).
- Update config files: re-enable twofish crypto support
Software twofish crypto support was disabled in several architectures
since openSUSE 10.3. For i386 and x86_64 it was on purpose, because
hardware-accelerated alternatives exist. However for all other
architectures it was by accident.
Re-enable software twofish crypto support in arm, ia64 and ppc
configuration files, to guarantee that at least one implementation is
always available (bnc#871325).
- kvm: optimize away THP checks in kvm_is_mmio_pfn() (bnc#871160).
- Update patches.fixes/mm-close-PageTail-race.patch (bnc#871160).
- Update patches.fixes/mm-hugetlbfs-fix-hugetlbfs-optimization.patch
(bnc#871160).
- mm: close PageTail race (bnc#81660).
- mm: hugetlbfs: fix hugetlbfs optimization (bnc#81660).
- Update config files: disable CONFIG_TOUCHSCREEN_W90X900
The w90p910_ts driver only makes sense on the W90x900 architecture,
which we do not support.
- ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).
- Update ec2 config files: disable CONFIG_INPUT_FF_MEMLESS
This helper module is useless on EC2.
- SELinux: Fix kernel BUG on empty security contexts
(bnc#863335,CVE-2014-1874).
- hamradio/yam: fix info leak in ioctl (bnc#858872,CVE-2014-1446).
- netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
(bnc#868653 CVE-2014-2523).
- ath9k_htc: properly set MAC address and BSSID mask
(bnc#851426,CVE-2013-4579).
- drm/ttm: don't oops if no invalidate_caches() (bnc#869414).
- Btrfs: do not bug_on if we try to cow a free space cache inode
(bnc#863235).
- Update vanilla config files: enable console rotation
It's enabled in all other kernel flavors so it should be enabled in
vanilla too.
- Update config files. (CONFIG_EFIVAR_FS=m)
Due to systemd can auto-load efivarfs.ko, so wet CONFIG_EFIVAR_FS to
module on x86_64.
- libata, freezer: avoid block device removal while system is
frozen (bnc#849334).
- Enable CONFIG_IRDA_FAST_RR=y (bnc#860502)
- [media] bttv: don't setup the controls if there are no video
devices (bnc#861750).
- drm/i915/dp: add native aux defer retry limit (bnc#867718).
- drm/i915/dp: increase native aux defer retry timeout
(bnc#867718).
- rpc_pipe: fix cleanup of dummy gssd directory when notification
fails (bnc#862746).
- sunrpc: add an "info" file for the dummy gssd pipe (bnc#862746).
- rpc_pipe: remove the clntXX dir if creating the pipe fails
(bnc#862746).
- Delete rpm/_constraints after mismerge
Sat Mar 8 00:41:07 CET 2014 - jbohac@suse.cz
- Refresh
patches.fixes/tcp-syncookies-reduce-cookie-lifetime-to-128-seconds.patch.
- tcp: syncookies: reduce cookie lifetime to 128 seconds
(bnc#833968).
- tcp: syncookies: reduce mss table to four values (bnc#833968).
- rpm/mkspec: Generate a per-architecture per-package _constraints file
- rpm/mkspec: Remove dead code
- Refresh patches.fixes/rtc-cmos-add-an-alarm-disable-quirk.patch.
- rtc-cmos: Add an alarm disable quirk (bnc#812592).
- Refresh patches.xen/xen-x86-EFI.
- Refresh
patches.apparmor/apparmor-compatibility-patch-for-v5-network-control.
patches.drivers/pstore_disable_efi_backend_by_default.patch.
patches.fixes/dm-table-switch-to-readonly.
patches.fixes/kvm-ioapic.patch.
patches.fixes/kvm-macos.patch.
patches.fixes/remount-no-shrink-dcache.
patches.fixes/scsi-dh-queuedata-accessors.
patches.suse/0001-vfs-Hooks-for-more-fine-grained-directory-permission.patch.
patches.suse/ovl01-vfs-add-i_op-dentry_open.patch.
patches.suse/sd_init.mark_majors_busy.patch.
- rpm/mkspec: Fix whitespace in NoSource lines
- rpm/kernel-binary.spec.in: Do not zero modules.dep before using it
(bnc#866075)
- rpm/kernel-obs-build.spec: Drop useless ExclusiveArch statement
- Update config files. Set CONFIG_EFIVAR_FS to build-in for MOK support
Update config files. Set CONFIG_EFIVAR_FS to build-in for MOK support
- nfs: always make sure page is up-to-date before extending a
write to cover the entire page (bnc#864867 bnc#865075).
- x86, cpu, amd: Add workaround for family 16h, erratum 793
(bnc#852967 CVE-2013-6885).
- Refresh patches.xen/xen3-patch-3.10.
- cifs: ensure that uncached writes handle unmapped areas
correctly (bnc#864025 CVE-2014-00691).
- x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
(bnc#858638 CVE-2014-1438).
- rpm/kernel-obs-build.spec: Do not mount /sys, the build script does it
- Update config files: Disable TS5500-specific drivers
These drivers are useless without TS5500 board support: mtd-ts5500,
gpio-ts5500 and max197.
- balloon: don't crash in HVM-with-PoD guests.
- usbback: fix after c/s 1232:8806dfb939d4 (bnc#842553).
- hwmon: (coretemp) Fix truncated name of alarm attributes.
- rpm/kernel-obs-build.spec: Fix for ppc64le
- Scripts: .nosrc.rpm should contain only the specfile (bnc #639379)
- config: update arm7hl/exynos
- Enhances exynos support:
* Add USB support
* Add sound support
* Add devices (accelerometer, etc.) on arndale board
- drm/cirrus: Fix cirrus drm driver for fbdev + qemu (bnc#856760).
- Spec: zeroing modules.dep to get identical builds among different machines
- doc/README.SUSE: Update to match the current package layout
- Add the README.SUSE file to the packaging branch
- lockd: send correct lock when granting a delayed lock
(bnc#859342).
- mm/page-writeback.c: do not count anon pages as dirtyable memory
(reclaim stalls).
- mm/page-writeback.c: fix dirty_balance_reserve subtraction
from dirtyable memory (reclaim stalls).
(Important)SUSE bug 639379SUSE bug 812592SUSE bug 81660SUSE bug 821619SUSE bug 833968SUSE bug 842553SUSE bug 849334SUSE bug 851244SUSE bug 851426SUSE bug 852656SUSE bug 852967SUSE bug 853350SUSE bug 856760SUSE bug 857643SUSE bug 858638SUSE bug 858872SUSE bug 859342SUSE bug 860502SUSE bug 860835SUSE bug 861750SUSE bug 862746SUSE bug 863235SUSE bug 863335SUSE bug 864025SUSE bug 864867SUSE bug 865075SUSE bug 866075SUSE bug 866102SUSE bug 867718SUSE bug 868653SUSE bug 869414SUSE bug 871148SUSE bug 871160SUSE bug 871252SUSE bug 871325SUSE bug 875440SUSE bug 875690SUSE bug 875798SUSE bug 876531SUSE bug 876699CVE-2013-4579CVE-2013-6885CVE-2013-7263CVE-2013-7264CVE-2013-7265CVE-2013-7281CVE-2014-0069CVE-2014-0101CVE-2014-0196CVE-2014-1438CVE-2014-1446CVE-2014-1690CVE-2014-1737CVE-2014-1738CVE-2014-1874CVE-2014-2523CVE-2014-2672 (Low)openSUSE 13.1 NonFree(Low)SUSE bug 877649CVE-2014-0516CVE-2014-0517CVE-2014-0518CVE-2014-0519CVE-2014-0520strongswan: Fix for authentication bypass and DoS vulnerability (Moderate)openSUSE 13.1
strongswan was fixed to correct two issues:
- Fix for DoS vulnerability by a NULL-pointer dereference (CVE-2014-2891).
- Fix for a authentication bypass vulnerability in the IKEv2 code (CVE-2014-2338).
(Moderate)SUSE bug 870572SUSE bug 876449CVE-2014-2338CVE-2014-2891mumble: Fixed remote DoS vulnerabilities (Moderate)openSUSE 13.1
mumble was updated to fix two security issues.
- The Mumble client did not properly HTML-escape some external strings before
using them in a rich-text (HTML) context (CVE-2014-3756).
- SVG images with local file references could trigger client DoS (CVE-2014-3755).
(Moderate)SUSE bug 877969SUSE bug 877971CVE-2014-3755CVE-2014-3756perl-LWP-Protocol-https: Fixed possible MITM (Moderate)openSUSE 13.1
perl-LWP-Protocol-https was updated to prevent a possible MITM
if the environment variables HTTPS_CA_DIR or HTTPS_CA_FILE were set (CVE-2014-3230).
(Moderate)SUSE bug 876862CVE-2014-3230libXfont: Fixed multiple vulnerabilities (Moderate)openSUSE 13.1
libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing (CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies (CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to raise privileges
or by a remote attacker with control of the font server to execute code with the
privileges of the X server.
(Moderate)SUSE bug 857544CVE-2014-0209CVE-2014-0210CVE-2014-0211PostfixAdmin: update to 2.3.7 (Moderate)openSUSE 13.1
Update PostfixAdmin to 2.3.7:
- fix a SQL injection in list-virtual.php (CVE-2014-2655, bnc#870434)
- add support for new longer TLDs like .international
- fix various small bugs
- translation updates for lt and da
- vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22 (you can re-enable it with $smtp_tls_allowed) (Moderate)SUSE bug 870434CVE-2014-2655libxml2, python-libxml2: Prevent external entities from being loaded (Moderate)openSUSE 13.1
Updated fix for openSUSE-SU-2014:0645-1 because of a regression that
caused xmllint to break.
(Moderate)SUSE bug 876652CVE-2014-0191update for rubygem-actionpack-3_2 (Moderate)openSUSE 13.1
- fix CVE-2014-0130: rubygem-actionpack: directory traversal issue
(bnc#876714)
CVE-2014-0130.patch: contains the fix
(Moderate)SUSE bug 876714CVE-2014-0130update for tor (Moderate)openSUSE 13.1
- tor 0.2.4.22 [bnc#878486]
Tor was updated to the recommended version of the 0.2.4.x series.
- major features in 0.2.4.x:
- improved client resilience
- support better link encryption with forward secrecy
- new NTor circuit handshake
- change relay queue for circuit create requests from size-based
limit to time-based limit
- many bug fixes and minor features
- changes contained in 0.2.4.22:
Backports numerous high-priority fixes. These include blocking
all authority signing keys that may have been affected by the
OpenSSL "heartbleed" bug, choosing a far more secure set of TLS
ciphersuites by default, closing a couple of memory leaks that
could be used to run a target relay out of RAM.
- Major features (security)
- Block authority signing keys that were used on authorities
vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160).
- Major bugfixes (security, OOM):
- Fix a memory leak that could occur if a microdescriptor parse
fails during the tokenizing step.
- Major bugfixes (TLS cipher selection):
- The relay ciphersuite list is now generated automatically based
on uniform criteria, and includes all OpenSSL ciphersuites with
acceptable strength and forward secrecy.
- Relays now trust themselves to have a better view than clients
of which TLS ciphersuites are better than others.
- Clients now try to advertise the same list of ciphersuites as
Firefox 28.
- includes changes from 0.2.4.21:
Further improves security against potential adversaries who find
breaking 1024-bit crypto doable, and backports several stability
and robustness patches from the 0.2.5 branch.
- Major features (client security):
- When we choose a path for a 3-hop circuit, make sure it contains
at least one relay that supports the NTor circuit extension
handshake. Otherwise, there is a chance that we're building
a circuit that's worth attacking by an adversary who finds
breaking 1024-bit crypto doable, and that chance changes the game
theory.
- Major bugfixes:
- Do not treat streams that fail with reason
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
since it could also indicate an ENETUNREACH connection error
- includes changes from 0.2.4.20:
- Do not allow OpenSSL engines to replace the PRNG, even when
HardwareAccel is set.
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
address.
- Avoid launching spurious extra circuits when a stream is pending.
- packaging changes:
- remove init script shadowing systemd unit
- general cleanup
- Add tor-fw-helper for UPnP port forwarding; not used by default
- fix logrotate on systemd-only setups without init scripts,
work tor-0.2.2.37-logrotate.patch to tor-0.2.4.x-logrotate.patch
- verify source tarball signature
(Moderate)SUSE bug 878486CVE-2014-0160update for openssl (Moderate)openSUSE 13.1
- Fixed bnc#856687, openssl: crash when using TLS 1.2
Add file: CVE-2013-6449.patch
(Moderate)SUSE bug 856687CVE-2013-6449update for ibus-chewing (Moderate)openSUSE 13.1
- Add fix-CVE-2013-4509-support-input-purpose.patch
* Fixed password is visible on GNOME lock screen (bnc#847718, CVE-2013-4509)
(Moderate)SUSE bug 847718CVE-2013-4509update for libgadu (Moderate)openSUSE 13.1
- Update to version 1.11.4, bugfix release:
+ Fix buffer overflow with remote code execution potential.
Only triggerable by a Gadu-Gadu server or a man-in-the-middle.
CVE-2013-6487 (bnc#861019, bnc#878540)
+ Fix memory overwrite in file transfer with proxy server.
CVE-2014-3775 (bnc#878540)
+ Minor fixes reported by Pidgin project members.
(Moderate)SUSE bug 878540CVE-2013-6487CVE-2014-3775policycoreutils setuid() fix (Low)openSUSE 13.1
Besides other enhancements, this version update contains:
- fix for CVE-2014-3215 (bnc#876832)
* use PR_SET_NO_NEW_PRIVS to prevent gain of new privileges
* added libcap-ng-CVE-2014-3215.patch
(Low)SUSE bug 876832CVE-2014-3215python-lxml: Fixed input sanitization (Moderate)openSUSE 13.1
python-lxml was fixed to ensure proper input sanitization in clean_html (CVE-2014-3146).
(Moderate)SUSE bug 657698SUSE bug 877258CVE-2014-3146libxml2, python-libxml2: Reverted patch for CVE-2014-0191 (Moderate)openSUSE 13.1
Removed fix for CVE-2014-0191. This fix breaks existing applications and there's currently no way to prevent that.
(Moderate)SUSE bug 876652CVE-2014-0191update for lightdm-gtk-greeter (Moderate)openSUSE 13.1
- add lightdm-gtk-greeter-handle-invalid-user.patch in order to fix
a NULL pointer dereference after authentication of an invalid
username has failed (bnc#857303, CVE-2014-0979)
- add lightdm-gtk-greeter-invalid-last_session.patch
fix segfault when last_session is an invalid session (lp#1161883)
- add lightdm-gtk-greeter-fix-login.patch in order to fix
login/unlock detection
(Moderate)SUSE bug 857303CVE-2014-0979openssl: update to version 1.0.1h (Critical)openSUSE 13.1
The openssl library was updated to version 1.0.1h fixing
various security issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
OpenSSL DTLS client the code can be made to recurse eventually crashing
in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to
an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
ECDH ciphersuites are subject to a denial of service attack.
(Critical)SUSE bug 880891CVE-2014-0195CVE-2014-0221CVE-2014-0224CVE-2014-3470gnutls: Fixed possible memory corruption and NULL pointer dereference (Important)openSUSE 13.1
gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote
code execution.
- Memory corruption during connect (CVE-2014-3466)
- NULL pointer dereference in gnutls_x509_dn_oid_name (CVE-2014-3465)
(Important)SUSE bug 880730SUSE bug 880733CVE-2014-3465CVE-2014-3466php5: Update fixes several security issues (Moderate)openSUSE 13.1
php5 was updated to fix several security issues.
These issues were fixed:
* Performance degradation by too many file_printf calls (CVE-2014-0237)
* DoS in Fileinfo component (CVE-2014-0238)
* NULL pointer dereference in GD XPM decoder (CVE-2014-2497)
* Privilege escalation due to insecure default config (CVE-2014-0185)
(Moderate)SUSE bug 868624SUSE bug 875826SUSE bug 880904SUSE bug 880905CVE-2014-0185CVE-2014-0237CVE-2014-0238CVE-2014-2497update for icinga (Moderate)openSUSE 13.1
- imported upstream version 1.10.2
- includes fix for possible denial of service in CGI executables: CVE-2013-7108 (bnc#856837)
* core: Add an Icinga syntax plugin for Vim #4150 - LE/MF
* core: Document dropped options log_external_commands_user and event_profiling_enabled #4957 - BA
* core: type in spec file on ido2db startup #5000 - MF
* core: Build fails: xdata/xodtemplate.c requires stdint.h #5021 - SH
* classic ui: fix status output in JSON format not including short and long plugin output properly #5217 - RB
* classic ui: fix possible buffer overflows #5250 - RB
* classic ui: fix Off-by-one memory access in process_cgivars() #5251 - RB
* idoutils: idoutils oracle compile error #5059 - TD
* idoutils: Oracle update script 1.10.0 failes while trying to drop nonexisting index #5256 - RB
- imported upstream version 1.10.1
* core: add line number information to config verification error messages #4967 - GB
* core/idoutils: revert check_source attribute due to mod_gearman manipulating in-memory checkresult list #4958 - MF
** classic ui/idoutils schema: functionality is kept only for Icinga 2 support
* classic ui: fix context help on mouseover in cmd.cgi (Marc-Christian Petersen) #4971 - MF
* classic ui: correction of colspan value in status.cgi (Bernd Arnold) #4961 - MF
* idoutils: fix pgsql update script #4953 - AW/MF
* idoutils: fix logentry_type being integer, not unsigned long (thx David Mikulksi) #4953 - MF
- fixed file permission of icingastats - bnc#851619
- switch to all unhandled problems per default in index.html
(Moderate)SUSE bug 851619SUSE bug 856837CVE-2013-7108chromium: Various security fixes (Moderate)openSUSE 13.1
chromium was updated to version 35.0.1916.114 to fix various security issues.
Security fixes:
* CVE-2014-1743: Use-after-free in styles
* CVE-2014-1744: Integer overflow in audio
* CVE-2014-1745: Use-after-free in SVG
* CVE-2014-1746: Out-of-bounds read in media filters
* CVE-2014-1747: UXSS with local MHTML file
* CVE-2014-1748: UI spoofing with scrollbar
* CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives
* CVE-2014-3152: Integer underflow in V8 fixed
* CVE-2014-1740: Use-after-free in WebSockets
* CVE-2014-1741: Integer overflow in DOM range
* CVE-2014-1742: Use-after-free in editing
and 17 more for which no detailed information is given.
(Moderate)CVE-2014-1740CVE-2014-1741CVE-2014-1742CVE-2014-1743CVE-2014-1744CVE-2014-1745CVE-2014-1746CVE-2014-1747CVE-2014-1748CVE-2014-1749CVE-2014-3152apache2-mod_wsgi: Fix for two security issues (Moderate)openSUSE 13.1
apache2-mod_wsgi was updated to fix two security issues.
These security issues were fixed:
- Information exposure (CVE-2014-0242)
- Local privilege escalation (CVE-2014-0240)
(Moderate)SUSE bug 878550SUSE bug 878553CVE-2014-0240CVE-2014-0242flash-player: Update to fix six security issues (Moderate)openSUSE 13.1 NonFree
flash-player was updated to version 11.2.202.378 to fix six security issues.
These security issues were fixed:
- Cross-site-scripting vulnerabilities (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533).
- Security bypass vulnerabilities (CVE-2014-0534, CVE-2014-0535).
- A memory corruption vulnerability that could result in arbitrary code execution (CVE-2014-0536).
(Moderate)SUSE bug 882187CVE-2014-0531CVE-2014-0532CVE-2014-0533CVE-2014-0534CVE-2014-0535CVE-2014-0536sendmail: Close file descriptors before executing programs (Moderate)openSUSE 13.1
sendmail was updated to properly close file descriptors before executing programs.
These security issues were fixed:
- Not properly closing file descriptors before executing programs (CVE-2014-3956).
(Moderate)SUSE bug 881284CVE-2014-3956typo3-cms-4_5: Update to 4.5.34 to fix eight security issues (Moderate)openSUSE 13.1
typo3-cms-4_5 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs.
These security problems where fixed:
* Add trusted HTTP_HOST configuration (CVE-2014-3941)
* XSS in (old) extension manager information function (CVE-2014-3943)
* XSS in new content element wizard (CVE-2014-3943)
* XSS in template tools on root page (CVE-2014-3943)
* XSS in Backend Layout Wizard (CVE-2014-3943)
* Encode URL for use in JavaScript (CVE-2014-3943)
* Fix insecure unserialize in colorpicker (CVE-2014-3942)
* Remove charts.swf to get rid of XSS vulnerability (CVE-2014-3943)
(Moderate)SUSE bug 881280SUSE bug 881281SUSE bug 881282CVE-2014-3941CVE-2014-3942CVE-2014-3943update for lighttpd (Moderate)openSUSE 13.1
- added cve-2013-4508.patch and
cve-2013-4508-regression-bug729480.patch: (bnc#849059)
When defining an ssl.cipher-list, it works for the 'default'
HTTPS setup ($SERVER["socket"] 443 block), but when you utilize
SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the
ssl.cipher-list seems to not inherit into the host blocks and
instead will default to include all of the available openssl
ciphers (except SSL v2/v3 based if those are disabled)
- added cve-2013-4559.patch (bnc#850468)
check success of setuid,setgid,setgroups
- added cve-2013-4560.patch (bnc#850469)
FAM: fix use after free
- added cve-2013-4508.patch and
cve-2013-4508-regression-bug729480.patch: (bnc#849059)
When defining an ssl.cipher-list, it works for the 'default'
HTTPS setup ($SERVER["socket"] 443 block), but when you utilize
SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the
ssl.cipher-list seems to not inherit into the host blocks and
instead will default to include all of the available openssl
ciphers (except SSL v2/v3 based if those are disabled)
- added cve-2013-4559.patch (bnc#850468)
check success of setuid,setgid,setgroups
- added cve-2013-4560.patch (bnc#850469)
FAM: fix use after free
- added cve-2013-4508.patch and
cve-2013-4508-regression-bug729480.patch: (bnc#849059)
When defining an ssl.cipher-list, it works for the 'default'
HTTPS setup ($SERVER["socket"] 443 block), but when you utilize
SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the
ssl.cipher-list seems to not inherit into the host blocks and
instead will default to include all of the available openssl
ciphers (except SSL v2/v3 based if those are disabled)
- added cve-2013-4559.patch (bnc#850468)
check success of setuid,setgid,setgroups
- added cve-2013-4560.patch (bnc#850469)
FAM: fix use after free
(Moderate)SUSE bug 849059SUSE bug 850468SUSE bug 850469CVE-2013-4508CVE-2013-4559CVE-2013-4560rxvt-unicode: Enforce secure handling of window property values (Moderate)openSUSE 13.1
rxvt-unicode was patched to ensure that
window property values can not be queried in secure mode (CVE-2014-3121).
(Moderate)SUSE bug 876101CVE-2014-3121miniupnpc: Update to 1.9 to fix buffer overflow (Moderate)openSUSE 13.1
miniupnpc was updated to 1.9 to fix a
potential buffer overrun in miniwget.c (CVE-2014-3985).
Besides that the following issues were fixed:
* added argument remoteHost to UPNP_GetSpecificPortMappingEntry()
* increment API_VERSION to 10
* --help and -h arguments in upnpc.c
* define MAXHOSTNAMELEN if not already done
* update upnpreplyparse to allow larger values (128 chars instead of 64)
* Update upnpreplyparse to take into account "empty" elements
* validate upnpreplyparse.c code with "make check"
* Fix Solaris build thanks to Maciej Małecki
* Fix testminiwget.sh for BSD
* Fixed Makefile for *BSD
* Update Makefile to use JNAerator version 0.11
* Fix testminiwget.sh for use with dash
* Use $(DESTDIR) in Makefile
(Moderate)SUSE bug 881990CVE-2014-3985MozillaFirefox, mozilla-nspr: Update fixes nine security issues (Moderate)openSUSE 13.1
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* OOB write with sprintf and console functions (CVE-2014-1545)
MozillaFirefox was updated to version 30.0 to fix eight security issues:
* Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)
* Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)
* Use-after-free in Event Listener Manager (CVE-2014-1540)
* Use-after-free with SMIL Animation Controller (CVE-2014-1541)
* Buffer overflow in Web Audio Speex resampler (CVE-2014-1542)
Several non-security bugs were also fixed in this release.
(Moderate)SUSE bug 881874CVE-2014-1533CVE-2014-1534CVE-2014-1536CVE-2014-1537CVE-2014-1538CVE-2014-1539CVE-2014-1540CVE-2014-1541CVE-2014-1542CVE-2014-1543CVE-2014-1545dbus-1: Fixed possible DoS (Moderate)openSUSE 13.1
dbus-1 was updated to fix a possible DoS (CVE-2014-3477).
(Moderate)SUSE bug 881137CVE-2014-3477castor: Prevent XXE attacks (Moderate)openSUSE 13.1
castor was updated to prevent XXE attacks via crafted XML documents (CVE-2014-3004).
(Moderate)SUSE bug 882408CVE-2013-3004CVE-2014-3004wireshark: Fix for possible DoS (Low)openSUSE 13.1
wireshark was updated to version 1.10.8 to fix a possible DoS in the frame metadissector (CVE-2014-4020). (Low)SUSE bug 882602CVE-2014-4020kernel: security and bugfix update (Important)openSUSE 13.1
The Linux kernel was updated to fix security issues and bugs.
Security issues fixed:
CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux
kernel did not ensure that calls have two different futex addresses,
which allowed local users to gain privileges via a crafted FUTEX_REQUEUE
command that facilitates unsafe waiter modification.
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
extension implementations in the sk_run_filter function in
net/core/filter.c in the Linux kernel did not check whether a certain
length value is sufficiently large, which allowed local users to cause
a denial of service (integer underflow and system crash) via crafted BPF
instructions. NOTE: the affected code was moved to the __skb_get_nlattr
and __skb_get_nlattr_nest functions before the vulnerability was
announced.
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in
the sk_run_filter function in net/core/filter.c in the Linux kernel
used the reverse order in a certain subtraction, which allowed local
users to cause a denial of service (over-read and system crash) via
crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable
buffers are disabled, did not properly validate packet lengths, which
allowed guest OS users to cause a denial of service (memory corruption
and host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the
vhost-net subsystem in the Linux kernel package did not properly handle
vhost_get_vq_desc errors, which allowed guest OS users to cause a denial
of service (host OS crash) via unspecified vectors.
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.
CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial
of service (use-after-free and system crash) or possibly gain privileges
via a crafted application that leverages an improperly managed reference
counter.
- ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599
bnc#876981).
- patches.fixes/firewire-01-net-fix-use-after-free.patch,
patches.fixes/firewire-02-ohci-fix-probe-failure-with-agere-lsi-controllers.patch,
patches.fixes/firewire-03-dont-use-prepare_delayed_work.patch: Add
missing bug reference (bnc#881697).
- firewire: don't use PREPARE_DELAYED_WORK.
- firewire: ohci: fix probe failure with Agere/LSI controllers.
- firewire: net: fix use after free.
- USB: OHCI: fix problem with global suspend on ATI controllers
(bnc#868315).
- mm: revert "page-writeback.c: subtract min_free_kbytes from
dirtyable memory" (bnc#879792).
- usb: musb: tusb6010: Use musb->tusb_revision instead of
tusb_get_revision call (bnc#872715).
- usb: musb: tusb6010: Add tusb_revision to struct musb to store
the revision (bnc#872715).
- ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets
(bnc#880613).
- floppy: do not corrupt bio.bi_flags when reading block 0
(bnc#879258).
- reiserfs: call truncate_setsize under tailpack mutex
(bnc#878115).
- Update Xen config files: Set compatibility level back to 4.1
(bnc#851338).
- Update config files.
Guillaume GARDET reported a broken build due to CONFIG_USB_SERIAL_GENERIC
being modular
- memcg: deprecate memory.force_empty knob (bnc#878274).
- nfsd: when reusing an existing repcache entry, unhash it first
(bnc#877721).
- Enable Socketcan again for i386 and x86_64 (bnc#858067)
- xhci: extend quirk for Renesas cards (bnc#877713).
- xhci: Fix resume issues on Renesas chips in Samsung laptops
(bnc#877713).
- mm: try_to_unmap_cluster() should lock_page() before mlocking
(bnc#876102, CVE-2014-3122).
- drm/i915, HD-audio: Don't continue probing when nomodeset is
given (bnc#882648).
- x86/mm/numa: Fix 32-bit kernel NUMA boot (bnc#881727).
(Important)SUSE bug 851338SUSE bug 858067SUSE bug 868315SUSE bug 869563SUSE bug 870173SUSE bug 870576SUSE bug 871561SUSE bug 872715SUSE bug 873374SUSE bug 876102SUSE bug 876981SUSE bug 877257SUSE bug 877713SUSE bug 877721SUSE bug 878115SUSE bug 878274SUSE bug 879258SUSE bug 879792SUSE bug 880599SUSE bug 880613SUSE bug 880892SUSE bug 881697SUSE bug 881727SUSE bug 882648CVE-2013-7339CVE-2014-0055CVE-2014-0077CVE-2014-2678CVE-2014-2851CVE-2014-3122CVE-2014-3144CVE-2014-3145CVE-2014-3153ctdb: Upgrade to version 2.3 to fix one security issue (Moderate)openSUSE 13.1
ctdb was updated to version 2.3 to fix several temp
file vulnerabilities (CVE-2013-4159). Various other bugs were fixed by this upgrade, most notably
bnc#867815: Avoid lockwait congestion by using an overflow queue.
(Moderate)SUSE bug 836064SUSE bug 867815CVE-2013-4159php5: Update to prevent insecure DNS TXT record parsing (Moderate)openSUSE 13.1
php5 was updated to prevent insecure DNS TXT record parsing.
This security issue was fixed:
- Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)
(Moderate)SUSE bug 882992CVE-2014-4049xalan-j2: Ensure secure processing (Moderate)openSUSE 13.1
xalan-j2 was updated to ensure secure processing can't be circumvented (CVE-2014-0107).
(Moderate)SUSE bug 870082CVE-2014-0107libreoffice: Update fixes over 80 bugs (Moderate)openSUSE 13.1
libreoffice was updated to version 4.1.6.2, thereby fixing over 80 bugs.
This security issue was fixed:
- VBA macros executed unconditionally (CVE-2014-0247)
(Moderate)SUSE bug 249775SUSE bug 404254SUSE bug 407958SUSE bug 410982SUSE bug 411855SUSE bug 414248SUSE bug 417316SUSE bug 417320SUSE bug 418307SUSE bug 421939SUSE bug 422206SUSE bug 422559SUSE bug 422569SUSE bug 422677SUSE bug 758883SUSE bug 766481SUSE bug 766487SUSE bug 779697SUSE bug 821208SUSE bug 879996CVE-2014-0247MozillaThunderbird: Update fixes six security issues (Moderate)openSUSE 13.1
MozillaThunderbird was updated to version 24.6.0 to fix six security issues:
* Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)
* Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)
* Use-after-free with SMIL Animation Controller (CVE-2014-1541)
(Moderate)SUSE bug 881874CVE-2014-1533CVE-2014-1534CVE-2014-1536CVE-2014-1537CVE-2014-1538CVE-2014-1541CVE-2014-1545seamonkey: Update fixes nine security issues (Moderate)openSUSE 13.1
seamonkey was updated to version 2.26.1 to fix nine security issues.
These security issues were fixed:
* Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)
* Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)
* Use-after-free in Event Listener Manager (CVE-2014-1540)
* Use-after-free with SMIL Animation Controller (CVE-2014-1541)
* Buffer overflow in Web Audio Speex resampler (CVE-2014-1542)
* Out of bounds write in NSPR (CVE-2014-1545)
(Moderate)SUSE bug 881874CVE-2014-1533CVE-2014-1534CVE-2014-1536CVE-2014-1537CVE-2014-1538CVE-2014-1539CVE-2014-1540CVE-2014-1541CVE-2014-1542CVE-2014-1543CVE-2014-1545update for libXfont (Moderate)openSUSE 13.1
- U_CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
* unlimited sscanf overflows stack buffer in bdfReadCharacters()
(CVE-2013-6462, bnc#854915)
(Moderate)SUSE bug 854915CVE-2013-6462samba: Update fixes four security issues (Moderate)openSUSE 13.1
samba was updated to version 4.1.9 to fix four security issues and various non-security bugs.
These security issues were fixed:
- Fix nmbd denial of service (CVE-2014-0244)
- Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler (CVE-2014-3493)
- Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response (CVE-2014-0178)
- DNS: Don't reply to replies (CVE-2014-0239)
(Moderate)SUSE bug 846586SUSE bug 866354SUSE bug 866927SUSE bug 869707SUSE bug 870570SUSE bug 870607SUSE bug 870957SUSE bug 871701SUSE bug 872396SUSE bug 873177SUSE bug 873658SUSE bug 874180SUSE bug 874656SUSE bug 875046SUSE bug 879390SUSE bug 880962SUSE bug 883758CVE-2014-0178CVE-2014-0239CVE-2014-0244CVE-2014-3493freerdp: Fixes for integer overflows (Moderate)openSUSE 13.1
freerdp was patched to fix several integer overflows.
These security issues were fixed:
* Integer overflow (CVE-2014-0791)
* Integer overflows in memory allocations in client/X11/xf_graphics.c (CVE-2014-0250)
(Moderate)SUSE bug 857491SUSE bug 880317CVE-2014-0250CVE-2014-0791memcached: Update fixes fixe security issues (Moderate)openSUSE 13.1
memcached was updated to version 1.4.20 to fix five security issues.
These security issues were fixed:
- DoS when printing out keys to be deleted in verbose mode (CVE-2013-0179)
- Remote DoS (crash) via a request that triggers "unbounded key print" (CVE-2013-7291)
- Remote DoS (segmentation fault) via a request to delete a key (CVE-2013-7290)
- SASL authentication allows wrong credentials to access memcache (CVE-2013-7239)
- Remote DoS (CVE-2011-4971)
(Moderate)SUSE bug 798458SUSE bug 817781SUSE bug 857188SUSE bug 858676SUSE bug 858677CVE-2011-4971CVE-2013-0179CVE-2013-7239CVE-2013-7290CVE-2013-7291gpg2: Fixed possible DoS (Moderate)openSUSE 13.1
gpg2 was patched to fix a possible DoS.
This security issue was fixed:
- Denial of service through infinite loop with garbled compressed data packets (CVE-2014-4617)
(Moderate)SUSE bug 884130CVE-2014-4617python, python3: Fixed JSON module (Moderate)openSUSE 13.1
python and python3 were updated to fix one security issue.
This security issue was fixed:
- Missing boundary check in JSON module (CVE-2014-4616)
(Moderate)SUSE bug 884075CVE-2014-4616security update for flash-player (Critical)openSUSE 13.1 NonFree
- Security update to 11.2.202.394 (bnc#886472):
* APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
- License update (LICENSE -> Flash%20Player_14.0.pdf).
(Critical)SUSE bug 886472CVE-2014-0537CVE-2014-0539CVE-2014-4671lzo, liblzo-2-2: fix security issue. (Moderate)openSUSE 13.1
bnc#883947: CVE-2014-4607: lzo: DoS or possible RCE by allowing an attacker to change controllflow (Moderate)SUSE bug 883947php, php5, php53: fixes several security issues (Low)openSUSE 13.1
This update fixes the following security issues with php, php5 and php53:
- bnc#884986, CVE-2014-0207: file: php5: cdf_read_short_sector insufficient boundary check
- bnc#884987, CVE-2014-3478: file: mconvert incorrect handling of truncated pascal string size
- bnc#884989, CVE-2014-3479: php53: file: cdf_check_stream_offset insufficient boundary check
- bnc#884990, CVE-2014-3480: php53: file: cdf_count_chain insufficient boundary check
- bnc#884991, CVE-2014-3487: php53: file: cdf_read_property_info insufficient boundary check
- bnc#884992, CVE-2014-3515: php5: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
(Low)SUSE bug 884986SUSE bug 884987SUSE bug 884989SUSE bug 884990SUSE bug 884991SUSE bug 884992CVE-2014-0207CVE-2014-3478CVE-2014-3479CVE-2014-3480CVE-2014-3487CVE-2014-3515dbus-1: fixes several issues (Moderate)openSUSE 13.1
CVE-2014-3532 CVE-2014-3533 bnc#885241 fdo#80163 fdo#79694 fdo#80469 (Moderate)SUSE bug 79694SUSE bug 80163SUSE bug 80469SUSE bug 885241- logrotate: fixed a security issue (Moderate)openSUSE 13.1
- update logrotate config file after switch to systemd (bnc#878788)
- added "reload" capability which was lost during switch from
sysvinit to systemd
- privoxy-3.0.16-networkmanager.systemd.patch:
update Networkmanager dispatcher to reload config of privoxy with
systemd (bnc#862339) (Moderate)SUSE bug 862339SUSE bug 878788eet: fix security issue (Moderate)openSUSE 13.1
- lz4.patch
security fix for CVE-2014-4611
(Moderate)CVE-2014-4611apache2-mod_wsgi: fixed off-by-one error in setgroups (Moderate)openSUSE 13.1
apache2-mod_wsgi was updated to fix a small of-by-one error in its use of setgroups.
Please see http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html
for more information.
(Moderate)SUSE bug 883229php5: security fixes (Moderate)openSUSE 13.1
php5 was updated to fix security issues:
CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in
the SPL component in PHP allowed context-dependent attackers to cause a
denial of service or possibly have unspecified other impact via crafted
iterator usage within applications in certain web-hosting environments.
CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c
in the SPL component in PHP allowed context-dependent attackers to
cause a denial of service or possibly have unspecified other impact via
crafted ArrayIterator usage within applications in certain web-hosting
environments.
CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in
PHP did not ensure use of the string data type for the PHP_AUTH_PW,
PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow
context-dependent attackers to obtain sensitive information from process
memory by using the integer data type with crafted values, related to a
"type confusion" vulnerability, as demonstrated by reading a private
SSL key in an Apache HTTP Server web-hosting environment with mod_ssl
and a PHP 5.3.x mod_php.
(Moderate)SUSE bug 885961SUSE bug 886059SUSE bug 886060CVE-2014-4670CVE-2014-4698CVE-2014-4721ntp: adjust default config against distributed denial of service attack (Moderate)openSUSE 13.1
The NTP time service could be used for remote denial of service amplification attacks.
This issue can be fixed by the administrator as we described in our security advisory
SUSE-SA:2014:001
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html
and on http://support.novell.com/security/cve/CVE-2013-5211.html
This update now also replaces the default ntp.conf template to fix this problem.
Please note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described.
(Moderate)SUSE bug 857195CVE-2013-5211MozillaFirefox: Update to Mozilla Firefox 31 (Important)openSUSE 13.1
MozillaFirefox was updated to version 31 to fix various security issues and bugs:
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
Buffer overflow during Web Audio buffering for playback
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
Use-after-free in Web Audio due to incorrect control message ordering
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
Toolbar dialog customization event spoofing
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150)
Use-after-free while when manipulating certificates in the trusted cache
(solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805)
Crash in Skia library when scaling high quality images
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
(bmo#1015973, bmo#1026022, bmo#997795)
Certificate parsing broken by non-standard character encoding
* MFSA 2014-66/CVE-2014-1552 (bmo#985135)
IFRAME sandbox same-origin access through redirect
Mozilla-nss was updated to 3.16.3:
New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added
in NSS 3.16.2, however, it wasn't declared in a public header file.)
Notable Changes:
* The following 1024-bit CA certificates were removed
- Entrust.net Secure Server Certification Authority
- GTE CyberTrust Global Root
- ValiCert Class 1 Policy Validation Authority
- ValiCert Class 2 Policy Validation Authority
- ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was removed as
requested by the CA:
- TDC Internet Root CA
* The following CA certificates were added:
- Certification Authority of WoSign
- CA 沃通根证书
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
- Class 3 Public Primary Certification Authority
- Class 3 Public Primary Certification Authority
- Class 2 Public Primary Certification Authority - G2
- VeriSign Class 2 Public Primary Certification Authority - G3
- AC Ra?z Certic?mara S.A.
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
changes in 3.16.2
New functionality:
* DTLS 1.2 is supported.
* The TLS application layer protocol negotiation (ALPN) extension
is also supported on the server side.
* RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism.
* New Intel AES assembly code for 32-bit and 64-bit Windows,
contributed by Shay Gueron and Vlad Krasnov of Intel.
Notable Changes:
* The btoa command has a new command-line option -w suffix, which
causes the output to be wrapped in BEGIN/END lines with the
given suffix
* The certutil commands supports additionals types of subject
alt name extensions.
* The certutil command supports generic certificate extensions,
by loading binary data from files, which have been prepared using
external tools, or which have been extracted from other existing
certificates and dumped to file.
* The certutil command supports three new certificate usage specifiers.
* The pp command supports printing UTF-8 (-u).
* On Linux, NSS is built with the -ffunction-sections -fdata-sections
compiler flags and the --gc-sections linker flag to allow unused
functions to be discarded.
changes in 3.16.1
New functionality:
* Added the "ECC" flag for modutil to select the module used for
elliptic curve cryptography (ECC) operations.
New Macros
* PUBLIC_MECH_ECC_FLAG
a public mechanism flag for elliptic curve cryptography (ECC)
operations
* SECMOD_ECC_FLAG
an NSS-internal mechanism flag for elliptic curve cryptography
(ECC) operations. This macro has the same numeric value as
PUBLIC_MECH_ECC_FLAG.
Notable Changes:
* Imposed name constraints on the French government root CA ANSSI
(DCISS).
(Important)SUSE bug 887746CVE-2014-1544CVE-2014-1547CVE-2014-1548CVE-2014-1549CVE-2014-1550CVE-2014-1552CVE-2014-1555CVE-2014-1556CVE-2014-1557CVE-2014-1558CVE-2014-1559CVE-2014-1560CVE-2014-1561update for pulseaudio (Moderate)openSUSE 13.1
This update fixes the following security issue:
(bnc#881524) CVE-2014-3970 - Denial of service in module-rtp-recv
(Moderate)CVE-2014-3970update for exim (Moderate)openSUSE 13.1
Changes in exim:
- Silence static checkers; (beo#1506).
- update to 4.83
This release of Exim includes one incompatible fix:
+ the behavior of expansion of arguments to math comparison functions
(<, <=, =, =>, >) was unexpected, expanding the values twice;
CVE-2014-2972; (bnc#888520)
This release contains the following enhancements and bugfixes:
+ PRDR was promoted from Experimental to mainline
+ OCSP Stapling was promoted from Experimental to mainline
+ new Experimental feature Proxy Protocol
+ new Experimental feature DSN (Delivery Status Notifications)
+ TLS session improvements
+ TLS SNI fixes
+ LDAP enhancements
+ DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy
+ several new operations (listextract, utf8clean, md5, sha1)
+ enforce header formatting with verify=header_names_ascii
+ new commandline option -oMm
+ new TLSA dns lookup
+ new malware "sock" type
+ cutthrough routing enhancements
+ logging enhancements
+ DNSSEC enhancements
+ exiqgrep enhancements
+ deprecating non-standard SPF results
+ build and portability fixes
+ documentation fixes and enhancements
- Verify source tar ball gpg signature.
- Refresh exim-enable_ecdh_openssl.patch and strip version number from the
patch filename.
- exim482-enable_ecdh_openssl.patch: Enable ECDH (elliptic curve diffie
hellman) support, taken from http://bugs.exim.org/show_bug.cgi?id=1397
- BuildRequire libopenssl-devel only on SUSE systems.
- Fix suse_version condition of the pre- and postun scriptlets.
- Call service_add_pre from pre scriptlet on post-12.2 systems.
- update to 4.82
- Add -bI: framework, and -bI:sieve for querying sieve capabilities.
- Make -n do something, by making it not do something.
When combined with -bP, the name of an option is not output.
- Added tls_dh_min_bits SMTP transport driver option, only honoured
by GnuTLS.
- First step towards DNSSEC, provide $sender_host_dnssec for
$sender_host_name and config options to manage this, and basic check
routines.
- DSCP support for outbound connections and control modifier for inbound.
- Cyrus SASL: set local and remote IP;port properties for driver.
(Only plugin which currently uses this is kerberos4, which nobody should
be using, but we should make it available and other future plugins might
conceivably use it, even though it would break NAT; stuff *should* be
using channel bindings instead).
- Handle "exim -L <tag>" to indicate to use syslog with tag as the process
name; added for Sendmail compatibility; requires admin caller.
Handle -G as equivalent to "control = suppress_local_fixups" (we used to
just ignore it); requires trusted caller.
Also parse but ignore: -Ac -Am -X<logfile>
Bugzilla 1117.
- Bugzilla 1258 - Refactor MAIL FROM optional args processing.
- Add +smtp_confirmation as a default logging option.
- Bugzilla 198 - Implement remove_header ACL modifier.
- Bugzilla 1197, 1281, 1283 - Spec typo.
- Bugzilla 1290 - Spec grammar fixes.
- Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
- Add Experimental DMARC support using libopendmarc libraries.
- Fix an out of order global option causing a segfault. Reported to dev
mailing list by by Dmitry Isaikin.
- Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
- Support "G" suffix to numbers in ${if comparisons.
- Handle smtp transport tls_sni option forced-fail for OpenSSL.
- Bugzilla 1196 - Spec examples corrections
- Add expansion operators ${listnamed:name} and ${listcount:string}
- Add gnutls_allow_auto_pkcs11 option (was originally called
gnutls_enable_pkcs11, but renamed to more accurately indicate its
function.
- Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
- Add expansion item ${acl {name}{arg}...}, expansion condition
"acl {{name}{arg}...}", and optional args on acl condition
"acl = name arg..."
- Permit multiple router/transport headers_add/remove lines.
- Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
- Avoid using a waiting database for a single-message-only transport.
Performance patch from Paul Fisher. Bugzilla 1262.
- Strip leading/trailing newlines from add_header ACL modifier data.
Bugzilla 884.
- Add $headers_added variable, with content from use of ACL modifier
add_header (but not yet added to the message). Bugzilla 199.
- Add 8bitmime log_selector, for 8bitmime status on the received line.
Pulled from Bugzilla 817 by Wolfgang Breyha.
- SECURITY: protect DKIM DNS decoding from remote exploit.
CVE-2012-5671
(nb: this is the same fix as in Exim 4.80.1)
- Add A= logging on delivery lines, and a client_set_id option on
authenticators.
- Add optional authenticated_sender logging to A= and a log_selector
for control.
- Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
- Dovecot auth: log better reason to rejectlog if Dovecot did not
advertise SMTP AUTH mechanism to us, instead of a generic
protocol violation error. Also, make Exim more robust to bad
data from the Dovecot auth socket.
- Fix ultimate retry timeouts for intermittently deliverable recipients.
- When a queue runner is handling a message, Exim first routes the
recipient addresses, during which it prunes them based on the retry
hints database. After that it attempts to deliver the message to
any remaining recipients. It then updates the hints database using
the retry rules.
- So if a recipient address works intermittently, it can get repeatedly
deferred at routing time. The retry hints record remains fresh so the
address never reaches the final cutoff time.
- This is a fairly common occurrence when a user is bumping up against
their storage quota. Exim had some logic in its local delivery code
to deal with this. However it did not apply to per-recipient defers
in remote deliveries, e.g. over LMTP to a separate IMAP message store.
- This change adds a proper retry rule check during routing so that the
final cutoff time is checked against the message's age. We only do
this check if there is an address retry record and there is not a
domain retry record; this implies that previous attempts to handle
the address had the retry_use_local_parts option turned on. We use
this as an approximation for the destination being like a local
delivery, as in LMTP.
- I suspect this new check makes the old local delivery cutoff check
redundant, but I have not verified this so I left the code in place.
- Correct gecos expansion when From: is a prefix of the username.
- Test 0254 submits a message to Exim with the header
Resent-From: f
- When I ran the test suite under the user fanf2, Exim expanded
the header to contain my full name, whereas it should have added
a Resent-Sender: header. It erroneously treats any prefix of the
username as equal to the username.
This change corrects that bug.
- DCC debug and logging tidyup
Error conditions log to paniclog rather than rejectlog.
Debug lines prefixed by "DCC: " to remove any ambiguity.
- Avoid unnecessary rebuilds of lookup-related code.
- Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
Bug spotted by Jeremy Harris; was flawed since initial commit.
Would have resulted in OCSP responses post-SNI triggering an Exim
NULL dereference and crash.
- Add $router_name and $transport_name variables. Bugzilla 308.
- Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
Bug detection, analysis and fix by Samuel Thibault.
Bugzilla 1331, Debian bug #698092.
- Update eximstats to watch out for senders sending 'HELO [IpAddr]'
- SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
Server implementation by Todd Lyons, client by JH.
Only enabled when compiled with EXPERIMENTAL_PRDR. A new
config variable "prdr_enable" controls whether the server
advertises the facility. If the client requests PRDR a new
acl_data_smtp_prdr ACL is called once for each recipient, after
the body content is received and before the acl_smtp_data ACL.
The client is controlled by bolth of: a hosts_try_prdr option
on the smtp transport, and the server advertisement.
Default client logging of deliveries and rejections involving
PRDR are flagged with the string "PRDR".
- Fix problems caused by timeouts during quit ACLs trying to double
fclose(). Diagnosis by Todd Lyons.
Update configure.default to handle IPv6 localhost better.
Patch by Alain Williams (plus minor tweaks).
Bugzilla 880.
- OpenSSL made graceful with empty tls_verify_certificates setting.
This is now consistent with GnuTLS, and is now documented: the
previous undocumented portable approach to treating the option as
unset was to force an expansion failure. That still works, and
an empty string is now equivalent.
- Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
not performing validation itself.
- Added force_command boolean option to pipe transport.
Patch from Nick Koston, of cPanel Inc.
- AUTH support on callouts (and hence cutthrough-deliveries).
Bugzilla 321, 823.
- Added udpsend ACL modifer and hexquote expansion operator
- Fix eximon continuous updating with timestamped log-files.
Broken in a format-string cleanup in 4.80, missed when I repaired the
other false fix of the same issue.
Report and fix from Heiko Schlichting.
Bugzilla 1363.
- Guard LDAP TLS usage against Solaris LDAP variant.
Report from Prashanth Katuri.
- Support safari_ecdhe_ecdsa_bug for openssl_options.
It's SecureTransport, so affects any MacOS clients which use the
system-integrated TLS libraries, including email clients.
- Fix segfault from trying to fprintf() to a NULL stdio FILE* if
using a MIME ACL for non-SMTP local injection.
Report and assistance in diagnosis by Warren Baker.
- Adjust exiqgrep to be case-insensitive for sender/receiver.
- Fix comparisons for 64b. Bugzilla 1385.
- Add expansion variable $authenticated_fail_id to keep track of
last id that failed so it may be referenced in subsequent ACL's.
- Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
Alexander Miroch.
- Bugzilla 1382 - Option ldap_require_cert overrides start_tls
ldap library initialization, allowing self-signed CA's to be
used. Also properly sets require_cert option later in code by
using NULL (global ldap config) instead of ldap handle (per
session). Bug diagnosis and testing by alxgomz.
- Enhanced documentation in the ratelimit.pl script provided in
the src/util/ subdirectory.
- Bug 1301 - Imported transport SQL logging patch from Axel Rau
renamed to Transport Post Delivery Action by Jeremy Harris, as
EXPERIMENTAL_TPDA.
- Bugzilla 1217 - Redis lookup support has been added. It is only enabled
when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
redis_servers = needs to be configured which will be used by the redis
lookup. Patch from Warren Baker, of The Packet Hub.
- Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
- Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
hostname or reverse DNS when processing a host list. Used suggestions
from multiple comments on this bug.
- Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
- Had previously added a -CONTINUE option to runtest in the test suite.
Missed a few lines, added it to make the runtest require no keyboard
interaction.
- Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
contains upper case chars. Make router use caseful_local_part.
- Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
support when GnuTLS has been built with p11-kit.
- Add systemd support for openSUSE > 12.2
- Remove some obsolete conditionnal macros
- exim.spec forces the use of SSL libraries,
so make sure the BuildRequires are there.
Also add previously implicit cyrus-sasl back.
- Fixed another remote code execution issue (CVE-2011-1407 / bnc#694798)
- Fixed STARTTLS command injection (bnc#695144) (Moderate)SUSE bug 694798SUSE bug 695144SUSE bug 888520CVE-2011-1407CVE-2012-5671CVE-2014-2957CVE-2014-2972chromium: update to 36.0.1985.125 (Important)openSUSE 13.1
Chromium was updated to version 36.0.1985.125.
New Functionality:
* Rich Notifications Improvements
* An Updated Incognito / Guest NTP design
* The addition of a Browser crash recovery bubble
* Chrome App Launcher for Linux
* Lots of under the hood changes for stability and performance
Security Fixes (bnc#887952,bnc#887955):
* CVE-2014-3160: Same-Origin-Policy bypass in SVG
* CVE-2014-3162: Various fixes from internal audits, fuzzing
and other initiatives
and 24 more fixes for which no description was given.
Packaging changes:
* Switch to newer method to retrieve toolchain packages. Dropping
the three naclsdk_*tgz files. Everything is now included in the
toolchain_linux_x86.tar.bz2 tarball
* Add Courgette.tar.xz as that the build process now requires
some files from Courgette in order to build succesfully. This
does not mean that Courgette is build/delivered.
Includes also an update to Chromium 35.0.1916.153
Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263):
* CVE-2014-3154: Use-after-free in filesystem api
* CVE-2014-3155: Out-of-bounds read in SPDY
* CVE-2014-3156: Buffer overflow in clipboard
* CVE-2014-3157: Heap overflow in media
(Important)SUSE bug 882263SUSE bug 882264SUSE bug 882265SUSE bug 887952SUSE bug 887955CVE-2014-3154CVE-2014-3155CVE-2014-3156CVE-2014-3157CVE-2014-3160CVE-2014-3162transmission: security update (Moderate)openSUSE 13.1
transmission was updated to fix a peer communication
vulnerability (no known exploits). (bnc#887079, CVE-2014-4909).
(Moderate)SUSE bug 887079CVE-2014-4909kdelibs4: update to fix a DBUS / PolicyKit checking race condition (Moderate)openSUSE 13.1
KDE4 Libraries and Workspace received a security fix to fix
a race condition in DBUS/Polkit authorization, where local
attackers could potentially call root KDE services without
proper authenticiation. (CVE-2014-5033)
Additionaly a interlaced GIF display bug in KHTML was fixed. (kde#330148)
This update also includes a kdebase4-workspace minor version update to 4.11.11 with various bugfixes.
(Moderate)SUSE bug 819437SUSE bug 864716CVE-2014-5033security update for krb5 (Low)openSUSE 13.1
The following security isses are fixed in this update:
CVE-2014-4341 CVE-2014-4342: denial of service flaws when handling RFC 1964 tokens (bnc#886016)
CVE-2014-4343 CVE-2014-4344: multiple flaws in SPNEGO (bnc#888697) (Low)SUSE bug 886016SUSE bug 888697CVE-2014-4341CVE-2014-4342CVE-2014-4343CVE-2014-4344MozillaThunderbird: Update to 24.7.0 (Important)openSUSE 13.1
MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150)
Use-after-free while when manipulating certificates in the trusted cache
(solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805)
Crash in Skia library when scaling high quality images
A standalone enigmail 1.7 package that was previously built as part of
MozillaThunderbird was added.
(Important)SUSE bug 887746CVE-2014-1544CVE-2014-1547CVE-2014-1548CVE-2014-1555CVE-2014-1556CVE-2014-1557cipher upgrade and SNI support for apache2-mod_nss, bug fixes (Moderate)openSUSE 13.1
apache2-mod_nss is alternative yet not exclusive to mod_nss.
This update introduces Server Name Indication support to mod_nss, which was
not available previously. In addition to SNI, GCM ciphers have been added
to the cipher list of mod_nss.
A bug was corrected that prevented the entry of the certificate store passphrase
if such a passphrase was set.
Please note that the configuration presets were slightly changed so that the new
ciphers are preferred (NSSCipherSuite directive), and the VirtualHost directive
is now contained in /etc/apache2/vhosts.d/vhost-nss.templace (not used by
apache because not named *.conf).
(Moderate)SUSE bug 859439SUSE bug 863518SUSE bug 878681update for kdirstat (Moderate)openSUSE 13.1
The following security fixes are fixed in this update:
- command injection (CVE-2014-2528) with patch from upstream (bnc#868682)
(Moderate)SUSE bug 868682CVE-2014-2528update for jbigkit (Moderate)openSUSE 13.1
The following security issue is fixed in this update
- [bnc#870855] - CVE-2013-6369: jbigkit buffer overflow
(Moderate)SUSE bug 870855CVE-2013-6369security update for elfutils (Low)openSUSE 13.1
Fix integer overflow in check_section (CVE-2014-0172, bnc#872785) (Low)SUSE bug 872785CVE-2014-0172update for tor (Moderate)openSUSE 13.1
- Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117]
Slows down the risk from guard rotation and backports several
important fixes from the Tor 0.2.5 alpha release series.
- Major features:
- Clients now look at the "usecreatefast" consensus parameter to
decide whether to use CREATE_FAST or CREATE cells for the first hop
of their circuit. This approach can improve security on connections
where Tor's circuit handshake is stronger than the available TLS
connection security levels, but the tradeoff is more computational
load on guard relays.
- Make the number of entry guards configurable via a new
NumEntryGuards consensus parameter, and the number of directory
guards configurable via a new NumDirectoryGuards consensus
parameter.
- Major bugfixes:
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
implementation that caused incorrect results on 32-bit
implementations when certain malformed inputs were used along with
a small class of private ntor keys.
- Minor bugfixes:
- Warn and drop the circuit if we receive an inbound 'relay early'
cell.
- Correct a confusing error message when trying to extend a circuit
via the control protocol but we don't know a descriptor or
microdescriptor for one of the specified relays.
- Avoid an illegal read from stack when initializing the TLS module
using a version of OpenSSL without all of the ciphers used by the
v2 link handshake.
(Moderate)SUSE bug 889688CVE-2014-5117kernel: security and bugfix update (Important)openSUSE 13.1
The Linux kernel was updated to fix security issues and bugs:
Security issues fixed:
CVE-2014-4699: The Linux kernel on Intel processors did not properly
restrict use of a non-canonical value for the saved RIP address in the
case of a system call that does not use IRET, which allowed local users
to leverage a race condition and gain privileges, or cause a denial of
service (double fault), via a crafted application that makes ptrace and
fork system calls.
CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
in the Linux kernel did not properly manage a certain backlog value,
which allowed remote attackers to cause a denial of service (socket
outage) via a crafted SCTP packet.
CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement
the interaction between range notification and hole punching, which
allowed local users to cause a denial of service (i_mutex hold) by using
the mmap system call to access a hole, as demonstrated by interfering
with intended shmem activity by blocking completion of (1) an MADV_REMOVE
madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
x86 platforms, when syscall auditing is enabled and the sep CPU feature
flag is set, allowed local users to cause a denial of service (OOPS
and system crash) via an invalid syscall number, as demonstrated by
number 1000.
CVE-2014-0100: Race condition in the inet_frag_intern function in
net/ipv4/inet_fragment.c in the Linux kernel allowed remote attackers
to cause a denial of service (use-after-free error) or possibly have
unspecified other impact via a large series of fragmented ICMP Echo
Request packets to a system with a heavy CPU load.
CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
the ALSA control implementation in the Linux kernel allowed local users
to cause a denial of service by leveraging /dev/snd/controlCX access,
related to (1) index values in the snd_ctl_add function and (2) numid
values in the snd_ctl_remove_numid_conflict function.
CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in
the ALSA control implementation in the Linux kernel did not properly
maintain the user_ctl_count value, which allowed local users to
cause a denial of service (integer overflow and limit bypass)
by leveraging /dev/snd/controlCX access for a large number of
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
in the ALSA control implementation in the Linux kernel did not check
authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
local users to remove kernel controls and cause a denial of service
(use-after-free and system crash) by leveraging /dev/snd/controlCX access
for an ioctl call.
CVE-2014-4653: sound/core/control.c in the ALSA control implementation
in the Linux kernel did not ensure possession of a read/write lock,
which allowed local users to cause a denial of service (use-after-free)
and obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access.
CVE-2014-4652: Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
implementation in the Linux kernel allowed local users to obtain sensitive
information from kernel memory by leveraging /dev/snd/controlCX access.
CVE-2014-4014: The capabilities implementation in the Linux kernel
did not properly consider that namespaces are inapplicable to inodes,
which allowed local users to bypass intended chmod restrictions by first
creating a user namespace, as demonstrated by setting the setgid bit on
a file with group ownership of root.
CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
Linux kernel did not properly count the addition of routes, which allowed
remote attackers to cause a denial of service (memory consumption)
via a flood of ICMPv6 Router Advertisement packets.
CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.
CVE-2014-0131: Use-after-free vulnerability in the skb_segment function
in net/core/skbuff.c in the Linux kernel allowed attackers to obtain
sensitive information from kernel memory by leveraging the absence of
a certain orphaning operation.
Bugs fixed:
- Don't trigger congestion wait on dirty-but-not-writeout pages
(bnc#879071).
- via-velocity: fix netif_receive_skb use in irq disabled section
(bnc#851686).
- HID: logitech-dj: Fix USB 3.0 issue (bnc#886629).
- tg3: Change nvram command timeout value to 50ms (bnc#768714
bnc#855657).
- tg3: Override clock, link aware and link idle mode during
NVRAM dump (bnc#768714 bnc#855657).
- tg3: Set the MAC clock to the fastest speed during boot code
load (bnc#768714 bnc#855657).
- ALSA: usb-audio: Fix deadlocks at resuming (bnc#884840).
- ALSA: usb-audio: Save mixer status only once at suspend
(bnc#884840).
- ALSA: usb-audio: Resume mixer values properly (bnc#884840).
(Important)SUSE bug 768714SUSE bug 851686SUSE bug 855657SUSE bug 866101SUSE bug 867531SUSE bug 867723SUSE bug 879071SUSE bug 880484SUSE bug 882189SUSE bug 883518SUSE bug 883724SUSE bug 883795SUSE bug 884840SUSE bug 885422SUSE bug 885725SUSE bug 886629CVE-2014-0100CVE-2014-0131CVE-2014-2309CVE-2014-3917CVE-2014-4014CVE-2014-4171CVE-2014-4508CVE-2014-4652CVE-2014-4653CVE-2014-4654CVE-2014-4655CVE-2014-4656CVE-2014-4667CVE-2014-4699update for flash-player (Critical)openSUSE 13.1 NonFree
This critical flash-player update fixes the following CVEs:
- Security update to 11.2.202.400 (bnc#891688):
* APSB14-18, CVE-2014-0538, CVE-2014-0540, CVE-2014-0541,
CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
(Critical)SUSE bug 891688CVE-2014-0538CVE-2014-0540CVE-2014-0541CVE-2014-0542CVE-2014-0543CVE-2014-0544CVE-2014-0545update for wireshark (Moderate)openSUSE 13.1
This wireshark version update to 1.10.9 fixes the following security
issues:
- fixes several crashes triggered by malformed protocol packages
* The Catapult DCT2000 and IrDA dissectors could underrun a buffer
wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 (bnc#889901)
* The GSM Management dissector could crash
wnpa-sec-2014-09 CVE-2014-5163 (bnc#889906)
* The RLC dissector could crash
wnpa-sec-2014-10 CVE-2014-5164 (bnc#889900)
* The ASN.1 BER dissector could crash
wnpa-sec-2014-11 CVE-2014-5165 (bnc#889899)
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html
(Moderate)SUSE bug 889899SUSE bug 889900SUSE bug 889901SUSE bug 889906CVE-2014-5161CVE-2014-5162CVE-2014-5163CVE-2014-5164CVE-2014-5165update for gpgme (Moderate)openSUSE 13.1
This gpgme update to version 1.4.4 fixes the following security and non i
security issues:
- Fixed possible overflow in gpgsm and uiserver engines.
(CVE-2014-3564, bnc#890123)
- Fixed possibled segv in gpgme_op_card_edit.
- Fixed minor memleaks and possible zombie processes.
- Fixed prototype inconsistencies and void pointer arithmetic.
(Moderate)SUSE bug 890123CVE-2014-3564update for apache2-mod_security2 (Moderate)openSUSE 13.1
This is apache2-mod_security2 update fixes the following security issue:
- Specially drafted chunked http requests allow to bypass filters
configured in mod_security2. This vulnerability is known as
CVE-2013-5705 and was handled in bnc#871309.
(Moderate)SUSE bug 871309CVE-2013-5705update for apache2 (Moderate)openSUSE 13.1
This apache2 update fixes the following security issues:
- fix for crash in mod_proxy processing specially crafted requests with
reverse proxy configurations that results in a crash and a DoS
condition for the server. CVE-2014-0117
- new config option CGIDScriptTimeout set to 60s in new file
conf.d/cgid-timeout.conf, preventing worker processes hanging forever
if a cgi launched from them has stopped reading input from the server
(DoS). CVE-2014-0231
- Fix for a NULL pointer dereference in mod_cache that causes a crash in
caching forwarding configurations, resulting in a DoS condition.
CVE-2013-4352
- fix for crash in parsing cookie content, resulting in a DoS against
the server CVE-2014-0098
- fix for mod_status race condition in scoreboard handling and
consecutive heap overflow and information disclosure if access to
mod_status is granted to a potential attacker. CVE-2014-0226
- fix for improper handling of whitespace characters from CDATA sections
to mod_dav, leading to a crash and a DoS condition of the apache
server process CVE-2013-6438
(Moderate)SUSE bug 869105SUSE bug 869106SUSE bug 887765SUSE bug 887767SUSE bug 887768SUSE bug 887771CVE-2013-4352CVE-2013-6438CVE-2014-0098CVE-2014-0117CVE-2014-0226CVE-2014-0231update for python (Moderate)openSUSE 13.1
This python update fixes the following security and no security issues:
- CGIHTTPServer file disclosure and directory traversal through
URL-encoded characters (CVE-2014-4650, bnc#885882)
- remove link count optimizations that are incorrect on btrfs (and
possibly other filesystems)
(Moderate)SUSE bug 885882CVE-2014-4650update for python3 (Moderate)openSUSE 13.1
This python3 update fixes the following security and non security issues:
- CGIHTTPServer file disclosure and directory traversal through
URL-encoded characters (CVE-2014-4650, bnc#885882)
- fix import_failed hook file names
(Moderate)SUSE bug 885882CVE-2014-4650samba: security update (Moderate)openSUSE 13.1
This samba update fixes the following security and non security issues:
- Fix winbind service parameter usage; (bnc#890005).
- lib/param: change the default for "winbind expand groups" to "0";
(bnc#890008).
- Update to 4.1.11.
+ A malicious browser can send packets that may overwrite the heap of the
target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).
- Fix "net time" segfault; (bso#10728); (bnc#889539).
- Update to 4.1.10.
+ net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263).
+ dbcheck: Add check and test for various invalid userParameters values;
(bso#8077).
+ s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for
now; (bso#8077).
+ Simple use case results in "no talloc stackframe around, leaking memory"
error; (bso#8449).
+ s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763).
+ dsdb: Always store and return the userParameters as a array of LE 16-bit
values; (bso#10130).
+ s4:repl_meta_data: fix array assignment in
replmd_process_linked_attribute(); (bso#10294).
+ ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory();
(bso#10469).
+ dbchecker: Verify and fix broken dn values; (bso#10536).
+ dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582).
+ s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1
servers; (bso#10587).
+ Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret";
(bso#10593).
+ rid_array used before status checked - segmentation fault due to null
pointer dereference; (bso#10627).
+ Samba won't start on a machine configured with only IPv4; (bso#10653).
+ msg_channel: Fix a 100% CPU loop; (bso#10663).
+ s3: smbd: Prevent file truncation on an open that fails with share mode
violation; (bso#10671); (bnc#884056).
+ s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673).
+ samba-tool: Add --site parameter to provision command; (bso#10674).
+ smbstatus: Fix an uninitialized variable; (bso#10680).
+ SMB1 blocking locks can fail notification on unlock, causing client
timeout; (bso#10684).
+ s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap();
(bso#10685).
+ 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the
invalid status check in the second client; (bso#10687).
+ wbcCredentialCache fails if challenge_blob is not first; (bso#10692).
+ Backport ldb-1.1.17 + changes from master; (bso#10693).
+ Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).
+ ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693).
+ ldb: Do not build libldb-cmdline when using system ldb; (bso#10693).
+ ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798,
1034791, 1034792 1034910, 1034910); (bso#10693).
+ ldb: make the successful ldb_transaction_start() message clearer;
(bso#10693).
+ ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693).
+ ldb: Use of NULL pointer bugfix; (bso#10693).
+ lib/ldb: Fix compiler warnings; (bso#10693).
+ pyldb: Decrement ref counters on py_results and quiet warnings;
(bso#10693).
+ s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c;
(bso#10693).
+ dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694).
+ s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).
+ Backport autobuild/selftest fixes from master; (bso#10696).
+ Backport drs-crackname fixes from master; (bso#10698).
+ smbd: Avoid double-free in get_print_db_byname; (bso#10699).
+ Backport access check related fixes from master; (bso#10700).
+ Backport provision fixes from master; (bso#10703).
+ s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX();
(bso#10706).
+ s3: Fix missing braces in nfs4_acls.c.
- Add missing newline to debug message in daemon_ready(); (bnc#865627).
- BuildRequire systemd-devel, configure --with-systemd, and modify the service
files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).
- Prevent file truncation on an open that fails with share mode violation;
(bso#10671); (bnc#884056).
Dependend libraries were version updated:
libtdb was updated to version 1.3.0. (lots of bugfixes, some new functionality)
libtevent was updated to 0.9.21. (lots of bugfixes, some new functionality)
libldb was updated to to 1.1.17 (lots of bugfixes, some new functionality)
libtalloc was updated to 2.1.1. (lots of bugfixes, some new functionality)
(Moderate)SUSE bug 865627SUSE bug 884056SUSE bug 889429SUSE bug 889539SUSE bug 890005SUSE bug 890008CVE-2014-3560update for krb5, krb5-doc, krb5-mini (Moderate)openSUSE 13.1
Thit MIT krb5 update fixes the following security issue:
- buffer overrun in kadmind with LDAP backend (bnc#891082, CVE-2014-4345)
(Moderate)SUSE bug 891082CVE-2014-4345update for openssl (Moderate)openSUSE 13.1
This openssl update fixes the following security issues:
- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)
(Moderate)SUSE bug 890764SUSE bug 890765SUSE bug 890766SUSE bug 890767SUSE bug 890768SUSE bug 890769SUSE bug 890770SUSE bug 890771SUSE bug 890772CVE-2014-3505CVE-2014-3506CVE-2014-3507CVE-2014-3508CVE-2014-3509CVE-2014-3510CVE-2014-3511CVE-2014-3512CVE-2014-5139- Update to version neutron-2013.2.4.dev84.gbe0c1d1: (Moderate)openSUSE 13.1
- Update to version neutron-2013.2.4.dev84.gbe0c1d1:
* Fix get_vif_port_by_id to only return relevant ports
- Update to version neutron-2013.2.4.dev82.gd1a9a9d:
* LBaaS add missing rootwrap filter for route
* NVP plugin:fix delete sec group when backend is out of sync
* Kill 'Skipping unknown group key: firewall_driver' log trace
- Update to version neutron-2013.2.4.dev76.g0397e59:
* Added missing plugin .ini files to setup.cfg
- Update to version neutron-2013.2.4.dev75.g1859a5a:
* OVS lib defer apply doesn't handle concurrency
* Fixed floating IP logic in PLUMgrid plugin
* tests/unit: Initialize core plugin in TestL3GwModeMixin
- Update to version neutron-2013.2.4.dev69.ge5fed48:
* Install SNAT rules for ipv4 only
- Update to version neutron-2013.2.4.dev68.ge075c5f:
* Optionally delete namespaces when they are no longer needed
- Update to version neutron-2013.2.4.dev66.g208667b:
* l2-population : send flooding entries when the last port goes down
* l2-population/lb/vxlan : ip neigh add command failed
- Update to version neutron-2013.2.4.dev62.g93a43a6:
* Fixes the Hyper-V agent individual ports metrics
- Update to version neutron-2013.2.4.dev60.ge312dc7: (Moderate)SUSE bug 874757update for libserf, subversion (Moderate)openSUSE 13.1
This subversion and libserf update fixes several security and
non security issues:
- subversion: guard against md5 hash collisions when finding cached
credentials [bnc#889849] [CVE-2014-3528]
- subversion: ra_serf: properly match wildcards in SSL certs.
[bnc#890511] [CVE-2014-3522]
- libserf: Handle NUL bytes in fields of an X.509 certificate.
[bnc#890510] [CVE-2014-3504]
(Moderate)SUSE bug 889849SUSE bug 890510SUSE bug 890511CVE-2014-3504CVE-2014-3522CVE-2014-3528libgcrypt: Remediation for side-channel attack on Elgamal encryption subkeys (Moderate)openSUSE 13.1
libgcrypt was updated to 1.5.4 to prevent a side-channel attack on Elgamal encryption subkeys.
Besides that the following issues were resolved:
- Improved performance of RSA, DSA, and Elgamal by using a new exponentiation algorithm.
- Fixed a subtle bug in mpi_set_bit which could set spurious bits.
- Fixed a bug in an internal division function.
(Moderate)SUSE bug 891018update for IPython (Moderate)openSUSE 13.1
This IPython update fixes the following security issue:
- RCE in IPython Notebook via cross-origin websocket connection
(CVE-2014-3429, bnc#887577)
(Moderate)SUSE bug 887577CVE-2014-3429update for phpMyAdmin (Moderate)openSUSE 13.1
This phpMyAdmin update addresses several security and non security
issues:
- This is a phpMyAdmin version upgrade (bnc#892401):
(From 4.1.14.3):
* sf#4501 [security] XSS in table browse page (CVE-2014-5273)
* sf#4502 [security] Self-XSS in enum value editor (CVE-2014-5273)
* sf#4503 [security] Self-XSSes in monitor (CVE-2014-5273)
* sf#4505 [security] XSS in view operations page (CVE-2014-5274)
* sf#4504 [security] Self-XSS in query charts (CVE-2014-5273)
* sf#4517 [security] XSS in relation view (CVE-2014-5273)
(From 4.1.14.2):
* sf#4488 [security] XSS injection due to unescaped table name
(triggers)(CVE-2014-4955)
* sf#4492 [security] XSS in AJAX confirmation messages (CVE-2014-4986)
* sf#4491 [security] Missing validation for accessing User groups
feature (CVE-2014-4987)
(From 4.1.14.1):
* sf#4464 [security] XSS injection due to unescaped db/table name in
navigation hiding (CVE-2014-4349)
(From 4.1.14.0 through 4.1.9.0):
* Numerous non-security bugfixes are listed at
https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog
(Moderate)SUSE bug 892401CVE-2014-4349CVE-2014-4955CVE-2014-4986CVE-2014-4987CVE-2014-5273CVE-2014-5274enigmail: security fix (Moderate)openSUSE 13.1
enigmail was updated to version 1.7.2 (bnc#893330)
* bugfix release which contains several bugfixes including
mail with only Bcc recipients sent in plain text (CVE-2014-5369)
(Moderate)SUSE bug 893330CVE-2014-5369MozillaFirefox: Security update to Firefox 32 (Moderate)openSUSE 13.1
Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs.
Security issues fixed:
MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via
TippingPoint's Zero Day Initiative, a use-after-free during text layout when
interacting with the setting of text direction. This results in a
use-after-free which can lead to arbitrary code execution.
MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered
an out-of-bounds read during the creation of an audio timeline in Web Audio.
This results in a crash and could allow for the reading of random memory
values.
MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski
discovered that when a malformated GIF image is rendered in certain
circumstances, memory is not properly initialized before use. The resulting
image then uses this memory during rendering. This could allow for the a script
in web content to access this unitialized memory using the <canvas> feature.
MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of
the Google Chrome Security Team used the Address Sanitizer tool to discover a
use-after-free during cycle collection. This was found in interactions with the
SVG content through the document object model (DOM) with animating SVG content.
This leads to a potentially exploitable crash.
MFSA 2014-67: Mozilla developers and community identified and fixed several
memory safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7,
ESR 31 and Firefox 31. (CVE-2014-1562)
Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong,
Jesse Ruderman, and JW Wang reported memory safety problems and crashes that
affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553)
Gary Kwong, Christian Holler, and David Weir reported memory safety problems
and crashes that affect Firefox 31. (CVE-2014-1554)
Mozilla NSS was updated to 3.16.4:
Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.
(Moderate)SUSE bug 894201SUSE bug 894370CVE-2014-1553CVE-2014-1562CVE-2014-1563CVE-2014-1564CVE-2014-1565CVE-2014-1567MozillaThunderbird: Update to 31.1 release (Important)openSUSE 13.1
MozillaThunderbird was updated to Thunderbird 31.1.0 (bnc#894370), fixinfg security issues:
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1562
Miscellaneous memory safety hazards
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
Use-after-free during DOM interactions with SVG
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
Uninitialized memory use during GIF rendering
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
Out-of-bounds read in Web Audio audio timeline
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
Use-after-free setting text directionality
- update to Thunderbird 31.0
* based on Gecko 31
* Autocompleting email addresses now matches against any part of
the name or email
* Composing a mail to a newsgroup will now autocomplete newsgroup
names
* Insecure NTLM (pre-NTLMv2) authentication disabled
(Important)SUSE bug 894370CVE-2014-1553CVE-2014-1562CVE-2014-1563CVE-2014-1564CVE-2014-1565CVE-2014-1567net-snmp: fix for remote denial of service issue (Moderate)openSUSE 13.1
net-snmp was updated to fix a remote denial of service problem inside snmptrapd when started
with the "-OQ" option (CVE-2014-3565)(bnc#894361)
(Moderate)SUSE bug 894361CVE-2014-3565flash-player: security update to 11.2.202.40 (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.406 (bnc#895856):
* APSB14-21, CVE-2014-0547, CVE-2014-0548, CVE-2014-0549,
CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553,
CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557,
CVE-2014-0559
More information can be found on:
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
(Important)SUSE bug 895856CVE-2014-0547CVE-2014-0548CVE-2014-0549CVE-2014-0550CVE-2014-0551CVE-2014-0552CVE-2014-0553CVE-2014-0554CVE-2014-0555CVE-2014-0556CVE-2014-0557CVE-2014-0559glibc: security update (Important)openSUSE 13.1
glibc was updated to fix three security issues:
- A directory traversal in locale environment handling was fixed
(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)
- Disable gconv transliteration module loading which could be used for
code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
bnc#894553, BZ #17325)
(Important)SUSE bug 887022SUSE bug 892073SUSE bug 894553CVE-2014-0475CVE-2014-5119CVE-2014-6040procmail: fixed a heap overflow in formail (Important)openSUSE 13.1
procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers (bnc#894999, CVE-2014-3618)
(Important)SUSE bug 894999CVE-2014-3618LibreOffice: two security fixes (Important)openSUSE 13.1
This update fixes memory corruption vulnerability in DOCM import and data exposure using crafted OLE objects. (Important)SUSE bug 831578SUSE bug 893141CVE-2013-4156CVE-2014-3575python-django: security and bugfix update (Moderate)openSUSE 13.1
Python Django was updated to fix security issues and bugs.
Update to version 1.4.15 on openSUSE 12.3:
+ Prevented reverse() from generating URLs pointing to other hosts
to prevent phishing attacks (bnc#893087, CVE-2014-0480)
+ Removed O(n) algorithm when uploading duplicate file names
to fix file upload denial of service (bnc#893088, CVE-2014-0481)
+ Modified RemoteUserMiddleware to logout on REMOTE_USE change
to prevent session hijacking (bnc#893089, CVE-2014-0482)
+ Prevented data leakage in contrib.admin via query string manipulation
(bnc#893090, CVE-2014-0483)
+ Fixed: Caches may incorrectly be allowed to store and serve private data
(bnc#877993, CVE-2014-1418)
+ Fixed: Malformed redirect URLs from user input not correctly validated
(bnc#878641, CVE-2014-3730)
+ Fixed queries that may return unexpected results on MySQL
due to typecasting (bnc#874956, CVE-2014-0474)
+ Prevented leaking the CSRF token through caching
(bnc#874955, CVE-2014-0473)
+ Fixed a remote code execution vulnerabilty in URL reversing
(bnc#874950, CVE-2014-0472)
Update to version 1.5.10 on openSUSE 13.1:
+ Prevented reverse() from generating URLs pointing to other hosts
to prevent phishing attacks (bnc#893087, CVE-2014-0480)
+ Removed O(n) algorithm when uploading duplicate file names
to fix file upload denial of service (bnc#893088, CVE-2014-0481)
+ Modified RemoteUserMiddleware to logout on REMOTE_USE change
to prevent session hijacking (bnc#893089, CVE-2014-0482)
+ Prevented data leakage in contrib.admin via query string manipulation
(bnc#893090, CVE-2014-0483)
- Update to version 1.5.8:
+ Fixed: Caches may incorrectly be allowed to store and serve private data
(bnc#877993, CVE-2014-1418)
+ Fixed: Malformed redirect URLs from user input not correctly validated
(bnc#878641, CVE-2014-3730)
+ Fixed queries that may return unexpected results on MySQL
due to typecasting (bnc#874956, CVE-2014-0474)
+ Prevented leaking the CSRF token through caching
(bnc#874955, CVE-2014-0473)
+ Fixed a remote code execution vulnerabilty in URL reversing
(bnc#874950, CVE-2014-0472)
(Moderate)SUSE bug 874950SUSE bug 874955SUSE bug 874956SUSE bug 877993SUSE bug 878641SUSE bug 893087SUSE bug 893088SUSE bug 893089SUSE bug 893090CVE-2014-0472CVE-2014-0473CVE-2014-0474CVE-2014-0480CVE-2014-0481CVE-2014-0482CVE-2014-0483CVE-2014-1418CVE-2014-3730ppp: fixed integer overflow in option parsing (Moderate)openSUSE 13.1
ppp was updated to fix an integer overflow in option parsing. (CVE-2014-3158, bnc#891489).
(Moderate)SUSE bug 891489CVE-2014-3158php5: security update (Moderate)openSUSE 13.1
php5 was updated to fix three security issues:
- Insecure temporary file use for cache data was fixed by switching to a different root only directory /var/cache/php-pear (CVE-2014-5459)
- An incomplete fix for CVE-2014-4049 (CVE-2014-3597)
- gd extension: NUL byte injection in filenames passed to image handling functions was fixed (CVE-2014-5120)
Also a bug was fixed:
- fixed suhosin crash if used with php session_set_save_handler()
[bnc#895658]
(Moderate)SUSE bug 893849SUSE bug 893853SUSE bug 893855SUSE bug 895658CVE-2014-3597CVE-2014-5120CVE-2014-5459curl: security update (Important)openSUSE 13.1
libcurl was updated to fix security issues:
CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned or used for other numeric IP hosts
if portions of the numerics were the same.
CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains, making them to broad.
(Important)SUSE bug 894575SUSE bug 895991CVE-2014-3613CVE-2014-3620squid: security and bugfixes (Moderate)openSUSE 13.1
This update fixes the following security issues and bugs with squid:
A denial of Service in Range header processing was fixed that could be used
by proxy users to crash squid. (CVE-2014-3609)
Also the following bugs were fixed:
- bnc#894840: removed unnecessary 'sharedscripts' in squid's logrotate snippet
- bnc#894636: fixes run of init script when logrotate is called
(Moderate)SUSE bug 893649SUSE bug 894636SUSE bug 894840CVE-2014-3609lua: security update (Moderate)openSUSE 13.1
lua was updated to fix an overflow in varargs functions (CVE-2014-5461 ,bnc#893824)
(Moderate)SUSE bug 893824CVE-2014-5461chromium: security update to 37.0.2062.94 (Important)openSUSE 13.1
Chromium was updated to 37.0.2062.94 containing security Fixes (bnc#893720).
A full list of changes is available in the log:
https://chromium.googlesource.com/chromium/src/+log/36.0.1985.0..37.0.2062.0?pretty=full
This update includes 50 security fixes. Below, we highlight fixes that were
either contributed by external researchers or particularly interesting. Please
see the Chromium security page for more information.
Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a
combination of bugs in V8, IPC, sync, and extensions that can lead to remote
code execution outside of the sandbox.
High CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer.
High CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak.
High CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu.
High CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer.
Medium CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey.
Medium CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar.
Medium CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte
Kettunen from OUSPG.
We would also like to thank Collin Payne, Christoph Diehl, Sebastian Mauer,
Atte Kettunen, and cloudfuzzer for working with us during the development cycle
to prevent security bugs from ever reaching the stable channel. $8000 in
additional rewards were issued.
As usual, our ongoing internal security work responsible for a wide range of
fixes:
CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 37).
Many of the above bugs were detected using AddressSanitizer.
(Important)SUSE bug 893720CVE-2014-3168CVE-2014-3169CVE-2014-3170CVE-2014-3171CVE-2014-3172CVE-2014-3173CVE-2014-3174CVE-2014-3176CVE-2014-3177phpMyAdmin: security update to 4.1.14.4 (Moderate)openSUSE 13.1
phpMyAdmin was updated to 4.1.14.4 (2014-09-13) fixing bugs and security issues.
* PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352)
http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
A DOM based XSS was fixed that resulted to a CSRF
that creates a ROOT account in certain conditions.
(Moderate)SUSE bug 896635CVE-2014-6300geary: security update to 0.6.3 (Moderate)openSUSE 13.1
geary was updated to version 0.6.3 (bnc#896679 VUL-0: CVE-2014-5444):
Security issue fixed:
+ Warn user of not matching TLS certificate issues when connecting
(bgo#713247, CVE-2014-5444).
+ Fix wrong timestamp in composed email Date: header
(bgo#714376).
+ Patch major memory leak due to GMime bindings.
+ Stabilize search sorting to prevent dropped search results.
+ Prevent Inbox from being cleared on startup w/ Dovecot, Zimbra,
and more.
(Moderate)SUSE bug 896679CVE-2014-5444dbus-1: security and bugfix update to 1.8 (Moderate)openSUSE 13.1
DBUS-1 was upgraded to upstream release 1.8.
This brings the version of dbus to the latest stable release from an
unstable snapshot 1.7.4 that is know to have several regressions
- Upstream changes since 1.7.4:
+ Security fixes:
- Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
fdo#83622; Simon McVittie)
- Reduce default for maximum Unix file descriptors passed per
message from 1024 to 16, preventing a uid with the default maximum
number of connections from exhausting the system bus' file
descriptors under Linux's default rlimit. Distributors or system
administrators with a restrictive fd limit may wish to reduce
these limits further.
Additionally, on Linux this prevents a second denial of service in
which the dbus-daemon can be made to exceed the maximum number of
fds per sendmsg() and disconnect the process that would have
received them. (CVE-2014-3636, fdo#82820; Alban Crequy)
- Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to
150 seconds), removing the possibility of creating an abusive
connection that cannot be disconnected by setting up a circular
reference to a connection's file descriptor. (CVE-2014-3637,
fdo#80559; Alban Crequy)
- Reduce default for maximum pending replies per connection from
8192 to 128, mitigating an algorithmic complexity
denial-of-service attack (CVE-2014-3638, fdo#81053; Alban Crequy)
- Reduce default for authentication timeout on the system bus from
30 seconds to 5 seconds, avoiding denial of service by using up
all unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them. (CVE-2014-3639, fdo#80919;
Alban Crequy)
- On Linux >0 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
silently drop the message. This prevents an attack in which a
malicious client can make dbus-daemon disconnect a system service,
which is a local denial of service. (fdo#80163, CVE-2014-3532;
Alban Crequy)
- Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another
attack in which a malicious client can make dbus-daemon disconnect
a system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
Mart?nez Su?rez, Simon McVittie, Alban Crequy)
- Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus.
Additionally, in highly unusual environments the same flaw could
lead to a side channel between processes that should not be able
to communicate. (CVE-2014-3477, fdo#78979)
+ Other fixes and enhancements:
- Check for libsystemd from systemd >= 209, falling back to the
older separate libraries if not found (Umut Tezduyar Lindskog,
Simon McVittie)
- On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fdo#83772, Simon McVittie)
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
Alban Crequy)
- Improve documentation for running tests on Windows (fdo#41252,
Ralf Habacker)
- When dbus-launch --exit-with-session starts a dbus-daemon but then
cannot attach to a session, kill the dbus-daemon as intended
(fdo#74698, Роман Донченко)
- in the CMake build system, add some hints for Linux users
cross-compiling Windows D-Bus binaries to be able to run tests
under Wine (fdo#41252, Ralf Habacker)
- add Documentation key to dbus.service (fdo#77447, Cameron Norman)
- in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id
to /var/lib/dbus/machine-id instead of generating an entirely new
ID (fdo#77941, Simon McVittie)
- if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fdo#74698, Роман Донченко)
- on Windows, allow up to 8K connections to the dbus-daemon, instead
of the previous 64 (fdo#71297; Cristian Onet, Ralf Habacker)
- cope with \r\n newlines in regression tests, since on Windows,
dbus-daemon.exe uses text mode (fdo#75863, Руслан Ижбулатов)
- Enhance the CMake build system to check for GLib and compile/run a
subset of the regression tests (fdo#41252, fdo#73495;
Ralf Habacker)
- don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840,
Ralf Habacker)
- fix compilation of systemd journal support on older systemd
versions where sd-journal.h doesn't include syslog.h (fdo#73455,
Ralf Habacker)
- fix compilation on older MSVC versions by including stdlib.h
(fdo#73455, Ralf Habacker)
- Allow <allow_anonymous/> to appear in an included configuration
file (fdo#73475, Matt Hoosier)
- If the tests crash with an assertion failure, they no longer
default to blocking for a debugger to be attached. Set
DBUS_BLOCK_ON_ABORT in the environment if you want the old
behaviour.
- To improve debuggability, the dbus-daemon and
dbus-daemon-eavesdrop tests can be run with an external
dbus-daemon by setting DBUS_TEST_DAEMON_ADDRESS in the
environment. Test-cases that require an unusually-configured
dbus-daemon are skipped.
- don't require messages with no INTERFACE to be dispatched
(fdo#68597, Simon McVittie)
- document "tcp:bind=..." and "nonce-tcp:bind=..." (fdo#72301,
Chengwei Yang)
- define "listenable" and "connectable" addresses, and discuss
the difference (fdo#61303, Simon McVittie)
- support printing Unix file descriptors in dbus-send, dbus-monitor
(fdo#70592, Robert Ancell)
- don't install systemd units if --disable-systemd is given
(fdo#71818, Chengwei Yang)
- don't leak memory on out-of-memory while listing activatable or
active services (fdo#71526, Radoslaw Pajak)
- fix undefined behaviour in a regression test (fdo#69924, DreamNik)
- escape Unix socket addresses correctly (fdo#46013, Chengwei Yang)
- on SELinux systems, don't assume that SECCLASS_DBUS,
DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to
their values in the reference policy (fdo#88719, osmond sun)
- define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4
headers (fdo#71366, Matt Fischer)
- define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h
and winsock2.h (fdo#71405, Matt Fischer)
- do not return failure from _dbus_read_nonce() with no error set,
preventing a potential crash (fdo#72298, Chengwei Yang)
- on BSD systems, avoid some O(1)-per-process memory and fd leaks in
kqueue, preventing test failures (fdo#69332, fdo#72213; Chengwei
Yang)
- fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix
sockets, which doesn't do anything anyway on at least Linux and
FreeBSD (fdo#69492, Simon McVittie)
- fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL
from sendmsg() with SCM_CREDS (retrying with plain send()), and
looking for credentials more correctly (fdo#69492, Simon McVittie)
- ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
getting mixed up in XDG/systemd "user sessions" (fdo#61301,
Simon McVittie)
- refresh cached policy rules for existing connections when bus
configuration changes (fdo#39463, Chengwei Yang)
- If systemd support is enabled, libsystemd-journal is now required.
- When activating a non-systemd service under systemd, annotate its
stdout/stderr with its bus name in the Journal. Known limitation:
because the socket is opened before forking, the process will
still be logged as if it had dbus-daemon's process ID and user ID.
(fdo#68559, Chengwei Yang)
- Document more configuration elements in dbus-daemon(1)
(fdo#69125, Chengwei Yang)
- Don't leak string arrays or fds if
dbus_message_iter_get_args_valist() unpacks them and then
encounters an error (fdo#21259, Chengwei Yang)
- If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
disallowed method calls to the audit log, fixing a regression in
1.7.6 (fdo#49062, Colin Walters)
- path_namespace='/' in match rules incorrectly matched nothing; it
now matches everything. (fdo#70799, Simon McVittie)
- Directory change notification via dnotify on Linux is no longer
supported; it hadn't compiled successfully since 2010 in any case.
If you don't have inotify (Linux) or kqueue (*BSD), you will need
to send SIGHUP to the dbus-daemon when its configuration changes.
(fdo#33001, Chengwei Yang)
- Compiling with --disable-userdb-cache is no longer supported;
it didn't work since at least 2008, and would lead to an extremely
slow dbus-daemon even it worked. (fdo#15589, fdo#17133, fdo#66947;
Chengwei Yang)
- The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be
consistent with the Autotools build system. (fdo#66142, Chengwei
Yang)
- --with-valgrind=auto enables Valgrind instrumentation if and only
if valgrind headers are available. The default is still
--with-valgrind=no. (fdo#56925, Simon McVittie)
- Platforms with no 64-bit integer type are no longer supported.
(fdo#65429, Simon McVittie)
- GNU make is now (documented to be) required. (fdo#48277, Simon
McVittie)
- Full test coverage no longer requires dbus-glib, although the
tests do not exercise the shared library (only a static copy) if
dbus-glib is missing. (fdo#68852, Simon McVittie)
- D-Bus Specification 0.22
* Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fdo#54445, Simon)
* Fix example .service file (fdo#66481, Chengwei Yang)
* Don't claim D-Bus is "low-latency" (lower than what?), just give
factual statements about it supporting async use (fdo#65141,
Justin Lee)
* Document the contents of .service files, and the fact that
system services' filenames are constrained (fdo#66608; Simon
McVittie, Chengwei Yang)
- Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For compatibility
with older libdbus, library users should continue to call
dbus_threads_init_default(): it is harmless to do so. (fdo#54972,
Simon McVittie)
- Add GetConnectionCredentials() method (fdo#54445, Simon)
- New API: dbus_setenv(), a simple wrapper around setenv().
Note that this is not thread-safe. (fdo#39196, Simon)
- Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer
connection, like --address=ADDRESS in previous versions) and
dbus-send --bus=ADDRESS (connect to a given bus, like dbus-monitor
--address=ADDRESS). dbus-send --address still exists for backwards
compatibility, but is no longer documented. (fdo#48816, Andrey
Mazo)
- "dbus-daemon --nofork" is allowed on Windows again. (fdo#68852,
Simon McVittie)
- Avoid an infinite busy-loop if a signal interrupts waitpid()
(fdo#68945, Simon McVittie)
- Clean up memory for parent nodes when objects are unexported
(fdo#60176, Thomas Fitzsimmons)
- Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fdo#69165, Chengwei Yang)
- Escape addresses containing non-ASCII characters correctly
(fdo#53499, Chengwei Yang)
- Document <servicedir> search order correctly (fdo#66994, Chengwei
Yang)
- Don't crash on "dbus-send --session / x.y.z" which regressed in
1.7.4. (fdo#65923, Chengwei Yang)
- If malloc() returns NULL in _dbus_string_init() or similar, don't
free an invalid pointer if the string is later freed (fdo#65959,
Chengwei Yang)
- If malloc() returns NULL in dbus_set_error(), don't va_end() a
va_list that was never va_start()ed (fdo#66300, Chengwei Yang)
- fix build failure with --enable-stats (fdo#66004, Chengwei Yang)
- fix a regression test on platforms with strict alignment
(fdo#67279, Colin Walters)
- Avoid calling function parameters "interface" since certain
Windows headers have a namespace-polluting macro of that name
(fdo#66493, Ivan Romanov)
- Assorted Doxygen fixes (fdo#65755, Chengwei Yang)
- Various thread-safety improvements to static variables (fdo#68610,
Simon McVittie)
- Make "make -j check" work (fdo#68852, Simon McVittie)
- Fix a NULL pointer dereference on an unlikely error path
(fdo#69327, Sviatoslav Chagaev)
- Improve valgrind memory pool tracking (fdo#69326, Sviatoslav
Chagaev)
- Don't over-allocate memory in dbus-monitor (fdo#69329, Sviatoslav
Chagaev)
- dbus-monitor can monitor dbus-daemon < 1.5.6 again (fdo#66107,
Chengwei Yang)
- If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fdo#69026, Chengwei Yang)
- If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for
instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang)
- Fix a file descriptor leak on an error code path. (fdo#69182,
Sviatoslav Chagaev)
- dbus-run-session: clear some unwanted environment variables
(fdo#39196, Simon)
- dbus-run-session: compile on FreeBSD (fdo#66197, Chengwei Yang)
- Don't fail the autolaunch test if there is no DISPLAY (fdo#40352,
Simon)
- Use dbus-launch from the builddir for testing, not the installed
copy (fdo#37849, Chengwei Yang)
- Fix compilation if writev() is unavailable (fdo#69409, Vasiliy
Balyasnyy)
- Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used (fdo#60340,
Simon McVittie)
- Make autogen.sh work on *BSD by not assuming GNU coreutils
functionality fdo#35881, fdo#69787; Chengwei Yang)
- dbus-monitor: be portable to NetBSD (fdo#69842, Chengwei Yang)
- dbus-launch: stop using non-portable asprintf (fdo#37849, Simon)
- Improve error reporting from the setuid activation helper
(fdo#66728, Chengwei Yang)
- Remove unavailable command-line options from 'dbus-daemon --help'
(fdo#42441, Ralf Habacker)
- Add support for looking up local TCPv4 clients' credentials on
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
function (fdo#66060, Ralf Habacker)
- Fix insufficient dependency-tracking (fdo#68505, Simon McVittie)
- Don't include wspiapi.h, fixing a compiler warning (fdo#68852,
Simon McVittie)
- add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
conditionals (fdo#66142, Chengwei Yang)
- improve verbose-mode output (fdo#63047, Colin Walters)
- consolidate Autotools and CMake build (fdo#64875, Ralf Habacker)
- fix various unused variables, unusual build configurations
etc. (fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165,
fdo#69410, fdo#70218; Chengwei Yang, Vasiliy Balyasnyy)
- dbus-cve-2014-3533.patch: Add patch for CVE-2014-3533 to fix
(fdo#63127)
• CVE-2012-3524: Don't access environment variables (fdo#52202)
(fdo#51521, Dave Reisner)
• Remove an incorrect assertion from DBusTransport (fdo#51657,
(fdo#51406, Simon McVittie)
(fdo#51032, Simon McVittie)
(fdo#34671, Simon McVittie)
? Check for libpthread under CMake on Unix (fdo#47237, Simon McVittie)
spec-compliance (fdo#48580, David Zeuthen)
non-root when using OpenBSD install(1) (fdo#48217, Antoine Jacoutot)
(fdo#45896, Simon McVittie)
(fdo#39549, Simon McVittie)
invent their own "union of everything" type (fdo#11191, Simon
find(1) (fdo#33840, Simon McVittie)
(fdo#46273, Alban Crequy)
again on Win32, but not on WinCE (fdo#46049, Simon
(fdo#47321, Andoni Morales Alastruey)
(fdo#39231, fdo#41012; Simon McVittie)
* Add a regression test for fdo#38005 (fdo#39836, Simon McVittie)
a service file entry for activation (fdo#39230, Simon McVittie)
(fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie)
and document it better (fdo#31818, Will Thompson)
• Let the bus daemon implement more than one interface (fdo#33757,
• Optimize _dbus_string_replace_len to reduce waste (fdo#21261,
(fdo#35114, Simon McVittie)
• Add dbus_type_is_valid as public API (fdo#20496, Simon McVittie)
to unknown interfaces in the bus daemon (fdo#34527, Lennart Poettering)
(fdo#32245; Javier Jard?n, Simon McVittie)
• Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496,
in embedded environments (fdo#19997, NB#219964; Simon McVittie)
• Install the documentation, and an index for Devhelp (fdo#13495,
booleans when sending them (fdo#16338, NB#223152; Simon McVittie)
errors to dbus-shared.h (fdo#34527, Lennart Poettering)
data (fdo#10887, Simon McVittie)
.service files (fdo#19159, Sven Herzberg)
(fdo#35750, Colin Walters)
(fdo#32805, Mark Brand)
which could result in a busy-loop (fdo#32992, NB#200248; possibly
• Fix failure to detect abstract socket support (fdo#29895)
(fdo#32262, NB#180486)
• Improve some error code paths (fdo#29981, fdo#32264, fdo#32262,
fdo#33128, fdo#33277, fdo#33126, NB#180486)
• Avoid possible symlink attacks in /tmp during compilation (fdo#32854)
• Tidy up dead code (fdo#25306, fdo#33128, fdo#34292, NB#180486)
• Improve gcc malloc annotations (fdo#32710)
• Documentation improvements (fdo#11190)
• Avoid readdir_r, which is difficult to use correctly (fdo#8284,
fdo#15922, LP#241619)
• Cope with invalid files in session.d, system.d (fdo#19186,
• Don't distribute generated files that embed our builddir (fdo#30285,
fdo#34292)
(fdo#33474, LP#381063)
with lcov HTML reports and --enable-compiler-coverage (fdo#10887)
? support credentials-passing (fdo#32542)
? opt-in to thread safety (fdo#33464)
(Moderate)SUSE bug 896453CVE-2012-3524CVE-2014-3635CVE-2014-3636CVE-2014-3637CVE-2014-3638CVE-2014-3639bash: security and bugfix update (Critical)openSUSE 13.1
bash was updated to fix a critical security issue, a minor security issue and bugs:
In some circumstances, the shell would evaluate shellcode in environment
variables passed at startup time. This allowed code execution by
local or remote attackers who could pass environment variables to bash
scripts. (CVE-2014-6271)
Fixed a temporary file misuse in _rl_tropen (bnc#868822)
Even if used only by developers to debug readline library do not
open temporary files from public location without O_EXCL (CVE-2014-2524)
Additional bugfixes:
- Backported corrected german error message for a failing getpwd (bnc#895475)
- Add bash upstream patch 47 to fix a problem where the function
that shortens pathnames for $PS1 according to the value of
$PROMPT_DIRTRIM uses memcpy on potentially-overlapping regions
of memory, when it should use memmove. The result is garbled
pathnames in prompt strings.
- Add bash upstream patch 46 to fix a problem introduced by patch
32 a problem with "$@" and arrays expanding empty positional
parameters or array elements when using substring expansion,
pattern substitution, or case modfication. The empty parameters
or array elements are removed instead of expanding to empty
strings ("").
- Add bash-4.2-strcpy.patch from upstream mailing list to patch
collection tar ball to avoid when using \w in the prompt and
changing the directory outside of HOME the a strcpy work on
overlapping memory areas.
(Critical)SUSE bug 868822SUSE bug 895475SUSE bug 896776CVE-2014-2524CVE-2014-6271mozilla-nss: update to avoid signature forgery (Critical)openSUSE 13.1
Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. (Critical)SUSE bug 1064636SUSE bug 1069405SUSE bug 897890CVE-2014-1568bash: security update (Important)openSUSE 13.1
The command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files on
the system in some circumstances (CVE-2014-7169).
Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and it is less serious due to
the special, non-default system configuration that is needed to create
an exploitable situation.
To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_
. This hardening feature is work in progress and might be improved in
later updates.
Additionaly two more security issues were fixed in bash:
CVE-2014-7186: Nested HERE documents could lead to a crash of bash.
CVE-2014-7187: Nesting of for loops could lead to a crash of bash.
(Important)SUSE bug 898346SUSE bug 898603SUSE bug 898604CVE-2014-7169CVE-2014-7186CVE-2014-7187srtp: security update (Moderate)openSUSE 13.1
srtp was updated to fix a buffer overflow flaw that allowed remote
attackers to cause a denial of service (crash) via vectors related to a
length inconsistency in the crypto_policy_set_from_profile_for_rtp and
srtp_protect functions. (CVE-2013-2139).
(Moderate)SUSE bug 828009SUSE bug 839475CVE-2013-2139wireshark: update to 1.10.10 security release (Moderate)openSUSE 13.1
Wireshark was update to 1.10.10 [bnc#897055]
On openSUSE 12.3, the package was upgraded to 1.10.x from 1.8.x as it was discontinued.
This update fixes vulnerabilities in Wireshark that could allow
an attacker to crash Wireshark or make it become unresponsive by
sending specific packages onto the network or have it loaded via
a capture file while the dissectors are running. It also contains
a number of other bug fixes.
* RTP dissector crash
wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422
* MEGACO dissector infinite loop
wnpa-sec-2014-13 CVE-2014-6423
* Netflow dissector crash
wnpa-sec-2014-14 CVE-2014-6424
* RTSP dissector crash
wnpa-sec-2014-17 CVE-2014-6427
* SES dissector crash
wnpa-sec-2014-18 CVE-2014-6428
* Sniffer file parser crash
wnpa-sec-2014-19 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431
CVE-2014-6432
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html
- includes changes from 1.10.9:
fixes several crashes triggered by malformed protocol packages
- vulnerabilities fixed:
* The Catapult DCT2000 and IrDA dissectors could underrun a buffer
wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 (bnc#889901)
* The GSM Management dissector could crash
wnpa-sec-2014-09 CVE-2014-5163 (bnc#889906)
* The RLC dissector could crash
wnpa-sec-2014-10 CVE-2014-5164 (bnc#889900)
* The ASN.1 BER dissector could crash
wnpa-sec-2014-11 CVE-2014-5165 (bnc#889899)
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html
(Moderate)SUSE bug 889899SUSE bug 889900SUSE bug 889901SUSE bug 889906SUSE bug 897055CVE-2014-5161CVE-2014-5162CVE-2014-5163CVE-2014-5164CVE-2014-5165CVE-2014-6421CVE-2014-6422CVE-2014-6423CVE-2014-6424CVE-2014-6427CVE-2014-6428CVE-2014-6429CVE-2014-6430CVE-2014-6431CVE-2014-6432xen: security and bugfix update (Important)openSUSE 13.1
XEN was updated to fix security issues and bugs.
Security issues fixed:
- bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation
- bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts
- bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
- bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram
- bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
- bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
- bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection
- bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests
- bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow
Other bugs fixed:
- bnc#896023 - Adjust xentop column layout
- bnc#820873 - The "long" option doesn't work with "xl list"
- bnc#882127 - Xen kernel panics on booting SLES12 Beta 8
- bnc#865682 - Local attach support for PHY backends using scripts
- bnc#798770 - Improve multipath support for npiv devices
(Important)SUSE bug 798770SUSE bug 820873SUSE bug 842006SUSE bug 864801SUSE bug 865682SUSE bug 875668SUSE bug 878841SUSE bug 880751SUSE bug 882127SUSE bug 895798SUSE bug 895799SUSE bug 895802SUSE bug 896023SUSE bug 897657CVE-2013-4344CVE-2013-4540CVE-2014-3124CVE-2014-3967CVE-2014-3968CVE-2014-4021CVE-2014-7154CVE-2014-7155CVE-2014-7156CVE-2014-7188phpMyAdmin: security update to (Moderate)openSUSE 13.1
phpMyAdmin was updated fix a security issues [CVE-2014-7217]
This update contains a fix for a cross-site scripting vulnerability in the
table search and table structure pages which could be trigged
with a crafted ENUM value.
(Moderate)SUSE bug 899452CVE-2014-7217update for libvirt (Moderate)openSUSE 13.1
- CVE-2014-3657: Fix domain deadlock
fc22b2e7-CVE-2014-3657.patch
bsc#899484
- CVE-2014-3633: Use correct definition when looking up disk in
qemu blkiotune
3e745e8f-CVE-2014-3633.patch
bsc#897783
- spec: libvirt-daemon package owns /etc/libvirt, not libvirt-client
bnc#878056
(Moderate)CVE-2014-3633CVE-2014-3657update for claws-mail (Moderate)openSUSE 13.1
- Update to version 3.10.1(bnc#870858):
+ Add an account preference to allow automatically accepting
unknown and changed SSL certificates, if they're valid (that
is, if the root CA is trusted by the distro).
+ RFE 3196, 'When changing quicksearch Search Type, set focus to
search input box'.
+ PGP/Core plugin: Generate 2048 bit RSA keys.
+ Major code cleanup.
+ Extended claws-mail.desktop with Compose and Receive actions.
+ Fix GConf use with newer Glib.
+ Fix the race fix, now preventing the compose window to be
closed.
+ Fix "File (null) doesn't exist" error dialog, when attaching a
non-existing file via --attach
+ Fix spacing in Folderview if the font is far from the system
font.
+ RSSyl:
- When parsing RSS 2.0, ignore tags with a namespace prefix.
- Check for existence of xmlNode namespace, to prevent NULL
pointer crashes.
+ Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179,
claws#3201, deb#730050.
+ Updated translations.
- Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patch as
fixed upstream.
This also fixes CVE-2014-2576.
(Moderate)CVE-2014-2576update for python (Moderate)openSUSE 13.1
- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow
in buffer()
(CVE-2014-7185, bnc#898572)
- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow
in buffer()
(CVE-2014-7185, bnc#898572)
- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow
in buffer()
(CVE-2014-7185, bnc#898572)
(Moderate)CVE-2014-7185update for libpng16 (Moderate)openSUSE 13.1
This update fixes the following security issue with libpng:
- unhandled zero-length PLTE chunk or NULL palette.
(bnc#856522, CVE-2013-6954)
(Moderate)SUSE bug 856522CVE-2013-6954update for rsyslog (Moderate)openSUSE 13.1
- Fixed PRI DoS vulnerability patch (CVE-2014-3683,bnc#899756)
[* rsyslog-7.4.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch]
- Removed broken, unsupported and dropped by upstream zpipe utility
from rsyslog-diag-tools package (bnc#890228)
- Remote syslog PRI DoS vulnerability fix (CVE-2014-3634,bnc#897262)
[+ rsyslog-7.4.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch]
(Moderate)SUSE bug 890228SUSE bug 897262SUSE bug 899756CVE-2014-3634CVE-2014-3683update for bash (Moderate)openSUSE 13.1
- Replace patches bash-4.2-heredoc-eof-delim.patch and
bash-4.2-parse-exportfunc.patch with the official upstream
patch levels bash42-052 and bash42-053
- Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch
level bash42-051
- Add patches
bash-4.2-heredoc-eof-delim.patch for bsc#898812, CVE-2014-6277:
more troubles with functions
bash-4.2-parse-exportfunc.patch for bsc#898884, CVE-2014-6278:
code execution after original 6271 fix
- Make bash-4.2-extra-import-func.patch an optional patch due
instruction
- Remove and replace patches
bash-4.2-CVE-2014-6271.patch
bash-4.2-BSC898604.patch
bash-4.2-CVE-2014-7169.patch
with bash upstream patch 48, patch 49, and patch 50
- Add patch bash-4.2-extra-import-func.patch which is based on the
BSD patch of Christos. As further enhancements the option
import-functions is mentioned in the manual page and a shopt
switch is added to enable and disable import-functions on the fly
(Moderate)SUSE bug 898812SUSE bug 898884CVE-2014-6271CVE-2014-6277CVE-2014-6278CVE-2014-7169CVE-2014-7187update for getmail (Moderate)openSUSE 13.1
- getmail 4.46.0 [bnc#900217]
This release fixes several similar vulnerabilities that could
allow a man-in-the-middle attacker to read encrypted traffic due
to pack of certificate verification against the hostname.
* fix --idle checking Python version incorrectly, resulting in
incorrect warning about running with Python < 2.5
* add missing support for SSL certificate checking in POP3 which
broke POP retrieval in v4.45.0
[CVE-2014-7275]
- includes changes from 4.45.0:
* perform hostname-vs-certificate matching of SSL certificate if
validating the certifcate
[CVE-2014-7274]
* fix missing plaintext versions of documentation
- includes changes from 4.44.0:
* add extended SSL options for IMAP retrievers, allowing
certificate verification and other features
[CVE-2014-7273]
* fix missing plaintext versions of documentation
* fix "Header instance has no attribute 'strip'" error which
cropped up in some configurations
(Moderate)SUSE bug 900217CVE-2014-7273CVE-2014-7274CVE-2014-7275update for wpa_supplicant (Moderate)openSUSE 13.1
- add 0001-Add-os_exec-helper-to-run-external-programs.patch
- add 0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
- fixing CVE-2014-3686 (bnc#900611) trying to abuse the action
scripts in wpa_cli
(Moderate)SUSE bug 900611CVE-2014-3686update for openssl (Moderate)openSUSE 13.1
- Fixed bnc#857640, openssl: TLS record tampering issue can lead to OpenSSL crash
Add file: CVE-2013-4353.patch
(Moderate)SUSE bug 857640CVE-2013-4353update for flash-player (Moderate)openSUSE 13.1 NonFree
- Security update to 11.2.202.411 (bnc#901334):
* APSB14-22, CVE-2014-0569 (ZDI-14-365), CVE-2014-0564,
CVE-2014-0558
(Moderate)SUSE bug 901334CVE-2014-0558CVE-2014-0564CVE-2014-0569update to fix CVE-2014-0477 (Low)openSUSE 13.1
This update fixes a denial of service vulnerability when parsing an empty quoted string (CVE-2014-0477) (Low)SUSE bug 883225CVE-2014-0477update for openssl (Important)openSUSE 13.1
The following issues were fixed in this release:
CVE-2014-3566: SSLv3 POODLE attack (bnc#901223)
CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak (Important)SUSE bug 901223SUSE bug 901277CVE-2014-3513CVE-2014-3566CVE-2014-3567CVE-2014-3568update to fix CVE-2014-3660 (Moderate)openSUSE 13.1
This update fixes a denial of service vulnerability when expanding recursive entity (CVE-2014-3660) bnc#901546 (Moderate)SUSE bug 901546CVE-2014-3660update for firefox, mozilla-nspr, mozilla-nss and seamonkey (Moderate)openSUSE 13.1
- update to Firefox 33.0 (bnc#900941)
New features:
* OpenH264 support (sandboxed)
* Enhanced Tiles
* Improved search experience through the location bar
* Slimmer and faster JavaScript strings
* New CSP (Content Security Policy) backend
* Support for connecting to HTTP proxy over HTTPS
* Improved reliability of the session restoration
* Proprietary window.crypto properties/functions removed
Security:
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
Accessing cross-origin objects via the Alarms API
(only relevant for installed web apps)
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
* mozilla-ppc.patch
* mozilla-libproxy-compat.patch
- added basic appdata information
- update to SeaMonkey 2.30 (bnc#900941)
* venkman debugger removed from application and therefore obsolete package seamonkey-venkman
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps)
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
* mozilla-ppc.patch
* mozilla-libproxy-compat.patch
Changes in mozilla-nspr:
- update to version 4.10.7
* bmo#836658: VC11+ defaults to SSE2 builds by default.
* bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103
PR_NewThreadPrivateIndex.
* bmo#1026129: Replace some manual declarations of MSVC intrinsics with
#include <intrin.h>.
* bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip
compiler checks when using MSVC, even when $CC is
not literally "cl".
* bmo#1034415: NSPR hardcodes the C compiler to cl on Windows.
* bmo#1042408: Compilation fix for Android > API level 19.
* bmo#1043082: NSPR's build system hardcodes -MD.
Changes in mozilla-nss:
- update to 3.17.1 (bnc#897890)
* Change library's signature algorithm default to SHA256
* Add support for draft-ietf-tls-downgrade-scsv
* Add clang-cl support to the NSS build system
* Implement TLS 1.3:
* Part 1. Negotiate TLS 1.3
* Part 2. Remove deprecated cipher suites andcompression.
* Add support for little-endian powerpc64
- update to 3.17
* required for Firefox 33
New functionality:
* When using ECDHE, the TLS server code may be configured to generate
a fresh ephemeral ECDH key for each handshake, by setting the
SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means
the server's ephemeral ECDH key is reused for multiple handshakes.
This option does not affect the TLS client code, which always
generates a fresh ephemeral ECDH key for each handshake.
New Macros
* SSL_REUSE_SERVER_ECDHE_KEY
Notable Changes:
* The manual pages for the certutil and pp tools have been updated to
document the new parameters that had been added in NSS 3.16.2.
* On Windows, the new build variable USE_STATIC_RTL can be used to
specify the static C runtime library should be used. By default the
dynamic C runtime library is used. (Moderate)SUSE bug 1012609SUSE bug 1015540SUSE bug 1026129SUSE bug 1026469SUSE bug 1034415SUSE bug 1041512SUSE bug 1042408SUSE bug 1043082SUSE bug 1049095SUSE bug 1062876SUSE bug 1062981SUSE bug 1063327SUSE bug 1063733SUSE bug 1063971SUSE bug 1066190SUSE bug 1068218SUSE bug 836658SUSE bug 894370SUSE bug 896624SUSE bug 897890SUSE bug 900941SUSE bug 901213SUSE bug 979278CVE-2014-1554CVE-2014-1574CVE-2014-1575CVE-2014-1576CVE-2014-1577CVE-2014-1578CVE-2014-1580CVE-2014-1581CVE-2014-1582CVE-2014-1583CVE-2014-1584CVE-2014-1585CVE-2014-1586update for MozillaThunderbird (Moderate)openSUSE 13.1
- update to Thunderbird 31.2.0 (bnc#900941)
* MFSA 2014-74/CVE-2014-1574
Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe
(Moderate)SUSE bug 900941CVE-2014-1574CVE-2014-1576CVE-2014-1577CVE-2014-1578CVE-2014-1581CVE-2014-1585CVE-2014-1586update for gnome-settings-daemon (Moderate)openSUSE 13.1
- Add gnome-settings-daemon-no-lockscreen-screenshot.patch:
+ media-keys: Disallow screenshots when locked (boo#900031,
bgo#737456, CVE-2014-7300).
(Moderate)SUSE bug 900031CVE-2014-7300update for phpMyAdmin (Moderate)openSUSE 13.1
- phpMyAdmin 4.1.14.6 [boo#902154] [CVE-2014-8326]
This release fixes cross-site scripting vulnerabilities in the
SQL debug output and server monitor pages. This developer option
is not enabled by default.
- sf#4562 [security] XSS in debug SQL output
- sf#4563 [security] XSS in monitor query analyzer
(Moderate)SUSE bug 902154CVE-2014-8326update for chromium (Moderate)openSUSE 13.1
- Update to Chromium 38.0.2125.101
This update includes 159 security fixes, including 113 relatively
minor fixes. Highlighted securtiy fixes are:
CVE-2014-3188: A combination of V8 and IPC bugs that can lead to
remote code execution outside of the sandbox
CVE-2014-3189: Out-of-bounds read in PDFium
CVE-2014-3190: Use-after-free in Events
CVE-2014-3191: Use-after-free in Rendering
CVE-2014-3192: Use-after-free in DOM
CVE-2014-3193: Type confusion in Session Management
CVE-2014-3194: Use-after-free in Web Workers
CVE-2014-3195: Information Leak in V8
CVE-2014-3196: Permissions bypass in Windows Sandbox
CVE-2014-3197: Information Leak in XSS Auditor
CVE-2014-3198: Out-of-bounds read in PDFium
CVE-2014-3199: Release Assert in V8 bindings
CVE-2014-3200: Various fixes from internal audits, fuzzing and
other initiatives
- Drop the build of the Native Client. This is actually not a build
as that prebuild binaries are being shipped. Also Google no
longer provides prebuild binaries for the NativeClient for 32bit.
Chromium as webbrowser is not affected by this and it bring
Chromium inline with the regulations that prebuild binaries
should not be shipped.
* toolchaing_linux tarball dropped
* Spec-file cleaned for NaCl stuff
- Added patch no-clang-on-packman.diff to prevent the usage of
clang on packman, which is not supported there
(Moderate)SUSE bug 896106CVE-2014-3178CVE-2014-3188CVE-2014-3189CVE-2014-3190CVE-2014-3191CVE-2014-3192CVE-2014-3193CVE-2014-3194CVE-2014-3195CVE-2014-3196CVE-2014-3197CVE-2014-3198CVE-2014-3199CVE-2014-3200update for pidgin (Moderate)openSUSE 13.1
The following issues were fixed in this update:
+ General:
- Check the basic constraints extension when validating
SSL/TLS certificates. This fixes a security hole that allowed
a malicious man-in-the-middle to impersonate an IM server or
any other https endpoint. This affected both the NSS and
GnuTLS plugins (CVE-2014-3694, boo#902495).
- Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin
for SSL (im#15909).
+ libpurple3 compatibility:
- Encrypted account passwords are preserved until the new one
is set.
- Fix loading Google Talk and Facebook XMPP accounts.
+ Groupwise: Fix potential remote crash parsing server message
that indicates that a large amount of memory should be
allocated (CVE-2014-3696, boo#902410).
+ IRC: Fix a possible leak of unencrypted data when using /me
command with OTR (im#15750).
+ MXit: Fix potential remote crash parsing a malformed emoticon
response (CVE-2014-3695, boo#902409).
+ XMPP:
- Fix potential information leak where a malicious XMPP server
and possibly even a malicious remote user could create a
carefully crafted XMPP message that causes libpurple to send
an XMPP message containing arbitrary memory (CVE-2014-3698,
boo#902408).
+ Yahoo: Fix login when using the GnuTLS library for TLS
connections (im#16172, boo#874606).
(Moderate)SUSE bug 853038SUSE bug 874606SUSE bug 902408SUSE bug 902409SUSE bug 902410SUSE bug 902495CVE-2014-3694CVE-2014-3695CVE-2014-3696CVE-2014-3697CVE-2014-3698update for php5 (Moderate)openSUSE 13.1
- security update:
* CVE-2014-3670 [bnc#902357]
* CVE-2014-3669 [bnc#902360]
* CVE-2014-3668 [bnc#902368]
- added patches:
* php-CVE-2014-3670.patch
* php-CVE-2014-3669.patch
* php-CVE-2014-3668.patch
(Moderate)SUSE bug 902357SUSE bug 902360SUSE bug 902368CVE-2014-3668CVE-2014-3669CVE-2014-3670update for wget (Moderate)openSUSE 13.1
wget was updated to version 1.16 to fix one security issue.
The following security issue was fixed:
- Fix for symlink attack which could allow a malicious ftp server to create arbitrary files, directories or
symbolic links and set their permissions when retrieving a directory recursively through FTP (CVE-2014-4877).
(Moderate)CVE-2014-4877quassel: Fixed out-of-bound read (Moderate)openSUSE 13.1
quassel was updated to fix an out-of-bound read (CVE-2014-8483).
(Moderate)SUSE bug 902670CVE-2014-8483tnftp: Prevent command exection (Moderate)openSUSE 13.1
tnftp was updated to fix the possible execution of commands by a remote attacker (CVE-2014-8517).
(Moderate)SUSE bug 903011CVE-2014-8517zeromq: Security update (Moderate)openSUSE 13.1
This udpate for zeromq fixes the following non-security and security-issues:
Update to version 4.0.4, for a detailed description see /usr/share/doc/packages/zeromq-devel/NEWS
- Add libsodium dep for testsuite where possible
- Version bump to 4.0.5 fixes bnc#898917 CVE-2014-7202 and CVE-2014-7203:
* Fixed CURVE mechanism does not verify short term nonces.
* Fixed stream_engine is vulnerable to downgrade attacks.
* Fixed assertion failure for WSAENOTSOCK on Windows.
* Fixed race condition while connecting inproc sockets.
* Fixed bump so library number to 4.0.0
* Fixed assertion failed: !more (fq.cpp:99) after many ZAP requests.
* Fixed lost first part of message over inproc://.
* Fixed keep-alive on Windows.
- Enable tests.
- Move to 'download_files' source service which is in better shap and easier to use
(Moderate)SUSE bug 898917CVE-2014-7202CVE-2014-7203libserf: Disable SSLv2 and SSLv3. (Moderate)openSUSE 13.1
libserf was updated to disable SSLv2 and SSLv3.
libserf was updated to version 1.3.8 on openSUSE 13.1 and 13.2.
This release also fixes a problem with handling very large gzip-encoded
HTTP responses.
For openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and SSLv3.
(Moderate)CVE-2014-3566Security update for ImageMagick (Moderate)openSUSE 13.1
ImageMagick was updated to fix three security issues.
These security issues were fixed:
- Out-of-bounds memory access in PCX parser (CVE-2014-8355).
- Out-of-bounds memory access in resize code (CVE-2014-8354).
- Out-of-bounds memory error in DCM decode (CVE-2014-8562).
(Moderate)SUSE bug 903204SUSE bug 903216SUSE bug 903638CVE-2014-8354CVE-2014-8355CVE-2014-8562Security update for libreoffice (Moderate)openSUSE 13.1
libreoffice was updated to fix two security issues.
These security issues were fixed:
- "Document as E-mail" vulnerability (bnc#900218).
- Impress Remote Control Use-after-Free Vulnerability (CVE-2014-3693).
(Moderate)SUSE bug 900214SUSE bug 900218CVE-2014-3693Security update for flash-player (Important)openSUSE 13.1 NonFree
flash-player was updated to version 11.2.202.418 to fix 18 security issues.
These security issues were fixed:
- Memory corruption vulnerabilities that could lead to code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).
- Use-after-free vulnerabilities that could lead to code execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).
- A double free vulnerability that could lead to code execution (CVE-2014-0574).
- Type confusion vulnerabilities that could lead to code execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590).
- Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2014-0582, CVE-2014-0589).
- An information disclosure vulnerability that could be exploited to disclose session tokens (CVE-2014-8437).
- A heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-0583).
- A permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442).
(Important)SUSE bug 905032CVE-2014-0573CVE-2014-0574CVE-2014-0576CVE-2014-0577CVE-2014-0581CVE-2014-0582CVE-2014-0583CVE-2014-0584CVE-2014-0585CVE-2014-0586CVE-2014-0588CVE-2014-0589CVE-2014-0590CVE-2014-8437CVE-2014-8438CVE-2014-8440CVE-2014-8441CVE-2014-8442Security update for dbus-1 (Moderate)openSUSE 13.1
dbus-1 was updated to version 1.8.10 to fix one security issue and several other issues.
This security issue was fixed:
- Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the system bus' file descriptors (CVE-2014-7824).
(Moderate)CVE-2014-7824Security update for emacs (Moderate)openSUSE 13.1
emacs was updated to fix four security issues.
These security issues were fixed:
- Avoid unsecure usage of temporary files (CVE-2014-3421).
- Avoid unsecure usage of temporary files (CVE-2014-3422).
- Avoid unsecure usage of temporary files (CVE-2014-3423).
- Avoid unsecure usage of temporary files (CVE-2014-3424).
(Moderate)SUSE bug 876847CVE-2014-3421CVE-2014-3422CVE-2014-3423CVE-2014-3424Security update for libvirt (Moderate)openSUSE 13.1
libvirt was updated to fix one security issue.
This security issue was fixed:
- Security issue with migratable flag (CVE-2014-7823).
(Moderate)SUSE bug 904176CVE-2014-7823Security update for gnutls (Moderate)openSUSE 13.1
gnutls was updated to fix one security issue.
This security issue was fixed:
- Parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564).
(Moderate)SUSE bug 904603CVE-2014-8564openssl: fixed elliptic curve handshake failure (Low)openSUSE 13.1
This openssl update fixes a TLS handshake problem when elliptic curves
are in use.
(Low)SUSE bug 905037update for pixman (Moderate)openSUSE 13.1
- Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.patch
for bnc#853824. Fixes an integer underflow bug which can cause a
crash.
(Moderate)SUSE bug 853824CVE-2013-6425update for quassel (Moderate)openSUSE 13.1
- Add back /etc/sysconfig/quasselcore (bnc#849850)
- Drop fix-CVE-2013-6404.diff: Merged upstream
- Update to 0.9.2
* Don't crash if /topic contains newlines.
* Fix SSL-related issues.
* Fix Phonon notifications not playing sound.
* Pingout if connection drops during SASL auth phase.
* Prevent messages from being sent to status buffers.
* Make sure manipulated/buggy clients cannot access backlog of other core users.
* Fix context menu issues. (Moderate)SUSE bug 849850CVE-2013-6404Security update for ImageMagick (Moderate)openSUSE 13.1
ImageMagick was updated to fix one security issue.
This security issue was fixed:
- Crafted jpeg file could lead to DOS (CVE-2014-8716).
(Moderate)SUSE bug 905260CVE-2014-8716Security update for rubygem-sprockets-2_2 (Moderate)openSUSE 13.1
rubygem-sprockets-2_2 was updated to fix one security issue.
This security issue was fixed:
- Arbitrary file existence disclosure (CVE-2014-7819).
(Moderate)SUSE bug 903658CVE-2014-7819Security update for rubygem-sprockets-2_1 (Moderate)openSUSE 13.1
rubygem-sprockets-2_1 was updated to fix one security issue.
This security issue was fixed:
- Arbitrary file existence disclosure (CVE-2014-7819).
(Moderate)SUSE bug 903658CVE-2014-7819update for wireshark (Moderate)openSUSE 13.1
wireshark was updated to fix five security issues.
These security issues were fixed:
- SigComp UDVM buffer overflow (CVE-2014-8710).
- AMQP crash (CVE-2014-8711).
- NCP crashes (CVE-2014-8712, CVE-2014-8713).
- TN5250 infinite loops (CVE-2014-8714).
For openSUSE 12.3 and 13.1 further bug fixes and updated protocol support are described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html
For openSUSE 13.2 further bug fixes and updated protocol support are described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html
(Moderate)SUSE bug 905245SUSE bug 905246SUSE bug 905247SUSE bug 905248CVE-2014-8710CVE-2014-8711CVE-2014-8712CVE-2014-8713CVE-2014-8714Security update for rubygem-sprockets (Moderate)openSUSE 13.1
rubygem-sprockets was updated to fix one security issue.
This security issue was fixed:
- Arbitrary file existence disclosure (CVE-2014-7819).
(Moderate)SUSE bug 903658CVE-2014-7819Security update for file (Moderate)openSUSE 13.1
file was updated to fix one security issue.
This security issue was fixed:
- Out-of-bounds read in elf note headers (CVE-2014-3710).
(Moderate)SUSE bug 902367CVE-2014-3710Security update for rubygem-actionpack-3_2 (Moderate)openSUSE 13.1
rubygem-actionpack-3_2 was updated to fix two security issues.
These security issues were fixed:
- Arbitrary file existence disclosure (CVE-2014-7829).
- Arbitrary file existence disclosure (CVE-2014-7818).
(Moderate)SUSE bug 903662SUSE bug 905727CVE-2014-7818CVE-2014-7829update for cups (Moderate)openSUSE 13.1
Hardening:
- cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
fixes the systemd cups.socket file so that systemd listens only
on localhost (bnc#857372).
(Moderate)SUSE bug 857372Security update for phpMyAdmin (Moderate)openSUSE 13.1
phpMyAdmin was updated to fix four security issues.
For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7.
For openSUSE 13.2, phpMyAdmin was updated to to 4.2.12.
These security issues were fixed:
- XSS vulnerability in error reporting functionality (CVE-2014-8960).
- Local file inclusion vulnerability (CVE-2014-8959).
- Multiple XSS vulnerabilities (CVE-2014-8958).
- Leakage of line count of an arbitrary file (CVE-2014-8961).
(Moderate)SUSE bug 906485SUSE bug 906486SUSE bug 906487SUSE bug 906488CVE-2014-8958CVE-2014-8959CVE-2014-8960CVE-2014-8961Security update for clamav (Important)openSUSE 13.1
clamav was updated to version 0.98.5 to fix two security issues.
These security issues were fixed:
- Segmentation fault when processing certain files (CVE-2013-6497).
- Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050).
The following non-security issues were fixed:
- Support for the XDP file format and extracting, decoding, and
scanning PDF files within XDP files.
- Addition of shared library support for LLVM versions 3.1 - 3.5
for the purpose of just-in-time(JIT) compilation of ClamAV
bytecode signatures.
- Enhancements to the clambc command line utility to assist
ClamAV bytecode signature authors by providing introspection
into compiled bytecode programs.
- Resolution of many of the warning messages from ClamAV compilation.
- Improved detection of malicious PE files.
- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant
mode (bnc#904207).
- Fix server socket setup code in clamd (bnc#903489).
- Change updateclamconf to prefer the state of the old config
file even for commented-out options (bnc#903719).
(Important)SUSE bug 903489SUSE bug 903719SUSE bug 904207SUSE bug 906077SUSE bug 906770CVE-2013-6497CVE-2014-9050Security update for flash-player (Important)openSUSE 13.1 NonFree
flash-player was updated to fix one security issue.
This security issue was fixed:
- Hardening against a code execution flaw (CVE-2014-8439).
(Important)SUSE bug 907257CVE-2014-8439Security update for MozillaFirefox (Moderate)openSUSE 13.1
This MozillaFirefox update fixes several security and non security issues.
Changes in MozillaFirefox:
- update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
* Default search engine changed to Yandex for Belarusian, Kazakh,
and Russian locales
* Improved search bar (en-US only)
* Firefox Hello real-time communication client
* Easily switch themes/personas directly in the Customizing mode
* Implementation of HTTP/2 (draft14) and ALPN
* Disabled SSLv3
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86
- update to Firefox 33.1
* Adding DuckDuckGo as a search option (upstream)
* Forget Button added
* Enhanced Tiles
* Privacy tour introduced
- fix typo in GStreamer Recommends
- Disable elf-hack for aarch64
- Enable EGL for aarch64
- Limit RAM usage during link for %arm
- Fix _constraints for ARM
- use proper macros for ARM
- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
to fix compiling.
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
linking on arm.
- update to Firefox 33.0.2
* Fix a startup crash with some combination of hardware and drivers
33.0.1
* Firefox displays a black screen at start-up with certain
graphics drivers
- adjusted _constraints for ARM
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
- define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)
- use Firefox default optimization flags instead of -Os
- specfile cleanup
(Moderate)SUSE bug 900639SUSE bug 908009CVE-2014-1587CVE-2014-1588CVE-2014-1589CVE-2014-1590CVE-2014-1591CVE-2014-1592CVE-2014-1593CVE-2014-1594Security update for apache2-mod_wsgi (Moderate)openSUSE 13.1
apache2-mod_wsgi was updated to fix one security issue.
This security issue was fixed:
- Failure to handle errors when attempting to drop group privileges (CVE-2014-8583).
(Moderate)SUSE bug 903961CVE-2014-8583Security update for icecast (Moderate)openSUSE 13.1
icecast was updated to fix two security issues.
These security issues were fixed:
- Supplementary groups were not overriden (CVE-2014-9091).
- Possible leak of on-connect scripts (CVE-2014-9018).
(Moderate)SUSE bug 906538SUSE bug 907300CVE-2014-9018CVE-2014-9091Security update for flac (Moderate)openSUSE 13.1
flac was updated to fix two security issues.
These security issues were fixed:
- Stack overflow may result in arbitrary code execution (CVE-2014-8962).
- Heap overflow via specially crafted .flac files (CVE-2014-9028).
(Moderate)SUSE bug 906831SUSE bug 907016CVE-2014-8962CVE-2014-9028Security update for ruby19 (Moderate)openSUSE 13.1
ruby19 was updated to fix two security issues.
These security issues were fixed:
- Denial Of Service XML Expansion (CVE-2014-8080).
- Denial Of Service XML Expansion (CVE-2014-8090).
Note: These are two separate issues.
(Moderate)SUSE bug 902851SUSE bug 905326CVE-2014-8080CVE-2014-8090Security update for openvpn (Important)openSUSE 13.1
openvpn was updated to fix a denial-of-service vulnerability
where an authenticated client could stop the server by triggering
a server-side ASSERT (bnc#907764,CVE-2014-8104),
(Important)SUSE bug 907764CVE-2014-8104Security update for chromium (Important)openSUSE 13.1
chromium was updated to version 39.0.2171.65 to fix 13 security issues.
These security issues were fixed:
- Use-after-free in pepper plugins (CVE-2014-7906).
- Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903).
- Uninitialized memory read in Skia (CVE-2014-7909).
- Unspecified security issues (CVE-2014-7910).
- Integer overflow in media (CVE-2014-7908).
- Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901).
- Use-after-free in blink (CVE-2014-7907).
- Address bar spoofing (CVE-2014-7899).
- Buffer overflow in Skia (CVE-2014-7904).
- Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).
- Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).
- Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905).
- Double-free in Flash (CVE-2014-0574).
(Important)SUSE bug 906317SUSE bug 906318SUSE bug 906319SUSE bug 906320SUSE bug 906321SUSE bug 906322SUSE bug 906323SUSE bug 906324SUSE bug 906326SUSE bug 906327SUSE bug 906328SUSE bug 906330CVE-2014-0574CVE-2014-7899CVE-2014-7900CVE-2014-7901CVE-2014-7902CVE-2014-7903CVE-2014-7904CVE-2014-7905CVE-2014-7906CVE-2014-7907CVE-2014-7908CVE-2014-7909CVE-2014-7910Security update for libyaml (Moderate)openSUSE 13.1
This libyaml update fixes the following security issue:
- bnc#907809: assert failure when processing wrapped strings
(CVE-2014-9130)
(Moderate)SUSE bug 907809CVE-2014-9130Security update for flash-player (Important)openSUSE 13.1 NonFree
flash-player received a security update to version to 11.2.202.425 (bsc#909219),
which fixes: APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
(Important)SUSE bug 909219CVE-2014-0580CVE-2014-0587CVE-2014-8443CVE-2014-9162CVE-2014-9163CVE-2014-9164Security update for cpio (Moderate)openSUSE 13.1
This cpio update fixes the following secuirty issue:
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
(Moderate)SUSE bug 907456CVE-2014-9112Security update for java-1_7_0-openjdk (Moderate)openSUSE 13.1
This openjdk update fixes the following security and non security issues:
- Upgrade to 2.4.8 (bnc#887530)
* Changed back from gzipped tarball to xz
* Changed the keyring file to add Andrew John Hughes that signed
the icedtea package
* Change ZERO to AARCH64 tarball
- Removed patches:
* gstackbounds.patch
* java-1.7.0-openjdk-ppc-zero-jdk.patch
* java-1.7.0-openjdk-ppc-zero-hotspot.patch
- Integrated in upstream icedtea
* java-1.7.0-openjdk-makefiles-zero.patch
- Does not apply on the AARCH64 tarball, since the change from
DEFAULT and ZERO tarball to DEFAULT and AARCH64
- Upstream changes since 2.4.4:
* Security fixes
- S8029755, CVE-2014-4209: Enhance subject class
- S8030763: Validate global memory allocation
- S8031340, CVE-2014-4264: Better TLS/EC management
- S8031346, CVE-2014-4244: Enhance RSA key handling
- S8031540: Introduce document horizon
- S8032536: JVM resolves wrong method in some unusual cases
- S8033055: Issues in 2d
- S8033301, CVE-2014-4266: Build more informative InfoBuilder
- S8034267: Probabilistic native crash
- S8034272: Do not cram data into CRAM arrays
- S8034985, CVE-2014-2483: Better form for Lambda Forms
- S8035004, CVE-2014-4252: Provider provides less service
- S8035009, CVE-2014-4218: Make Proxy representations consistent
- S8035119, CVE-2014-4219: Fix exceptions to bytecode verification
- S8035699, CVE-2014-4268: File choosers should be choosier
- S8035788. CVE-2014-4221: Provide more consistency for lookups
- S8035793, CVE-2014-4223: Maximum arity maxed out
- S8036571: (process) Process process arguments carefully
- S8036800: Attribute OOM to correct part of code
- S8037046: Validate libraries to be loaded
- S8037076, CVE-2014-2490: Check constant pool constants
- S8037157: Verify <init> call
- S8037162, CVE-2014-4263: More robust DH exchanges
- S8037167, CVE-2014-4216: Better method signature resolution
- S8039520, CVE-2014-4262: More atomicity of atomic updates
- S8023046: Enhance splashscreen support
- S8025005: Enhance CORBA initializations
- S8025010, CVE-2014-2412: Enhance AWT contexts
- S8025030, CVE-2014-2414: Enhance stream handling
- S8025152, CVE-2014-0458: Enhance activation set up
- S8026067: Enhance signed jar verification
- S8026163, CVE-2014-2427: Enhance media provisioning
- S8026188, CVE-2014-2423: Enhance envelope factory
- S8026200: Enhance RowSet Factory
- S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling
- S8026736, CVE-2014-2398: Enhance Javadoc pages
- S8026797, CVE-2014-0451: Enhance data transfers
- S8026801, CVE-2014-0452: Enhance endpoint addressing
- S8027766, CVE-2014-0453: Enhance RSA processing
- S8027775: Enhance ICU code.
- S8027841, CVE-2014-0429: Enhance pixel manipulations
- S8028385: Enhance RowSet Factory
- S8029282, CVE-2014-2403: Enhance CharInfo set up
- S8029286: Enhance subject delegation
- S8029699: Update Poller demo
- S8029730: Improve audio device additions
- S8029735: Enhance service mgmt natives
- S8029740, CVE-2014-0446: Enhance handling of loggers
- S8029745, CVE-2014-0454: Enhance algorithm checking
- S8029750: Enhance LCMS color processing (in-tree LCMS)
- S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg)
- S8029844, CVE-2014-0455: Enhance argument validation
- S8029854, CVE-2014-2421: Enhance JPEG decodings
- S8029858, CVE-2014-0456: Enhance array copies
- S8030731, CVE-2014-0460: Improve name service robustness
- S8031330: Refactor ObjectFactory
- S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS)
- S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng)
- S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader
- S8031395: Enhance LDAP processing
- S8032686, CVE-2014-2413: Issues with method invoke
- S8033618, CVE-2014-1876: Correct logging output
- S8034926, CVE-2014-2397: Attribute classes properly
- S8036794, CVE-2014-0461: Manage JavaScript instances
* Backports
- S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion
- S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so
- S7131153: GetDC called way too many times - causes bad performance.
- S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d
- S8001108: an attempt to use "<init>" as a method name should elicit NoSuchMethodException
- S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException
- S8008118: (process) Possible null pointer dereference in jdk/src/solaris/native/java/lang/UNIXProcess_md.c
- S8013611: Modal dialog fails to obtain keyboard focus
- S8013809: deadlock in SSLSocketImpl between between write and close
- S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
- S8014460: Need to check for non-empty EXT_LIBS_PATH before using it
- S8019853: Break logging and AWT circular dependency
- S8019990: IM candidate window appears on the South-East corner of the display.
- S8020191: System.getProperty("os.name") returns "Windows NT (unknown)" on Windows 8.1
- S8022452: Hotspot needs to know about Windows 8.1 and Windows Server 2012 R2
- S8023990: Regression: postscript size increase from 6u18
- S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError
- S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping
- S8024648: 7141246 & 8016131 break Zero port (AArch64 only)
- S8024830: SEGV in org.apache.lucene.codecs.compressing.CompressingTermVectorsReader.get
- S8025588: [macosx] Frozen AppKit thread in 7u40
- S8026404: Logging in Applet can trigger ACE: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
- S8026705: [TEST_BUG] java/beans/Introspector/TestTypeResolver.java failed
- S8027196: Increment minor version of HSx for 7u55 and initialize the build number
- S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently
- S8028285: RMI Thread can no longer call out to AWT
- S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending
- S8030655: Regression: 14_01 Security fix 8024306 causes test failures
- S8030813: Signed applet fails to load when CRLs are stored in an LDAP directory
- S8030822: (tz) Support tzdata2013i
- S8031050: (thread) Change Thread initialization so that thread name is set before invoking SecurityManager
- S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component
- S8031462: Fonts with morx tables are broken with latest ICU fixes
- S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package
- S8032740: Need to create SE Embedded Source Bundles in 7 Release
- S8033278: Missed access checks for Lookup.unreflect* after 8032585
- S8034772: JDK-8028795 brought a specification change to 7u55 release and caused JCK7 signature test failure
- S8035283: Second phase of branch shortening doesn't account for loop alignment
- S8035613: With active Securitymanager JAXBContext.newInstance fails
- S8035618: Four api/org_omg/CORBA TCK tests fail under plugin only
- S8036147: Increment hsx 24.55 build to b02 for 7u55-b11
- S8036786: Update jdk7 testlibrary to match jdk8
- S8036837: Increment hsx 24.55 build to b03 for 7u55-b12
- S8037012: (tz) Support tzdata2014a
- S8038306: (tz) Support tzdata2014b
- S8038392: Generating prelink cache breaks JAVA 'jinfo' utility normal behavior
- S8042264: 7u65 l10n resource file translation update 1
- S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64
- S8042590: Running form URL throws NPE
- S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader
- S8043012: (tz) Support tzdata2014c
- S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes.
- S8007625: race with nested repos in /common/bin/hgforest.sh
- S8011178: improve common/bin/hgforest.sh python detection (MacOS)
- S8011342: hgforest.sh : 'python --version' not supported on older python
- S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells
- S8024200: handle hg wrapper with space after #!
- S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations
- S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException
- S8031477: [macosx] Loading AWT native library fails
- S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader
- S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
- S8009062: poor performance of JNI AttachCurrentThread after fix for 7017193
- S8035893: JVM_GetVersionInfo fails to zero structure
- Re-enable the 'gamma' test at the end of the HotSpot build, but only for HotSpot based bootstrap JDKs.
- S8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions
- S8022698: javax/script/GetInterfaceTest.java fails since 7u45 b04 with -agentvm option
- S8022868: missing codepage Cp290 at java runtime
- S8023310: Thread contention in the method Beans.IsDesignTime()
- S8024461: [macosx] Java crashed on mac10.9 for swing and 2d function manual test
- S8025679: Increment minor version of HSx for 7u51 and initialize the build number
- S8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris
- S8026304: jarsigner output bad grammar
- S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing
- S8026887: Make issues due to failed large pages allocations easier to debug
- S8027204: Revise the update of 8026204 and 8025758
- S8027224: test regression - ClassNotFoundException
- S8027370: Support tzdata2013h
- S8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04
- S8027787: 7u51 l10n resource file translation update 1
- S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms
- S8027943: serial version of com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl changed in 7u45
- S8027944: Increment hsx 24.51 build to b02 for 7u51-b07
- S8028057: Modify jarsigner man page documentation to document CCC 8024302: Clarify jar verifications
- S8028090: reverting change - changeset pushed with incorrect commit message, linked to wrong issue
- S8028111: XML readers share the same entity expansion counter
- S8028215: ORB.init fails with SecurityException if properties select the JDK default ORB
- S8028293: Check local configuration for actual ephemeral port range
- S8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147
- S8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win)
- S8028823: java/net/Makefile tabs converted to spaces
- S8029038: Revise fix for XML readers share the same entity expansion counter
- S8029842: Increment hsx 24.51 build to b03 for 7u51-b11
* Bug fixes
- Fix accidental reversion of PR1188 for armel
- PR1781: NSS PKCS11 provider fails to handle multipart AES encryption
- PR1830: Drop version requirement for LCMS 2
- PR1833, RH1022017: Report elliptic curves supported by NSS, not the SunEC library
- RH905128: [CRASH] OpenJDK-1.7.0 while using NSS security provider and kerberos
- PR1393: JPEG support in build is broken on non-system-libjpeg builds
- PR1726: configure fails looking for ecj.jar before even trying to find javac
- Red Hat local: Fix for repo with path statting with / .
- Remove unused hgforest script
- PR1101: Undefined symbols on GNU/Linux SPARC
- PR1659: OpenJDK 7 returns incorrect TrueType font metrics when bold style is set
- PR1677, G498288: Update PaX support to detect running PaX kernel and use newer tools
- PR1679: Allow OpenJDK to build on PaX-enabled kernels
- PR1684: Build fails with empty PAX_COMMAND
- RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix)
- Link against $(LIBDL) if SYSTEM_CUPS is not true
- Perform configure checks using ecj.jar when --with-gcj (native ecj build) is enabled.
- Fix broken bootstrap build by updating ecj-multicatch.patch
- PR1653: Support ppc64le via Zero
- PR1654: ppc32 needs a larger ThreadStackSize to build
- RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError
- RH910107: fail to load PC/SC library
* ARM32 port
- Add arm_port from IcedTea 6
- Add patches/arm.patch from IcedTea 6
- Add patches/arm-debug.patch from IcedTea 6
- Add patches/arm-hsdis.patch from IcedTea 6
- added jvmti event generation for dynamic_generate and compiled_method_load events to ARM JIT compiler
- Adjust saved SP when safepointing.
- First cut of invokedynamic
- Fix trashed thread ptr after recursive re-entry from asm JIT.
- JIT-compilation of ldc methodHandle
- Rename a bunch of misleadingly-named functions
- Changes for HSX22
- Rename a bunch of misleadingly-named functions
- Patched method handle adapter code to deal with failures in TCK
- Phase 1
- Phase 2
- RTC Thumb2 JIT enhancements.
- Zero fails to build in hsx22+, fix for hsx22 after runs gamma OK, hsx23 still nogo.
- Use ldrexd for atomic reads on ARMv7.
- Use unified syntax for thumb code.
- Corrected call from fast_method_handle_entry to CppInterpreter::method_handle_entry so that thread is loaded into r2
- Don't save locals at a return.
- Fix call to handle_special_method(). Fix compareAndSwapLong.
- Fix JIT bug that miscompiles org.eclipse.ui.internal.contexts.ContextAuthority.sourceChanged
- invokedynamic and aldc for JIT
- Modified safepoint check to rely on memory protect signal instead of polling
- Minor review cleanups.
- PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel
- PR1363: Fedora 19 / rawhide FTBFS SIGILL
- Changes for HSX23
- Remove fragment from method that has been removed
- Remove C++ flags from CC_COMPILE and fix usage in zeroshark.make.
- Use $(CC) to compile mkbc instead of $(CC_COMPILE) to avoid C++-only flags
- Add note about use of $(CFLAGS)/$(CXXFLAGS)/$(CPPFLAGS) at present.
- Override automatic detection of source language for bytecodes_arm.def
- Include $(CFLAGS) in assembler stage
- PR1626: ARM32 assembler update for hsx24. Use ARM32JIT to turn it on/off.
- Replace literal offsets for METHOD_SIZEOFPARAMETERS and ISTATE_NEXT_FRAME with correct symbolic names.
- Turn ARM32 JIT on by default
* AArch64 port
- AArch64 C2 instruct for smull
- Add a constructor as a conversion from Register - RegSet. Use it.
- Add RegSet::operator+=.
- Add support for a few simple intrinsics
- Add support for builtin crc32 instructions
- Add support for CRC32 intrinsic
- Add support for Neon implementation of CRC32
- All address constants are 48 bits in size.
- C1: Fix offset overflow when profiling.
- Common frame handling for C1/C2 which correctly handle all frame sizes
- Correct costs for operations with shifts.
- Correct OptoAssembly for prologs and epilogs.
- Delete useless instruction.
- Don't use any form of _call_VM_leaf when we're calling a stub.
- Fast string comparison
- Fast String.equals()
- Fix a tonne of bogus comments.
- Fix biased locking and enable as default
- Fix instruction size from 8 to 4
- Fix opto assembly for shifts.
- Fix register misuse in verify_method_data_pointer
- Fix register usage in generate_verify_oop().
- Implement various locked memory operations.
- Improve C1 performance improvements in ic_cache checks
- Improve code generation for pop(), as suggested by Edward Nevill.
- Improvements to safepoint polling
- Make code entry alignment 64 for C2
- Minor optimisation for divide by 2
- New cost model for instruction selection.
- Offsets in lookupswitch instructions should be signed.
- Optimise addressing of card table byte map base
- Optimise C2 entry point verification
- Optimise long divide by 2
- Performance improvement and ease of use changes pulled from upstream
- Preserve callee save FP registers around call to java code
- Remove obsolete C1 patching code.
- Remove special-case handling of division arguments. AArch64 doesn't need it.
- Remove unnecessary memory barriers around CAS operations
- Restore sp from sender sp, r13 in crc32 code
- Restrict default ReservedCodeCacheSize to 128M
- Rewrite CAS operations to be more conservative
- Save intermediate state before removing C1 patching code.
- Tidy up register usage in push/pop instructions.
- Tidy up stack frame handling.
- Use 2- and 3-instruction immediate form of movoop and mov_metadata in C2-generated code.
- Use an explicit set of registers rather than a bitmap for psh and pop operations.
- Use explicit barrier instructions in C1.
- Use gcc __clear_cache instead of doing it ourselves
- PR1713: Support AArch64 Port
* Shark
- Add Shark definitions from 8003868
- Drop compile_method argument removed in 7083786 from sharkCompiler.cpp
(Moderate)SUSE bug 887530CVE-2013-6629CVE-2013-6954CVE-2014-0429CVE-2014-0446CVE-2014-0451CVE-2014-0452CVE-2014-0453CVE-2014-0454CVE-2014-0455CVE-2014-0456CVE-2014-0457CVE-2014-0458CVE-2014-0459CVE-2014-0460CVE-2014-0461CVE-2014-1876CVE-2014-2397CVE-2014-2398CVE-2014-2402CVE-2014-2403CVE-2014-2412CVE-2014-2413CVE-2014-2414CVE-2014-2421CVE-2014-2423CVE-2014-2427CVE-2014-2483CVE-2014-2490CVE-2014-4209CVE-2014-4216CVE-2014-4218CVE-2014-4219CVE-2014-4221CVE-2014-4223CVE-2014-4244CVE-2014-4252CVE-2014-4262CVE-2014-4263CVE-2014-4264CVE-2014-4266CVE-2014-4268Security update for libjpeg-turbo, libjpeg62-turbo (Moderate)openSUSE 13.1
This libjpeg update fixes several security and non security issues:
- bnc#906761: Passing special crafted jpeg file smashes stack
(CVE-2014-9092)
- bnc#771791: Fixed heap overflow (Moderate)SUSE bug 771791SUSE bug 807183SUSE bug 906761CVE-2014-9092Security update for perl-Plack (Moderate)openSUSE 13.1
This perl-Plack update fixes the following security issue:
- bnc#892328: trailing slashes removed leading to source code disclosure
(CVE-2014-5269)
(Moderate)SUSE bug 892328CVE-2014-5269Security update for phpMyAdmin (Moderate)openSUSE 13.1
phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8.
This update fixes one vulnerability.
- Security fixes:
* PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
- sf#4611 [security] DOS attack with long passwords
phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)
- Security fixes:
* PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
- sf#4612 [security] XSS vulnerability in redirection mechanism
* PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
- sf#4611 [security] DOS attack with long passwords
- Bugfixes:
- sf#4604 Query history not being deleted
- sf#4057 db/table query string parameters no longer work
- sf#4605 Unseen messages in tracking
- sf#4606 Tracking report export as SQL dump does not work
- sf#4607 Syntax error during db_copy operation
- sf#4608 SELECT permission issues with relations and restricted
access
(Moderate)SUSE bug 908363SUSE bug 908364CVE-2014-9218CVE-2014-9219Security update for rrdtool (Moderate)openSUSE 13.1
rrdtools was updated to add check to the imginfo format to prevent crash or code execution.
(bnc#828003, CVE-2013-2131.)
(Moderate)SUSE bug 828003CVE-2013-2131Security update for mutt (Moderate)openSUSE 13.1
mutt was updated to fix a security issue with a heap-based buffer overflow in mutt_substrdup() (CVE-2014-9116).
(Moderate)SUSE bug 907453CVE-2014-9116 (Low)openSUSE 13.1 NonFree(Low)SUSE bug 858822CVE-2014-0491CVE-2014-0492Server crash caused by malformed network packet. (Important)openSUSE 13.1
Firebird server crashes when handling a malformed network packet.
(Important)SUSE bug 908127Security update for jasper (Moderate)openSUSE 13.1
jasper was updated to fix one security issue.
This security issue was fixed:
- Heap overflows in libjasper (CVE-2014-9029).
(Moderate)SUSE bug 906364CVE-2014-9029Security update for seamonkey (Moderate)openSUSE 13.1
seamonkey was updated to version 2.31 to fix eight security issues.
These security issues were fixed:
- Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588).
- XBL bindings accessible via improper CSS declarations (CVE-2014-1589).
- XMLHttpRequest crashes with some input streams (CVE-2014-1590).
- CSP leaks redirect data via violation reports (CVE-2014-1591).
- Use-after-free during HTML5 parsing (CVE-2014-1592).
- Buffer overflow while parsing media content (CVE-2014-1593).
- Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594).
This non-security issue was fixed:
- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639).
(Moderate)SUSE bug 900639SUSE bug 908009CVE-2014-1587CVE-2014-1588CVE-2014-1589CVE-2014-1590CVE-2014-1591CVE-2014-1592CVE-2014-1593CVE-2014-1594Security update for MozillaThunderbird (Moderate)openSUSE 13.1
This MozillaThunderbird update fixes several security and non security
issues:
Changes in MozillaThunderbird:
- update to Thunderbird 31.3.0 (bnc#908009)
* MFSA 2014-83/CVE-2014-1587
Miscellaneous memory safety hazards
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- fix bashism in mozilla.sh script
- Limit RAM usage during link for ARM
- remove add-plugins.sh and use /usr/share/myspell directly
(bnc#900639)
(Moderate)SUSE bug 900639SUSE bug 908009CVE-2014-1587CVE-2014-1590CVE-2014-1592CVE-2014-1593CVE-2014-1594update for libqt4 (Moderate)openSUSE 13.1
- Fixes XML Entity Expansion Denial of Service (bnc#856832, CVE-2013-4549)
* add backported patch libqt4-disallow-deep-or-widely-nested-entity-references.patch
* add backported patch libqt4-fully-expand-all-entities.patch
(Moderate)SUSE bug 856832CVE-2013-4549Security update for ntp (Critical)openSUSE 13.1
The network timeservice ntp was updated to fix critical security
issues (bnc#910764, CERT VU#852879)
* A potential remote code execution problem was found inside
ntpd. The functions crypto_recv() (when using autokey
authentication), ctl_putdata(), and configure() where updated
to avoid buffer overflows that could be
exploited. (CVE-2014-9295)
* Furthermore a problem inside the ntpd error handling was found
that is missing a return statement. This could also lead to a
potentially attack vector. (CVE-2014-9296) (Critical)SUSE bug 910764CVE-2014-9295CVE-2014-9296Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to fix security issues and bugs:
Security issues fixed:
CVE-2014-9322: A local privilege escalation in the x86_64 32bit
compatibility signal handling was fixed, which could be used by local
attackers to crash the machine or execute code.
CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c
in the Linux kernel did not properly handle faults associated with the
Stack Segment (SS) segment register, which allowed local users to cause
a denial of service (panic) via a modify_ldt system call, as demonstrated
by sigreturn_32 in the linux-clock-tests test suite.
CVE-2014-8133: Insufficient validation of TLS register usage could leak
information from the kernel stack to userspace.
CVE-2014-0181: The Netlink implementation in the Linux kernel through
3.14.1 did not provide a mechanism for authorizing socket operations based
on the opener of a socket, which allowed local users to bypass intended
access restrictions and modify network configurations by using a Netlink
socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051)
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
x86 platforms, when syscall auditing is enabled and the sep CPU feature
flag is set, allowed local users to cause a denial of service (OOPS
and system crash) via an invalid syscall number, as demonstrated by
number 1000.
CVE-2014-3688: The SCTP implementation in the Linux kernel allowed
remote attackers to cause a denial of service (memory consumption) by
triggering a large number of chunks in an association's output queue,
as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and
net/sctp/sm_statefuns.c.
CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in
net/sctp/associola.c in the SCTP implementation in the Linux kernel
allowed remote attackers to cause a denial of service (panic) via
duplicate ASCONF chunks that trigger an incorrect uncork within the
side-effect interpreter.
CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux
kernel did not require the CAP_SYS_ADMIN capability for do_remount_sb
calls that change the root filesystem to read-only, which allowed local
users to cause a denial of service (loss of writability) by making
certain unshare system calls, clearing the / MNT_LOCKED flag, and making
an MNT_FORCE umount system call.
CVE-2014-8884: Stack-based buffer overflow in the
ttusbdecfe_dvbs_diseqc_send_master_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed
local users to cause a denial of service (system crash) or possibly gain
privileges via a large message length in an ioctl call.
CVE-2014-3673: The SCTP implementation in the Linux kernel allowed
remote attackers to cause a denial of service (system crash) via
a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
net/sctp/sm_statefuns.c.
CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in
devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the
Linux kernel, as used in Android on Nexus 7 devices, allowed physically
proximate attackers to cause a denial of service (system crash) or
possibly execute arbitrary code via a crafted device that sends a
large report.
CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c
in the SCTP implementation in the Linux kernel, when ASCONF is used,
allowed remote attackers to cause a denial of service (NULL pointer
dereference and system crash) via a malformed INIT chunk.
CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as
used in Yann Collet LZ4 before r118 and in the lz4_uncompress function
in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit
platforms might allow context-dependent attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via a crafted Literal Run that would be improperly handled by programs
not complying with an API limitation, a different vulnerability than
CVE-2014-4715.
CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe
function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in
the Linux kernel allowed context-dependent attackers to cause a denial
of service (memory corruption) via a crafted Literal Run.
CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c
in the Linux kernel did not properly maintain a certain tail pointer,
which allowed remote attackers to obtain sensitive cleartext information
by reading packets.
CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback
function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial
Driver in the Linux kernel allowed physically proximate attackers to
execute arbitrary code or cause a denial of service (memory corruption
and system crash) via a crafted device that provides a large amount of
(1) EHCI or (2) XHCI data associated with a bulk response.
CVE-2014-3184: The report_fixup functions in the HID subsystem in the
Linux kernel might have allowed physically proximate attackers to cause a
denial of service (out-of-bounds write) via a crafted device that provides
a small report descriptor, related to (1) drivers/hid/hid-cherry.c,
(2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)
drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6)
drivers/hid/hid-sunplus.c.
CVE-2014-3182: Array index error in the logi_dj_raw_event function in
drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically
proximate attackers to execute arbitrary code or cause a denial of
service (invalid kfree) via a crafted device that provides a malformed
REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
CVE-2014-3181: Multiple stack-based buffer overflows in the
magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the
Magic Mouse HID driver in the Linux kernel allowed physically proximate
attackers to cause a denial of service (system crash) or possibly execute
arbitrary code via a crafted device that provides a large amount of (1)
EHCI or (2) XHCI data associated with an event.
CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did
not properly handle private syscall numbers during use of the ftrace
subsystem, which allowed local users to gain privileges or cause a denial
of service (invalid pointer dereference) via a crafted application.
CVE-2013-7263: The Linux kernel updated certain length values before
ensuring that associated data structures have been initialized,
which allowed local users to obtain sensitive information from kernel
stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c.
This update fixes the leak of the port number when using ipv6 sockets.
(bsc#853040).
CVE-2013-2898: Fixed potential kernel caller confusion via
past-end-of-heap-allocation read in sensor-hub HID driver.
CVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in steelseries
HID driver.
VE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the
Linux kernel did not restrict the amount of ICB indirection, which allowed
physically proximate attackers to cause a denial of service (infinite
loop or stack consumption) via a UDF filesystem with a crafted inode.
CVE-2014-5471: Stack consumption vulnerability in the
parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux
kernel allowed local users to cause a denial of service (uncontrolled
recursion, and system crash or reboot) via a crafted iso9660 image with
a CL entry referring to a directory entry that has a CL entry.
CVE-2014-5472: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial
of service (unkillable mount process) via a crafted iso9660 image with
a self-referential CL entry.
CVE-2014-0206: Array index error in the aio_read_events_ring function
in fs/aio.c in the Linux kernel allowed local users to obtain sensitive
information from kernel memory via a large head value.
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
x86 platforms, when syscall auditing is enabled and the sep CPU feature
flag is set, allowed local users to cause a denial of service (OOPS
and system crash) via an invalid syscall number, as demonstrated by
number 1000.
CVE-2014-5206: The do_remount function in fs/namespace.c in the Linux
kernel did not maintain the MNT_LOCK_READONLY bit across a remount of a
bind mount, which allowed local users to bypass an intended read-only
restriction and defeat certain sandbox protection mechanisms via a
"mount -o remount" command within a user namespace.
CVE-2014-5207: fs/namespace.c in the Linux kernel did not properly
restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing
MNT_ATIME_MASK during a remount of a bind mount, which allowed local users
to gain privileges, interfere with backups and auditing on systems that
had atime enabled, or cause a denial of service (excessive filesystem
updating) on systems that had atime disabled via a "mount -o remount"
command within a user namespace.
CVE-2014-1739: The media_device_enum_entities function in
drivers/media/media-device.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain sensitive
information from kernel memory by leveraging /dev/media0 read access
for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux
kernel allowed local users to gain privileges by leveraging data-structure
differences between an l2tp socket and an inet socket.
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
x86 platforms, when syscall auditing is enabled and the sep CPU feature
flag is set, allowed local users to cause a denial of service (OOPS
and system crash) via an invalid syscall number, as demonstrated by
number 1000.
CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in
the Linux kernel, when SCTP authentication is enabled, allowed remote
attackers to cause a denial of service (NULL pointer dereference and
OOPS) by starting to establish an association between two endpoints
immediately after an exchange of INIT and INIT ACK chunks to establish
an earlier association between these endpoints in the opposite direction.
CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement
the interaction between range notification and hole punching, which
allowed local users to cause a denial of service (i_mutex hold) by using
the mmap system call to access a hole, as demonstrated by interfering
with intended shmem activity by blocking completion of (1) an MADV_REMOVE
madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
Also the following bugs were fixed:
- KEYS: Fix stale key registration at error path (bnc#908163).
- parport: parport_pc, do not remove parent devices early
(bnc#856659).
- xfs: fix directory hash ordering bug.
- xfs: mark all internal workqueues as freezable (bnc#899785).
- [media] uvc: Fix destruction order in uvc_delete() (bnc#897736).
- cfq-iosched: Fix wrong children_weight calculation (bnc#893429).
- target/rd: Refactor rd_build_device_space + rd_release_device_space
(bnc#882639).
- Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
(bnc#887046).
- usb: pci-quirks: Prevent Sony VAIO t-series from switching
usb ports (bnc#864375).
- xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown
(bnc#864375).
- xhci: Switch Intel Lynx Point ports to EHCI on shutdown
(bnc#864375).
- ALSA: hda - Fix broken PM due to incomplete i915 initialization
(bnc#890114).
- netbk: Don't destroy the netdev until the vif is shut down
(bnc#881008).
- swiotlb: don't assume PA 0 is invalid (bnc#865882).
- PM / sleep: Fix request_firmware() error at resume (bnc#873790).
- usbcore: don't log on consecutive debounce failures of the
same port (bnc#818966).
(Important)SUSE bug 818966SUSE bug 835839SUSE bug 853040SUSE bug 856659SUSE bug 864375SUSE bug 865882SUSE bug 873790SUSE bug 875051SUSE bug 881008SUSE bug 882639SUSE bug 882804SUSE bug 883518SUSE bug 883724SUSE bug 883948SUSE bug 883949SUSE bug 884324SUSE bug 887046SUSE bug 887082SUSE bug 889173SUSE bug 890114SUSE bug 891689SUSE bug 892490SUSE bug 893429SUSE bug 896382SUSE bug 896385SUSE bug 896390SUSE bug 896391SUSE bug 896392SUSE bug 896689SUSE bug 897736SUSE bug 899785SUSE bug 900392SUSE bug 902346SUSE bug 902349SUSE bug 902351SUSE bug 904013SUSE bug 904700SUSE bug 905100SUSE bug 905744SUSE bug 907818SUSE bug 908163SUSE bug 909077SUSE bug 910251CVE-2013-2891CVE-2013-2898CVE-2014-0181CVE-2014-0206CVE-2014-1739CVE-2014-3181CVE-2014-3182CVE-2014-3184CVE-2014-3185CVE-2014-3186CVE-2014-3673CVE-2014-3687CVE-2014-3688CVE-2014-4171CVE-2014-4508CVE-2014-4608CVE-2014-4611CVE-2014-4943CVE-2014-5077CVE-2014-5206CVE-2014-5207CVE-2014-5471CVE-2014-5472CVE-2014-6410CVE-2014-7826CVE-2014-7841CVE-2014-7975CVE-2014-8133CVE-2014-8709CVE-2014-9090CVE-2014-9322Security update for pdns-recursor (Moderate)openSUSE 13.1
This pdns-recursor version update fixes the following security issue
and non secuirty issues.
Update to upstream release 3.6.2.
- boo#906583: Degraded service through queries to queries to specific
domains (CVE-2014-8601)
- Fixed broken _localstatedir
Update to upstream release 3.6.1.
- gab14b4f: expedite servfail generation for ezdns-like
failures (fully abort query resolving if we hit more than
50 outqueries)
- g42025be: PowerDNS now polls the security status of a
release at startup and periodically. More detail on this
feature, and how to turn it off, can be found in Section 2,
"Security polling".
- g5027429: We did not transmit the right 'local' socket
address to Lua for TCP/IP queries in the recursor. In
addition, we would attempt to lookup a filedescriptor that
wasn't there in an unlocked map which could conceivably
lead to crashes. Closes t1828, thanks Winfried for
reporting
- g752756c: Sync embedded yahttp copy. API: Replace HTTP
Basic auth with static key in custom header
- g6fdd40d: add missing #include <pthread.h> to
rec-channel.hh (this fixes building on OS X).
- sync permissions/ownership of home and config dir with the pdns
package
- added systemd support for 12.3 and newer
Update to upstrean release 3.5.3.
- This is a bugfix and performance update to 3.5.2. It brings
serious performance improvements for dual stack users.
For all the details see
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.3
- Remove patch (pdns-recursor-3.3_config.patch)
- Add patch (pdns-recursor-3.5.3_config.patch)
Update to upstrean release 3.5.2.
- Responses without the QR bit set now get matched up to an
outstanding query, so that resolution can be aborted early
instead of waiting for a timeout.
- The depth limiter changes in 3.5.1 broke some legal domains
with lots of indirection.
- Slightly improved logging to aid debugging.
Update to upstream version 3.5.1.
- This is a stability and bugfix update to 3.5. It contains important
fixes that improve operation for certain domains.
This is a stability, security and bugfix update to 3.3/3.3.1. It
contains important fixes for slightly broken domain names, which
your users expect to work anyhow. For all details see
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.1
- adapted patches:
pdns-rec-lua52.patch
pdns-recursor-3.5.1_config.patch
- fixed conditional for different lua versions
- started some basic support to build packages for non suse distros
(Moderate)SUSE bug 906583CVE-2014-8601Security update for libksba (Moderate)openSUSE 13.1
This libksba update fixes the following security issue:
- bnc#907074: buffer overflow in OID processing (CVE-2014-9087)
(Moderate)SUSE bug 907074CVE-2014-9087update for libvirt (Moderate)openSUSE 13.1
- CVE-2013-6436: Fix crashes in lxc memtune code, one of which
results in DoS
f8c1cb90-CVE-2013-6436.patch, 9faf3f29-LXC-memtune.patch
bnc#854486
- Backported upstream patch to fix LXC container failing start.
bnc#855239
- Building with polkit support requires polkit-devel
bnc#854144
(Moderate)SUSE bug 854144SUSE bug 854486SUSE bug 855239CVE-2013-6436update for hplip (Moderate)openSUSE 13.1
- fix-CVE-2013-6402.dif fixes hardcoded file name
/tmp/hp-pkservice.log in pkit.py (bnc#852368).
- disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for
security reasons (bnc#853405). To upgrade HPLIP an openSUSE
software package manager like YaST or zypper should be used.
(CVE-2013-6427)
(Moderate)SUSE bug 852368SUSE bug 853405CVE-2013-6402CVE-2013-6427Security update for mailx (Moderate)openSUSE 13.1
This mailx update fixes the following security issue:
bsc#909208: shell command injection via crafted email addresses
(CVE-2004-2771, CVE-2014-7844)
(Moderate)SUSE bug 909208CVE-2004-2771CVE-2014-7844Security update for xorg-x11-server (Moderate)openSUSE 13.1
This X.Org update fixes the following security and non security issues:
- Add and update security patches. (bnc#907268, CVE-2014-8091,
CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095,
CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099,
CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)
http://lists.x.org/archives/xorg-announce/2014-December/002501.html
- Fixes rendering of some icewm and xfwm themes. (bnc#908258, bnc#856931)
(Moderate)SUSE bug 856931SUSE bug 907268SUSE bug 908258CVE-2014-8091CVE-2014-8092CVE-2014-8093CVE-2014-8094CVE-2014-8095CVE-2014-8096CVE-2014-8097CVE-2014-8098CVE-2014-8099CVE-2014-8100CVE-2014-8101CVE-2014-8102CVE-2014-8103Security update for python3-rpm, rpm, rpm-python (Moderate)openSUSE 13.1
This rpm update fixes the following security and non security issues:
- honor --noglob in install mode [bnc#892431]
- check for bad invalid name sizes [bnc#908128] [CVE-2014-8118]
- create files with mode 0 [bnc#906803] [CVE-2013-6435]
This update also includes version updates of rpm-python and python3-rpm.
(Moderate)SUSE bug 892431SUSE bug 906803SUSE bug 908128CVE-2013-6435CVE-2014-8118Security update for file (Moderate)openSUSE 13.1
This file update fixes the following two security issues:
- bsc#910252: multiple denial of service issues (resource consumption)
(CVE-2014-8116)
- bsc#910253: denial of service issue (resource consumption)
(CVE-2014-8117)
(Moderate)Security update for subversion (Moderate)openSUSE 13.1
This Apache Subversion update fixes the following security and non
security issues.
- Apache Subversion 1.8.11
- This release addresses two security issues: [boo#909935]
* CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
* CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction
names.
- Client-side bugfixes:
* checkout/update: fix file externals failing to follow history
and subsequently silently failing
* patch: don't skip targets in valid --git difs
* diff: make property output in diffs stable
* diff: fix diff of local copied directory with props
* diff: fix changelist filter for repos-WC and WC-WC
* remove broken conflict resolver menu options that always error
out
* improve gpg-agent support
* fix crash in eclipse IDE with GNOME Keyring
* fix externals shadowing a versioned directory
* fix problems working on unix file systems that don't support
permissions
* upgrade: keep external registrations
* cleanup: iprove performance of recorded timestamp fixups
* translation updates for German
- Server-side bugfixes:
* disable revprop caching feature due to cache invalidation
problems
* skip generating uniquifiers if rep-sharing is not supported
* mod_dav_svn: reject requests with missing repository paths
* mod_dav_svn: reject requests with invalid virtual transaction
names
* mod_dav_svn: avoid unneeded memory growth in resource walking
(Moderate)SUSE bug 909935CVE-2014-3580CVE-2014-8108Security update for apache2 (Moderate)openSUSE 13.1
Apache2 was updated to fix bugs and security issues.
Security issues fixed:
CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds
"MergeTrailers" directive to restore legacy behavior [bnc#871310],
CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider
is used in multiple Require directives with different arguments.
Bugfixes:
- changed apache2.service file to fix situation where apache won't
start at boot when using an encrypted certificate because user
isn't prompted for password during boot [bnc#792309].
- added <IfModule> around SSLSessionCache to avoid failing to start
[bnc#842377], [bnc#849445] and [bnc#864166].
(Moderate)SUSE bug 792309SUSE bug 842377SUSE bug 849445SUSE bug 864166SUSE bug 871310SUSE bug 909715CVE-2013-5704CVE-2014-8109Security update for libreoffice (Moderate)openSUSE 13.1
This libreoffice update fixes the following security and non secuirty
issues:
- Fix for CVE-2014-9093 bnc#907636.
- Fix typo %{libdir} -> %{_libdir}
- Remove dangling symlinks from previous versions bnc#884942.
- Fix build with boost 1.56
(Moderate)SUSE bug 884942SUSE bug 907636CVE-2014-9093update for gnumeric (Moderate)openSUSE 13.1
- Add gnumeric-CVE-2013-6836.patch: fix Heap-buffer-overflow in
ms_escher_get_data on a fuzzed xls file (bnc#856254, bgo#712772,
CVE-2013-6838).
(Moderate)SUSE bug 856254CVE-2013-6836CVE-2013-6838update for tor (Moderate)openSUSE 13.1
- fixes potentially poor random number generation for users who
1) use OpenSSL 1.0.0 or later,
2) set "HardwareAccel 1" in their torrc file,
3) have "Sandy Bridge" or "Ivy Bridge" Intel processors
and
4) have no state file in their DataDirectory (as would happen on
first start).
Users who generated relay or hidden service identity keys in such
a situation should discard them and generate new ones.
No 2 is not the default configuration for openSUSE.
[bnc#859421] [CVE-2013-7295]
- added patches:
* tor-0.2.3.x-CVE-2013-7295.patch
(Moderate)SUSE bug 859421CVE-2013-7295update for ack (Moderate)openSUSE 13.1
- update to ack 2.12:
fixes potential remote code execution via per-project .ackrc files
[bnc#855340] [CVE-2013-7069]
* prevents the --pager, --regex and --output options from being
used from project-level ackrc files, preventing possible code
execution when using ack through malicious files
* --pager, --regex and --output options may still be used from
the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS
environment variable, and of course from the command line.
* Now ignores Eclipse .metadata directory.
- includes changes form 2.11_02:
* upstream source mispackaging fix
- includes changes from 2.11_01
* Fixed a race condition in t/file-permission.t that was causing
failures if tests were run in parallel.
- includes changes from 2.10:
* Add --perltest for *.t files
* Added Matlab support
* More compatibility fixes for Perl 5.8.8.
- includes changes from 2.08
* ack now ignores CMake's build/cache directories by default
* Add shebang matching for --lua files
* Add documentation for --ackrc
* Add Elixir filetype
* Add --cathy option
* Add some helpful debugging tips when an invalid option is found
* Ignore PDF files by default, because Perl will detect them as text
* Ignore .gif, .jpg, .jpeg and .png files. They won't normally be
selected, but this is an optimization so that ack doesn't have to
open them to know
* Ack's colorizing of output would get confused with multiple sets
of parentheses
* Ack would get confused when trying to colorize the output in
DOS-format files
- includes changes from 2.05_01
* We now ignore the node_modules directories created by npm
* --pager without an argument implies --pager=$PAGER
* --perl now recognizes Plack-style .psgi files
* Added filetypes for Coffescript, JSON, LESS, and Sass.
* Command-line options now override options set in ackrc files
* ACK_PAGER and ACK_PAGER_COLOR now work as advertised.
* Fix a bug resulting in uninitialized variable warnings when more
than one capture group was specified in the search pattern
* Make sure ack is happy to build and test under cron and other
console-less environments.
- packaging changes:
* run more rests with IO::Pty
* refresh ack-ignore-osc.patch for upstream changes
* update project URL
- port changes from devel:languages:perl ack by daxim@cpan.org:
* correct metadata: licence, CPAN download, homepage
* unset forced prefix - let Perl configuration and toolchain
determine the prefix/install_base which will DTRT
* bash completion is gone, remove dead code
- modified patches:
* ack-ignore-osc.patch adjust for upstream source changes
(Moderate)SUSE bug 855340CVE-2013-7069update for wireshark (Moderate)openSUSE 13.1
- update to 1.10.5
+ bugs fixed:
* Wireshark stops showing new packets but dumpcap keeps writing
them to the temp file.
* Wireshark 1.10.4 shuts down when promiscuous mode is
unchecked.
* Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector
accessed an invalid memory address.
- update to 1.10.4 [bnc#855980]
+ vulnerabilities fixed:
* The SIP dissector could go into an infinite loop.
wnpa-sec-2013-66 CVE-2013-7112
* The BSSGP dissector could crash.
wnpa-sec-2013-67 CVE-2013-7113
* The NTLMSSP v2 dissector could crash. Discovered by Garming Sam.
wnpa-sec-2013-68 CVE-2013-7114
+ Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html
(Moderate)SUSE bug 855980CVE-2013-7112CVE-2013-7113CVE-2013-7114update for libqt5-qtbase (Moderate)openSUSE 13.1
- added patches:
* disallow-deep-or-widely-nested-entity-references.patch: upstream
fix for bnc#856832 and CVE-2013-4549: xml entity expansion attacks
(Moderate)SUSE bug 856832CVE-2013-4549update for java-1_7_0-openjdk (Moderate)openSUSE 13.1
- Fix a file conflict between -devel and -headless package
- Update to 2.4.4 (bnc#858818)
* changed from xz to gzipped tarball as the first was not available
during update
* changed a keyring file due release manager change
new one is signed by 66484681 from omajid@redhat.com, see
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html
* Security fixes
- S6727821: Enhance JAAS Configuration
- S7068126, CVE-2014-0373: Enhance SNMP statuses
- S8010935: Better XML handling
- S8011786, CVE-2014-0368: Better applet networking
- S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list
- S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code
- S8022904: Enhance JDBC Parsers
- S8022927: Input validation for byte/endian conversions
- S8022935: Enhance Apache resolver classes
- S8022945: Enhance JNDI implementation classes
- S8023057: Enhance start up image display
- S8023069, CVE-2014-0411: Enhance TLS connections
- S8023245, CVE-2014-0423: Enhance Beans decoding
- S8023301: Enhance generic classes
- S8023338: Update jarsigner to encourage timestamping
- S8023672: Enhance jar file validation
- S8024302: Clarify jar verifications
- S8024306, CVE-2014-0416: Enhance Subject consistency
- S8024530: Enhance font process resilience
- S8024867: Enhance logging start up
- S8025014: Enhance Security Policy
- S8025018, CVE-2014-0376: Enhance JAX-P set up
- S8025026, CVE-2013-5878: Enhance canonicalization
- S8025034, CVE-2013-5907: Improve layout lookups
- S8025448: Enhance listening events
- S8025758, CVE-2014-0422: Enhance Naming management
- S8025767, CVE-2014-0428: Enhance IIOP Streams
- S8026172: Enhance UI Management
- S8026176: Enhance document printing
- S8026193, CVE-2013-5884: Enhance CORBA stub factories
- S8026204: Enhance auth login contexts
- S8026417, CVE-2013-5910: Enhance XML canonicalization
- S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms
- S8027201, CVE-2014-0376: Enhance JAX-P set up
- S8029507, CVE-2013-5893: Enhance JVM method processing
- S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains
* Backports
- S8025255: (tz) Support tzdata2013g
- S8026826: JDK 7 fix for 8010935 broke the build
* Bug fixes
- PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds
- D729448: 32-bit alignment on mips and mipsel
- PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6
- Add update.py, helper script to download openjdk tarballs from hg repo
- Buildrequire quilt unconditionally as it's used unconditionally.
- Really disable tests on non-JIT architectures. (from Ulrich Weigand)
- Add headless subpackage wich does not require X and pulse/alsa
- Add accessibility to extra subpackage, which requires new
java-atk-wrapper package
* removed java-1.7.0-openjdk-java-access-bridge-idlj.patch
* removed java-1.7.0-openjdk-java-access-bridge-tck.patch
* removed java-access-bridge-1.26.2.tar.bz2
- Refreshed
* java-1.7.0-openjdk-java-access-bridge-security.patch
- Add a support for running tests using --with tests
* this is ignored on non-jit architectures
- Prefer global over define as bcond_with does use them
- Forward declare aarch64 arch macro
- Define archbuild/archinstall macros for arm and aarch64
* remove a few ifarch conditions by using those macros in filelist
- Need ecj-bootstrap in bootstrap mode (noted by mmatz)
- Don't install vim and quilt in bootstrap mode
- A few enhancenments of bootstrap mode
* usable wia --with bootstrap
* disable docs, javadoc package
* fix configure arguments on bootstrap
- Add the unversioned SDK directory link to the files list
of -devel package (fixes update-alternatives from %post).
- Add support for bootstrapping with just gcj (using included
ecj directly). Increase stacksize for powerpc (amends
java-1.7.0-openjdk-ppc-zero-jdk.patch). Add support for ppc64le.
- fix stackoverflow for powerpc
(java-1_7_0-openjdk-ppc-stackoverflow.patch) (Moderate)SUSE bug 858818CVE-2013-5878CVE-2013-5884CVE-2013-5893CVE-2013-5896CVE-2013-5907CVE-2013-5910CVE-2014-0368CVE-2014-0373CVE-2014-0376CVE-2014-0408CVE-2014-0411CVE-2014-0416CVE-2014-0422CVE-2014-0423CVE-2014-0428Security update for ruby20 (Moderate)openSUSE 13.1
This ruby update fixes the following two security issues:
- bnc#902851: fix CVE-2014-8080: Denial Of Service XML Expansion
- bnc#905326: fix CVE-2014-8090: Another Denial Of Service XML Expansion
- Enable tests to run during the build. This way we can compare
the results on different builds.
(Moderate)SUSE bug 902851SUSE bug 905326CVE-2014-8080CVE-2014-8090Security update for jasper (Moderate)openSUSE 13.1
The follow issues were fixed with this update:
- CVE-2014-8137 double-free in jas_iccattrval_destroy()(bnc#909474)
- CVE-2014-8138 heap overflow in jas_decode() (bnc#909475)
(Moderate)SUSE bug 909474SUSE bug 909475CVE-2014-8137Security update for libvirt (Moderate)openSUSE 13.1
This update fixes the following security issues:
- CVE-2015-0236: libvirt: access control bypass bsc#914693
- bnc#905086: libvirt cannot properly determine cpu flags with qemu-kvm
- Fixed allowing devices for containers.
(Moderate)SUSE bug 905086SUSE bug 914693CVE-2015-0236Security update for xen (Important)openSUSE 13.1
The virtualization software XEN was updated to version 4.3.3 and also
to fix bugs and security issues.
Security issues fixed:
CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown
CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation
CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
CVE-2014-8867: XSA-112: xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
CVE-2014-8866: XSA-111: xen: Excessive checking in compatibility mode hypercall argument translation
CVE-2014-8595: XSA-110: xen: Missing privilege level checks in x86 emulation of far branches
CVE-2014-8594: XSA-109: xen: Insufficient restrictions on certain MMU update hypercalls
CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts
CVE-2014-5146, CVE-2014-5149: xen: XSA-97 Long latency virtual-mmu operations are not preemptible
Bugs fixed:
- bnc#903357 - Corrupted save/restore test leaves orphaned data
in xenstore
- bnc#903359 - Temporary migration name is not cleaned up after
migration
- bnc#903850 - VUL-0: Xen: guest user mode triggerable VM exits not
handled by hypervisor
- bnc#866902 - L3: Xen save/restore of HVM guests cuts off disk
and networking
- bnc#901317 - L3: increase limit domUloader to 32MB
domUloader.py
- bnc#882089 - Windows 2012 R2 fails to boot up with greater than
60 vcpus
- bsc#900292 - xl: change default dump directory
- Update to Xen 4.3.3
(Important)SUSE bug 826717SUSE bug 866902SUSE bug 882089SUSE bug 889526SUSE bug 900292SUSE bug 901317SUSE bug 903357SUSE bug 903359SUSE bug 903850SUSE bug 903967SUSE bug 903970SUSE bug 905465SUSE bug 905467SUSE bug 906439SUSE bug 906996SUSE bug 910681CVE-2013-3495CVE-2014-5146CVE-2014-5149CVE-2014-8594CVE-2014-8595CVE-2014-8866CVE-2014-8867CVE-2014-9030CVE-2014-9065CVE-2014-9066CVE-2015-0361Security update for vorbis-tools (Moderate)openSUSE 13.1
vorbis-tools was updated to fix one security issue.
This security issue was fixed:
- Segfault when trying to encode trivial raw input (CVE-2014-9640).
(Moderate)SUSE bug 914938CVE-2014-9640Security update for privoxy (Moderate)openSUSE 13.1
privoxy was updated to version 3.0.23 to fix three security issues.
These security issues were fixed:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort() (CVE-2015-1380).
- Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such (CVE-2015-1381).
- Client requests with body that can't be delivered no longer
cause pipelined requests behind them to be rejected as invalid (CVE-2015-1382).
(Moderate)SUSE bug 914934CVE-2015-1380CVE-2015-1381CVE-2015-1382Security update for virtualbox (Moderate)openSUSE 13.1
virtualbox was updated to version 4.2.28 to fix eight security issues.
These security issues were fixed:
- OpenSSL fixes for VirtualBox (CVE-2014-0224)
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447).
For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2
(Moderate)SUSE bug 914447CVE-2014-0224CVE-2014-6588CVE-2014-6589CVE-2014-6590CVE-2014-6595CVE-2015-0377CVE-2015-0418CVE-2015-0427Security update for flash-player (Critical)openSUSE 13.1 NonFree
flash-player was updated to version 11.2.202.442 to fix 18 security issues.
These security issues were fixed:
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322).
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330).
- Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319).
- Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327).
- Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324).
- Null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328).
More information is available at
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
(Critical)SUSE bug 915918CVE-2015-0313CVE-2015-0314CVE-2015-0315CVE-2015-0316CVE-2015-0317CVE-2015-0318CVE-2015-0319CVE-2015-0320CVE-2015-0321CVE-2015-0322CVE-2015-0323CVE-2015-0324CVE-2015-0325CVE-2015-0326CVE-2015-0327CVE-2015-0328CVE-2015-0329CVE-2015-0330Security update for unzip (Moderate)openSUSE 13.1
unzip was updated to fix security issues.
The unzip command line tool is affected by heap-based buffer overflows
within the CRC32 verification (CVE-2014-8139), the test_compr_eb()
(CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141).
The input errors may result in in arbitrary code execution.
More info can be found in the oCert announcement:
http://seclists.org/oss-sec/2014/q4/1127
(Moderate)SUSE bug 909214CVE-2014-8139CVE-2014-8140CVE-2014-8141Security update for llvm (Moderate)openSUSE 13.1
llvm was updated to fix one security issue.
This security issue was fixed:
- Insecure temporary file handling in clang's scan-build utility (CVE-2014-2893).
(Moderate)SUSE bug 874798CVE-2014-2893Security update for rsync (Moderate)openSUSE 13.1
rsync was updated to fix one security issue.
This security issue was fixed:
- Path spoofing attack vulnerability (CVE-2014-9512).
(Moderate)SUSE bug 915410CVE-2014-9512Security update for curl (Moderate)openSUSE 13.1
was updated to version 7.40.0 to fix two security issues.
These security issues were fixed:
- CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy,
allowed remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF
sequences in a URL (bnc#911363).
- CVE-2014-3707: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the
CURLOPT_COPYPOSTFIELDS option, did not properly copy HTTP POST data for an easy handle, which triggered an
out-of-bounds read that allowed remote web servers to read sensitive memory information (bnc#901924).
These non-security issues were fixed:
- http_digest: Added support for Windows SSPI based authentication
- version info: Added Kerberos V5 to the supported features
- Makefile: Added VC targets for WinIDN
- SSL: Add PEM format support for public key pinning
- smtp: Added support for the conversion of Unix newlines during mail send
- smb: Added initial support for the SMB/CIFS protocol
- Added support for HTTP over unix domain sockets,
- via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
- sasl: Added support for GSS-API based Kerberos V5 authentication
(Moderate)SUSE bug 901924SUSE bug 911363CVE-2014-3707CVE-2014-8150Security update for gcab (Moderate)openSUSE 13.1
This update fixes the following security issue:
- CVE-2015-0552: Avoid path traversal (boo#911814, bgo#742331, CVE-2015-0552).
(Moderate)SUSE bug 911814CVE-2015-0552Security update for jython (Moderate)openSUSE 13.1
jython was updated to fix one security issue.
This security issue was fixed:
- CVE-2013-2027: Creates executables class files with wrong permissions
(Moderate)SUSE bug 916224CVE-2013-2027Security update for tcpdump (Moderate)openSUSE 13.1
tcpdump was updated to fix three security issues.
These security issues were fixed:
- CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bnc#905870 905871).
- CVE-2014-8769: tcpdump 3.8 through 4.6.2 might allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bnc#905871 905872).
- CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bnc#905871).
(Moderate)SUSE bug 905870SUSE bug 905871SUSE bug 905872CVE-2014-8767CVE-2014-8768CVE-2014-8769Security update for clamav (Important)openSUSE 13.1
clamav was updated to version 0.98.6 that fixes bugs and several security issues:
* bsc#916217, CVE-2015-1461: Remote attackers can have
unspecified impact via Yoda's crypter or mew packer files.
* bsc#916214, CVE-2015-1462: Unspecified impact via acrafted upx
packer file.
* bsc#916215, CVE-2015-1463: Remote attackers can cause a denial
of service via a crafted petite packer file.
* bsc#915512, CVE-2014-9328: heap out of bounds condition with
crafted upack packer files.
(Important)SUSE bug 915512SUSE bug 916214SUSE bug 916215SUSE bug 916217CVE-2014-9328CVE-2015-1461CVE-2015-1462CVE-2015-1463Security update for roundcubemail (Moderate)openSUSE 13.1
roundcubemail was updated to version 1.0.5 to fix one security issue.
This security issue was fixed:
- CVE-2015-1433: program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 did not properly quote strings, which allowed remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email (bnc#915789).
Various non-security bugs were resolved in this update. Please see the changes file for details.
(Moderate)SUSE bug 863569SUSE bug 915789CVE-2015-1433Security update for dbus-1, dbus-1-x11 (Moderate)openSUSE 13.1
dbus-1, dbus-1-x11 were updated to version 1.8.16 to fix one security issue.
This update fixes the following security issue:
- CVE-2015-0245: Do not allow non-uid-0 processes to send forged
ActivationFailure messages. On Linux systems with systemd
activation, this would allow a local denial of service (bnc#916343).
These additional security hardenings are included:
- Do not allow calls to UpdateActivationEnvironment from uids
other than the uid of the dbus-daemon. If a system service
installs unsafe security policy rules that allow arbitrary
method calls (such as CVE-2014-8148) then this prevents
memory consumption and possible privilege escalation via
UpdateActivationEnvironment.
- Do not allow calls to UpdateActivationEnvironment or the
Stats interface on object paths other than
/org/freedesktop/DBus. Some system services install unsafe
security policy rules that allow arbitrary method calls to
any destination, method and interface with a specified object
path.
(Moderate)SUSE bug 916343CVE-2015-0245Security update for perl-YAML-LibYAML (Moderate)openSUSE 13.1
perl-YAML-LibYAML was updated to version 0.59 to fix four security issues.
These security issues were fixed:
- CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allowed remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow (bnc#860617, bnc#911782).
- CVE-2012-1152: Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allowed remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function (bnc#751503).
- CVE-2014-9130: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allowed context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping (bnc#907809, bnc#911782).
- CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allowed context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file (bnc#868944, bnc#911782).
These non-security issues were fixed:
- PR/23 Better scalar dump heuristics
- More closely match YAML.pm
- Add a VERSION statement to YAML::LibYAML (issue#8)
- Applied fix for PR/21. nawglan++
- Use Swim cpan-tail block functions in doc
- Get YAML::XS using latest libyaml
- Fix for https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
- Fix e1 test failure on 5.21.4
- Remove =travis section
- Meta 0.0.2
- Eliminate spurious trailing whitespace
- Add t/000-compile-modules.t
- Fix swim errors
- Add badges to doc
- Fix ReadMe
- Fix Meta and add Contributing.
- Doc fix. GitHub-Issue-#6. Thanks to Debian Perl Group for finding this.
- Test::Base tests needed 'inc' in @INC
- Switch to Zilla::Dist
- No longer dep on Test::Base, Spiffy, and Filter::Util::Call
- Remove test/changes.t
- Removed another C++ // style comment. jdb++
- Removed C++ // style comments, for better portability. jdb++
- Using the latest libyaml codebase
- https://github.com/yaml/libyaml/tree/perl-yaml-xs
- Changes have been made to start moving libyaml to 1.2
(Moderate)SUSE bug 751503SUSE bug 860617SUSE bug 868944SUSE bug 907809SUSE bug 911782CVE-2012-1152CVE-2013-6393CVE-2014-2525CVE-2014-9130Security update for php5 (Moderate)openSUSE 13.1
php5 was updated to fix five security issues.
These security issues were fixed:
- CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bnc#910659).
- CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690).
- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bnc#910659).
- CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap was used to read a .php file, did not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which caused an out-of-bounds read and might (1) allowed remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (bnc#911664).
For openSUSE 13.2 this additional security issue was fixed:
- CVE-2014-9426: The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempted to perform a free operation on a stack-based character array, which allowed remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors (bnc#911663).
(Moderate)SUSE bug 907519SUSE bug 910659SUSE bug 911663SUSE bug 911664SUSE bug 914690CVE-2014-8142CVE-2014-9426CVE-2014-9427CVE-2015-0231CVE-2015-0232Security update for xorg-x11-server (Moderate)openSUSE 13.1
xorg-x11-server was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810).
(Moderate)SUSE bug 915810CVE-2015-0255Security update for glibc (Moderate)openSUSE 13.1
Glibc was updated to fix several security issues.
- Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, bsc#910599, BZ #17630)
- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, bsc#906371, BZ #17625)
- Fix invalid file descriptor reuse while sending DNS query (CVE-2013-7423, bsc#915526, BZ #15946)
- Fix buffer overflow in wscanf
(CVE-2015-1472, bsc#916222, BZ #16618)
(Moderate)SUSE bug 906371SUSE bug 910599SUSE bug 915526SUSE bug 916222CVE-2013-7423CVE-2014-7817CVE-2014-9402CVE-2015-1472Security update for samba (Important)openSUSE 13.1
samba was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376).
- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279).
Several non-security issues were fixed, please refer to the changes file.
(Important)SUSE bug 914279SUSE bug 917376CVE-2014-8143CVE-2015-0240Security update for libsndfile (Moderate)openSUSE 13.1
Changes in libsndfile:
two buffer read overflows in sd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream fix patches
(Moderate)SUSE bug 911796CVE-2014-9496Security update for cups (Moderate)openSUSE 13.1
cups was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-9679: A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels (bnc#917799).
(Moderate)SUSE bug 917799CVE-2014-9679Security update for snack (Important)openSUSE 13.1
snack was updated to fix one security issue.
This security issue was fixed:
- CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file (bnc#793860).
(Important)SUSE bug 793860CVE-2012-6303Security update for MozillaFirefox, mozilla-nss (Important)openSUSE 13.1
MozillaFirefox, mozilla-nss were updated to fix 18 security issues.
MozillaFirefox was updated to version 36.0. These security issues were fixed:
- CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards
- CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections
- CVE-2015-0830: Malicious WebGL content crash when writing strings
- CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP connections
- CVE-2015-0831: Use-after-free in IndexedDB
- CVE-2015-0829: Buffer overflow in libstagefright during MP4 video playback
- CVE-2015-0828: Double-free when using non-default memory allocators with a zero-length XHR
- CVE-2015-0827: Out-of-bounds read and write while rendering SVG content
- CVE-2015-0826: Buffer overflow during CSS restyling
- CVE-2015-0825: Buffer underflow during MP3 playback
- CVE-2015-0824: Crash using DrawTarget in Cairo graphics library
- CVE-2015-0823: Use-after-free in Developer Console date with OpenType Sanitiser
- CVE-2015-0822: Reading of local files through manipulation of form autocomplete
- CVE-2015-0821: Local files or privileged URLs in pages can be opened into new tabs
- CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof foreground tabs
- CVE-2015-0820: Caja Compiler JavaScript sandbox bypass
mozilla-nss was updated to version 3.17.4 to fix the following issues:
- CVE-2014-1569: QuickDER decoder length issue (bnc#910647).
- bmo#1084986: If an SSL/TLS connection fails, because client and server don't have any common protocol version enabled, NSS has been changed to report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting SSL_ERROR_NO_CYPHER_OVERLAP).
- bmo#1112461: libpkix was fixed to prefer the newest certificate, if multiple certificates match.
- bmo#1094492: fixed a memory corruption issue during failure of keypair generation.
- bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode.
- bmo#1119983: fixed interoperability of NSS server code with a LibreSSL client.
(Important)SUSE bug 910647SUSE bug 917597CVE-2014-1569CVE-2015-0819CVE-2015-0820CVE-2015-0821CVE-2015-0822CVE-2015-0823CVE-2015-0824CVE-2015-0825CVE-2015-0826CVE-2015-0827CVE-2015-0828CVE-2015-0829CVE-2015-0830CVE-2015-0831CVE-2015-0832CVE-2015-0834CVE-2015-0835CVE-2015-0836Security update for python-rope (Low)openSUSE 13.1
python-rope was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-3539: Disable dynamic object analysis by default (bnc#916890).
(Low)SUSE bug 916890CVE-2014-3539Security update for vsftpd (Low)openSUSE 13.1
vsftpd was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-1419: vsftpd config option deny_file was not handled correctly (bnc#915522).
Note: deny_file shouldn't be used to restrict access, as stated in the documentation. Please
use more reliable methods.
(Low)SUSE bug 900326SUSE bug 915522CVE-2015-1419update for libvirt (Moderate)openSUSE 13.1
- CVE-2014-8136: libvirt: local denial of service in qemu driver
2bdcd29c-CVE-2014-8136.patch
bsc#910862
(Moderate)SUSE bug 910862CVE-2014-8136Security update for php5 (Important)openSUSE 13.1
php5 was updated to fix two security issues.
These security issues were fixed:
- CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150).
- CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768).
(Important)SUSE bug 917150SUSE bug 918768CVE-2014-9652CVE-2015-0273Security update for chromium (Important)openSUSE 13.1
chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities.
These security issues were fixed:
- CVE-2015-1209: Use-after-free in DOM (bnc#916841).
- CVE-2015-1210: Cross-origin-bypass in V8 bindings (bnc#916843).
- CVE-2015-1211: Privilege escalation using service workers (bnc#916838).
- CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives (bnc#916840).
- CVE-2014-7923: Memory corruption in ICU (bnc#914468).
- CVE-2014-7924: Use-after-free in IndexedDB (bnc#914468).
- CVE-2014-7925: Use-after-free in WebAudio (bnc#914468).
- CVE-2014-7926: Memory corruption in ICU (bnc#914468).
- CVE-2014-7927: Memory corruption in V8 (bnc#914468).
- CVE-2014-7928: Memory corruption in V8 (bnc#914468).
- CVE-2014-7930: Use-after-free in DOM (bnc#914468).
- CVE-2014-7931: Memory corruption in V8 (bnc#914468).
- CVE-2014-7929: Use-after-free in DOM (bnc#914468).
- CVE-2014-7932: Use-after-free in DOM (bnc#914468).
- CVE-2014-7933: Use-after-free in FFmpeg (bnc#914468).
- CVE-2014-7934: Use-after-free in DOM (bnc#914468).
- CVE-2014-7935: Use-after-free in Speech (bnc#914468).
- CVE-2014-7936: Use-after-free in Views (bnc#914468).
- CVE-2014-7937: Use-after-free in FFmpeg (bnc#914468).
- CVE-2014-7938: Memory corruption in Fonts (bnc#914468).
- CVE-2014-7939: Same-origin-bypass in V8 (bnc#914468).
- CVE-2014-7940: Uninitialized-value in ICU (bnc#914468).
- CVE-2014-7941: Out-of-bounds read in UI (bnc#914468).
- CVE-2014-7942: Uninitialized-value in Fonts (bnc#914468).
- CVE-2014-7943: Out-of-bounds read in Skia
- CVE-2014-7944: Out-of-bounds read in PDFium
- CVE-2014-7945: Out-of-bounds read in PDFium
- CVE-2014-7946: Out-of-bounds read in Fonts
- CVE-2014-7947: Out-of-bounds read in PDFium
- CVE-2014-7948: Caching error in AppCache
- CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives
These non-security issues were fixed:
- Fix using 'echo' command in chromium-browser.sh script
(Important)SUSE bug 914468SUSE bug 916838SUSE bug 916840SUSE bug 916841SUSE bug 916843CVE-2014-7923CVE-2014-7924CVE-2014-7925CVE-2014-7926CVE-2014-7927CVE-2014-7928CVE-2014-7929CVE-2014-7930CVE-2014-7931CVE-2014-7932CVE-2014-7933CVE-2014-7934CVE-2014-7935CVE-2014-7936CVE-2014-7937CVE-2014-7938CVE-2014-7939CVE-2014-7940CVE-2014-7941CVE-2014-7942CVE-2014-7943CVE-2014-7944CVE-2014-7945CVE-2014-7946CVE-2014-7947CVE-2014-7948CVE-2015-1205CVE-2015-1209CVE-2015-1210CVE-2015-1211CVE-2015-1212Security update for MozillaThunderbird (Important)openSUSE 13.1
MozillaThunderbird was updated to version 31.5.0 to fix four security issues.
These security issues were fixed:
- CVE-2015-0836: Miscellaneous memory safety hazards
- CVE-2015-0831: Use-after-free in IndexedDB
- CVE-2015-0827: Out-of-bounds read and write while rendering SVG content
- CVE-2015-0822: Reading of local files through manipulation of form autocomplete
(Important)SUSE bug 917597CVE-2015-0822CVE-2015-0827CVE-2015-0831CVE-2015-0836Security update for tiff (Moderate)openSUSE 13.1
LibTIFF was updated fix various security issues that could lead to crashes of the image decoder.
(CVE-2014-9655, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1547)
(Moderate)SUSE bug 914890SUSE bug 916925SUSE bug 916927CVE-2014-8127CVE-2014-8128CVE-2014-8129CVE-2014-8130CVE-2014-9655CVE-2015-1547Better fix for buffer overflow causing DoS (Moderate)openSUSE 13.1
This update fixes previous security update, which was not considered as complete. (Moderate)SUSE bug 912214CVE-2014-9556Security update for percona-toolkit, xtrabackup (Low)openSUSE 13.1
Percona Toolkit and XtraBackup were updated to fix bugs and security issues.
Percona XtraBackup was vulnerable to MITM attack which could allow
exfiltration of MySQL configuration information via the --version-check
option. [boo#919298] CVE-2015-1027 lp#1408375.
The openSUSE package has the version check disabled by default.
Percona Toolkit was updated to 2.2.13:
* Feature lp#1391240: pt-kill added query fingerprint hash to output
* Fixed lp#1402668: pt-mysql-summary fails on cluster in Donor/Desynced status
* Fixed lp#1396870: pt-online-schema-change CTRL+C leaves terminal in inconsistent state
* Fixed lp#1396868: pt-online-schema-change --ask-pass option error
* Fixed lp#1266869: pt-stalk fails to start if $HOME environment variable is not set
* Fixed lp#1019479: pt-table-checksum does not work with sql_mode ONLY_FULL_GROUP_BY
* Fixed lp#1394934: pt-table-checksum error in debug mode
* Fixed lp#1321297: pt-table-checksum reports diffs on timestamp columns in 5.5 vs 5.6
* Fixed lp#1399789: pt-table-checksum fails to find pxc nodes when wsrep_node_incoming_address is set to AUTO
* Fixed lp#1388870: pt-table-checksum has some errors with different time zones
* Fixed lp#1408375: vulnerable to MITM attack which would allow exfiltration of MySQL configuration information via --version-check [boo#919298] [CVE-2015-1027]
* Fixed lp#1404298: missing MySQL5.7 test files for pt-table-checksum
* Fixed lp#1403900: added sandbox and fixed sakila test db for 5.7
Percona XtraBackup was updated to version 2.2.9:
* xtrabackup_galera_info file isn't overwritten during the Galera auto-recovery. lp#1418584.
* Percona XtraBackup now sets the maximum supported session value
for lock_wait_timeout variable to prevent unnecessary timeouts
when the global value is changed from the default. lp#1410339.
* New option --backup-locks, enabled by default, has been
implemented to control if backup locks will be used even if
they are supported by the server. To disable backup locks
innobackupex should be run with innobackupex --no-backup-locks
option. lp#1418820.
(Low)SUSE bug 919298CVE-2015-1027Security update for putty (Moderate)openSUSE 13.1
The SSH Terminal emulator putty was updated to the new upstream release 0.64, fixing security issues and bugs:
Security fix:
PuTTY no longer retains the private half of users' keys in memory by mistake after authenticating with them.
[bsc#920167] (CVE-2015-2157)
New feature:
Support for SSH connection sharing, so that multiple instances of
PuTTY to the same host can share a single SSH connection instead
of all having to log in independently.
Bug fix:
IPv6 literals are handled sensibly throughout the suite,
if you enclose them in square brackets to prevent the colons
being mistaken for a :port suffix.
(Moderate)SUSE bug 920167CVE-2015-2157Security update for glusterfs (Moderate)openSUSE 13.1
glusterfs was updated to fix a fragment header infinite loop denial of
service attack (CVE-2014-3619).
(Moderate)SUSE bug 919879CVE-2014-3619Security update for autofs (Moderate)openSUSE 13.1
The automount service autofs was updated to prevent a potential privilege
escalation via interpreter load path for program-based automount
maps. (bsc#917977 CVE-2014-8169)
(Moderate)SUSE bug 917977CVE-2014-8169Security update for cacti (Moderate)openSUSE 13.1
cacti was updated to version 0.8.8c [boo#920399]
This update fixes four vulnerabilities and adds some compatible features.
- Security fixes not previously patched:
- CVE-2014-2326 - XSS issue via CDEF editing
- CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
- CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
- CVE-2014-4002 - XSS issues in multiple files
- CVE-2014-5025 - XSS issue via data source editing
- CVE-2014-5026 - XSS issues in multiple files
- Security fixes now upstream:
- CVE-2013-5588 - XSS issue via installer or device editing
- CVE-2013-5589 - SQL injection vulnerability in device editing
New features:
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere
(Moderate)SUSE bug 920399CVE-2014-2327CVE-2014-4002CVE-2014-5025CVE-2014-5026Security update for osc (Important)openSUSE 13.1
osc was updated to fix a security issue and some non-security bugs.
osc was updated to 0.151.0, fixing the following vulnerability:
* fixed shell command injection via crafted _service files CVE-2015-0778 boo#901643
The following non-security bugs were fixed:
* fix times when data comes from OBS backend
* support updateing the link in target package for submit requests
* various minor bugfixes
(Important)SUSE bug 901643CVE-2015-0778Security update for flash-player (Critical)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.451 (bsc#922033).
These security issues were fixed:
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
- Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336).
- A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337).
- A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340).
- An integer overflow vulnerability that could lead to code execution (CVE-2015-0338).
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342).
(Critical)SUSE bug 922033CVE-2015-0332CVE-2015-0333CVE-2015-0334CVE-2015-0335CVE-2015-0336CVE-2015-0337CVE-2015-0338CVE-2015-0339CVE-2015-0340CVE-2015-0341CVE-2015-0342Security update for wireshark (Moderate)openSUSE 13.1
Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues.
Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues.
The following security issues were fixed in 1.10.13:
* The WCP dissector could crash.
wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696]
* The pcapng file parser could crash.
wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697]
* The TNEF dissector could go into an infinite loop.
wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699]
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html
The following security issues were fixed in 1.12.4:
- The following security issues were fixed:
* The ATN-CPDLC dissector could crash.
wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695]
* The WCP dissector could crash.
wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696]
* The pcapng file parser could crash.
wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697]
* The LLDP dissector could crash.
wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698]
* The TNEF dissector could go into an infinite loop.
wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699]
* The SCSI OSD dissector could go into an infinite loop.
wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700]
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html
(Moderate)SUSE bug 920695SUSE bug 920696SUSE bug 920697SUSE bug 920698SUSE bug 920699SUSE bug 920700CVE-2015-2187CVE-2015-2188CVE-2015-2189CVE-2015-2190CVE-2015-2191CVE-2015-2192Security update to Chromium 41.0.2272.76 (Important)openSUSE 13.1
Chromium was updated to 41.0.2272.76 (bnc#920825)
Security fixes:
* CVE-2015-1212: Out-of-bounds write in media
* CVE-2015-1213: Out-of-bounds write in skia filters
* CVE-2015-1214: Out-of-bounds write in skia filters
* CVE-2015-1215: Out-of-bounds write in skia filters
* CVE-2015-1216: Use-after-free in v8 bindings
* CVE-2015-1217: Type confusion in v8 bindings
* CVE-2015-1218: Use-after-free in dom
* CVE-2015-1219: Integer overflow in webgl
* CVE-2015-1220: Use-after-free in gif decoder
* CVE-2015-1221: Use-after-free in web databases
* CVE-2015-1222: Use-after-free in service workers
* CVE-2015-1223: Use-after-free in dom
* CVE-2015-1230: Type confusion in v8
* CVE-2015-1224: Out-of-bounds read in vpxdecoder
* CVE-2015-1225: Out-of-bounds read in pdfium
* CVE-2015-1226: Validation issue in debugger
* CVE-2015-1227: Uninitialized value in blink
* CVE-2015-1228: Uninitialized value in rendering
* CVE-2015-1229: Cookie injection via proxies
* CVE-2015-1231: Various fixes from internal audits
* Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch
(Important)SUSE bug 920825CVE-2015-1212CVE-2015-1213CVE-2015-1214CVE-2015-1215CVE-2015-1216CVE-2015-1217CVE-2015-1218CVE-2015-1219CVE-2015-1220CVE-2015-1221CVE-2015-1222CVE-2015-1223CVE-2015-1224CVE-2015-1225CVE-2015-1226CVE-2015-1227CVE-2015-1228CVE-2015-1229CVE-2015-1230CVE-2015-1231Security update for vorbis-tools (Moderate)openSUSE 13.1
vorbis-tools was updated to fix division by zero and integer overflow by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441).
(Moderate)SUSE bug 914439SUSE bug 914441CVE-2014-9638CVE-2014-9639Security update for libssh2_org (Moderate)openSUSE 13.1
libssh2_org was updated to version 1.5.0 to fix bugs
and a security issue.
Changes in 1.5.0:
Added Windows Cryptography API: Next Generation based backend
Bug fixes:
- Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782
- missing _libssh2_error in _libssh2_channel_write
- knownhost: Fix DSS keys being detected as unknown.
- knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
- libssh2.h: on Windows, a socket is of type SOCKET, not int
- libssh2_priv.h: a 1 bit bit-field should be unsigned
- windows build: do not export externals from static library
- Fixed two potential use-after-frees of the payload buffer
- Fixed a few memory leaks in error paths
- userauth: Fixed an attempt to free from stack on error
- agent_list_identities: Fixed memory leak on OOM
- knownhosts: Abort if the hosts buffer is too small
- sftp_close_handle: ensure the handle is always closed
- channel_close: Close the channel even in the case of errors
- docs: added missing libssh2_session_handshake.3 file
- docs: fixed a bunch of typos
- userauth_password: pass on the underlying error code
- _libssh2_channel_forward_cancel: accessed struct after free
- _libssh2_packet_add: avoid using uninitialized memory
- _libssh2_channel_forward_cancel: avoid memory leaks on error
- _libssh2_channel_write: client spins on write when window full
- windows build: fix build errors
- publickey_packet_receive: avoid junk in returned pointers
- channel_receive_window_adjust: store windows size always
- userauth_hostbased_fromfile: zero assign to avoid uninitialized use
- configure: change LIBS not LDFLAGS when checking for libs
- agent_connect_unix: make sure there's a trailing zero
- MinGW build: Fixed redefine warnings.
- sftpdir.c: added authentication method detection.
- Watcom build: added support for WinCNG build.
- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
- sftp_statvfs: fix for servers not supporting statfvs extension
- knownhost.c: use LIBSSH2_FREE macro instead of free
- Fixed compilation using mingw-w64
- knownhost.c: fixed that 'key_type_len' may be used uninitialized
- configure: Display individual crypto backends on separate lines
- examples on Windows: check for WSAStartup return code
- examples on Windows: check for socket return code
- agent.c: check return code of MapViewOfFile
- kex.c: fix possible NULL pointer de-reference with session->kex
- packet.c: fix possible NULL pointer de-reference within listen_state
- tests on Windows: check for WSAStartup return code
- userauth.c: improve readability and clarity of for-loops
- examples on Windows: use native SOCKET-type instead of int
- packet.c: i < 256 was always true and i would overflow to 0
- kex.c: make sure mlist is not set to NULL
- session.c: check return value of session_nonblock in debug mode
- session.c: check return value of session_nonblock during startup
- userauth.c: make sure that sp_len is positive and avoid overflows
- knownhost.c: fix use of uninitialized argument variable wrote
- openssl: initialise the digest context before calling EVP_DigestInit()
- libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET
- configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
- configure.ac: Rework crypto library detection
- configure.ac: Reorder --with-* options in --help output
- configure.ac: Call zlib zlib and not libz in text but keep option names
- Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
- sftp: seek: Don't flush buffers on same offset
- sftp: statvfs: Along error path, reset the correct 'state' variable.
- sftp: Add support for fsync (OpenSSH extension).
- _libssh2_channel_read: fix data drop when out of window
- comp_method_zlib_decomp: Improve buffer growing algorithm
- _libssh2_channel_read: Honour window_size_initial
- window_size: redid window handling for flow control reasons
- knownhosts: handle unknown key types
(Moderate)SUSE bug 921070CVE-2015-1782Security update for krb5 (Moderate)openSUSE 13.1
krb5 was updated to fix three security issues.
Remote authenticated users could cause denial of service.
On openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities:
- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name
- bnc#918595: CVE-2014-5355: krb5: denial of service in krb5_read_message
On openSUSE 13.1 krb5 was updated to fix the following vulnerability:
- bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries
(Moderate)SUSE bug 910457SUSE bug 910458SUSE bug 918595CVE-2014-5353CVE-2014-5354CVE-2014-5355Security update for openssl (Moderate)openSUSE 13.1
OpenSSL was updated to fix various security issues.
Following security issues were fixed:
- CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error
was fixed which could lead to crashes for attacker supplied Elliptic
Curve keys. This could be exploited over SSL connections with client
supplied keys.
- CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that
could be exploited by attackers when e.g. client authentication is
used. This could be exploited over SSL connections.
- CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This
problem can not be exploited over regular SSL connections, only if
specific client programs use specific ASN.1 routines.
- CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed,
which could lead to crashes. This function is not commonly used, and
not reachable over SSL methods.
- CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed,
which could lead to crashes of programs using the PKCS7 APIs. The SSL
apis do not use those by default.
- CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers,
could be used by remote attackers to terminate the server process. Note
that this requires SSLv2 being allowed, which is not the default.
(Moderate)SUSE bug 919648SUSE bug 920236SUSE bug 922488SUSE bug 922496SUSE bug 922499SUSE bug 922500CVE-2015-0209CVE-2015-0286CVE-2015-0287CVE-2015-0288CVE-2015-0289CVE-2015-0293Security update for libarchive (Moderate)openSUSE 13.1
libarchive was updated to fix a directory traversal in the bsdcpio tool, which
allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304)
Also, a integer overflow was fixed that could also overflow buffers. (CVE-2013-0211)
(Moderate)SUSE bug 800024SUSE bug 920870CVE-2013-0211CVE-2015-2304Security update for seamonkey (Moderate)openSUSE 13.1
SeaMonkey was updated to 2.33 (bnc#917597)
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
Double-free when using non-default memory allocators with a
zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
Buffer overflow during CSS restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
Buffer underflow during MP3 playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
Crash using DrawTarget in Cairo graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
Use-after-free in Developer Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
Reading of local files through manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
UI Tour whitelisted sites in background tab can spoof foreground tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398)
Caja Compiler JavaScript sandbox bypass
Update to SeaMonkey 2.32.1
* fixed MailNews feeds not updating
* fixed selected profile in Profile Manager not remembered
* fixed opening a bookmark folder in tabs on Linux
* fixed Troubleshooting Information (about:support) with the
Modern theme
(Moderate)SUSE bug 917597CVE-2015-0819CVE-2015-0820CVE-2015-0821CVE-2015-0822CVE-2015-0823CVE-2015-0824CVE-2015-0825CVE-2015-0826CVE-2015-0827CVE-2015-0828CVE-2015-0829CVE-2015-0830CVE-2015-0831CVE-2015-0832CVE-2015-0833CVE-2015-0834CVE-2015-0835CVE-2015-0836Security update for kdebase4-runtime, kdelibs4, konversation, kwebkitpart, libqt4 (Moderate)openSUSE 13.1
KDE and QT were updated to fix security issues and bugs.
The following vulerabilities were fixed:
* CVE-2014-0190: Malformed GIF files could have crashed QT based applications
* CVE-2015-0295: Malformed BMP files could have crashed QT based applications
* CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes
* CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak
* CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack
Additionally, Konversation was updated to 1.5.1 to fix bugs.
(Moderate)SUSE bug 875470SUSE bug 883374SUSE bug 902670SUSE bug 905742SUSE bug 921999CVE-2014-0190CVE-2014-3494CVE-2014-8483CVE-2014-8600CVE-2015-0295Security update for less (Low)openSUSE 13.1
less was updated to fix one minor security issue:
Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access. (bnc#921719) (CVE-2014-9488) (Low)SUSE bug 921719CVE-2014-9488Security update for tor (Moderate)openSUSE 13.1
Tor was updated to 0.2.4.26 to fix several security issues:
The release:
Contains several medium-level security fixes for relays and exit
nodes and also updates the list of directory authorities.
* Directory authority updates
* relay crashes trough assertion (CVE-2015-2688)
* exit node crash through assertion under high DNS load (CVE-2015-2689)
* update geoip/geoip6 to the March 3 2015
(Moderate)SUSE bug 923284CVE-2015-2688CVE-2015-2689Security update for MozillaFirefox (Important)openSUSE 13.1
MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security issues found during Pwn2Own:
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination
Als fixed were the following bugs:
- Copy the icons to /usr/share/icons instead of symlinking them:
in preparation for containerized apps (e.g. xdg-app) as well as
AppStream metadata extraction, there are a couple locations that
need to be real files for system integration (.desktop files,
icons, mime-type info).
- update to Firefox 36.0.1
Bugfixes:
* Disable the usage of the ANY DNS query type (bmo#1093983)
* Hello may become inactive until restart (bmo#1137469)
* Print preferences may not be preserved (bmo#1136855)
* Hello contact tabs may not be visible (bmo#1137141)
* Accept hostnames that include an underscore character ("_")
(bmo#1136616)
* WebGL may use significant memory with Canvas2d (bmo#1137251)
* Option -remote has been restored (bmo#1080319)
(Important)SUSE bug 923534CVE-2015-0817CVE-2015-0818Security update for libzip (Moderate)openSUSE 13.1
Libzip was updated to fix one security issue.
A zip file with an unusually large number of entries could have caused an integer overflow leading to a write past the heap boundary, crashing the application. (CVE-2015-2331 bnc#923240)
(Moderate)SUSE bug 923240CVE-2015-2331Security update for libXfont (Important)openSUSE 13.1
libXFont was updated to fix three vulnerabilities when parsing BDF files (bnc#921978)
As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server.
The following vulnerabilities were fixed:
* The BDF parser could allocate the a wrong buffer size, leading to out of bound writes (CVE-2015-1802)
* The BDF parser could crash when trying to read an invalid pointer (CVE-2015-1803)
* The BDF parser could read 32 bit metrics values into 16 bit integers, causing an out-of-bound memory access though integer overflow (CVE-2015-1804) (Important)SUSE bug 921978CVE-2015-1802CVE-2015-1803CVE-2015-1804Security update for tcpdump (Moderate)openSUSE 13.1
tcpdump was updated to fix five vulnerabilities in protocol printers
When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network.
The following vulnerabilities were fixed:
* IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220)
* PPP printer remote DoS (CVE-2014-9140, bnc#923142)
* force printer remote DoS (CVE-2015-2155, bnc#922223)
* ethernet printer remote DoS (CVE-2015-2154, bnc#922222)
* tcp printer remote DoS (CVE-2015-2153, bnc#922221)
(Moderate)SUSE bug 922220SUSE bug 922221SUSE bug 922222SUSE bug 922223SUSE bug 923142CVE-2014-9140CVE-2015-0261CVE-2015-2153CVE-2015-2154CVE-2015-2155Security update for mercurial (Moderate)openSUSE 13.1
mercurial was updated to fix a command Injection via sshpeer._validaterepo() (CVE-2014-9462, bnc#923070).
(Moderate)SUSE bug 923070CVE-2014-9462Security update for gnutls (Moderate)openSUSE 13.1
gnutls was updated to fix a security issue:
A certificate algorithm consistency checking issue was fixed (CVE-2015-0294).
(Moderate)SUSE bug 919938CVE-2015-0294Security update for freetype2 (Moderate)openSUSE 13.1
freetype2 was updated to fix various vulnerabilities that could lead to crashes or potentially
code execution when parsing fonts.
(Moderate)SUSE bug 916847SUSE bug 916856SUSE bug 916857SUSE bug 916858SUSE bug 916859SUSE bug 916860SUSE bug 916861SUSE bug 916862SUSE bug 916863SUSE bug 916864SUSE bug 916865SUSE bug 916867SUSE bug 916868SUSE bug 916870SUSE bug 916871SUSE bug 916872SUSE bug 916873SUSE bug 916874SUSE bug 916879SUSE bug 916881CVE-2014-9656CVE-2014-9657CVE-2014-9658CVE-2014-9659CVE-2014-9660CVE-2014-9661CVE-2014-9662CVE-2014-9663CVE-2014-9664CVE-2014-9665CVE-2014-9666CVE-2014-9667CVE-2014-9668CVE-2014-9669CVE-2014-9670CVE-2014-9671CVE-2014-9672CVE-2014-9673CVE-2014-9674CVE-2014-9675Security update for rubygem-bundler (Moderate)openSUSE 13.1
rubygem-bunder was updated to fix security vulnerabilities and non-security issues
The following security issues were fixed:
* Hide credentials while warning about gems with ambiguous sources
* Warn when more than one top-level source is present
* Bundler may install gems from a different source than expected (CVE-2013-0334) (bnc#898205)
In addition, rubygem-bundler was udpated to 1.8.4 to fix non-security issues.
(Moderate)SUSE bug 898205CVE-2013-0334Security update for seamonkey (Important)openSUSE 13.1
SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.
The following vulnerabilities were fixed:
* Privilege escalation through SVG navigation (CVE-2015-0818)
* Code execution through incorrect JavaScript bounds checking elimination (CVE-2015-0817)
(Important)SUSE bug 923534CVE-2015-0817CVE-2015-0818Security update for gd (Low)openSUSE 13.1
The graphics drawing library gd was updated to fix one security issue.
The following vulnerability was fixed:
* possible buffer read overflow (CVE-2014-9709)
(Low)SUSE bug 923945CVE-2014-9709Security update for php5 (Moderate)openSUSE 13.1
PHP was updated to fix several security issues.
The following vulnerabilities were fixed:
* A specially crafted GIF file could cause a buffer read overflow in php-gd (CVE-2014-9709 bnc#923946)
* Memory was use after it was freed in PHAR (CVE-2015-2301 bnc#922022)
* heap overflow vulnerability in regcomp.c (CVE-2015-2305 bnc#922452)
* heap buffer overflow in Enchant (CVE-2014-9705 bnc#922451)
For openSUSE 13.2, the following additional vulnerability was fixed:
* A specially crafted zip file could lead to writing past the heap boundary (CVE-2015-2331 bnc#922894)
(Moderate)SUSE bug 922022SUSE bug 922451SUSE bug 922452SUSE bug 922894SUSE bug 923946CVE-2014-9705CVE-2014-9709CVE-2015-2301CVE-2015-2305CVE-2015-2331Security update for libgit2 (Moderate)openSUSE 13.1
libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems.
The following vulnerability was fixed:
* When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands (boo#925040, CVE-2014-9390).
The configuration is uncommon as all default file systems on openSUSE are case sensitive.
Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to backport further critical fixes.
(Moderate)SUSE bug 925040CVE-2014-9390Security update for subversion (Moderate)openSUSE 13.1
Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs.
This release fixes three vulnerabilities:
* Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202)
* Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
* Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)
Non-security fixes:
* fixes number of client and server side non-security bugs
* improved working copy performance
* reduction of resource use
* stability improvements
* usability improvements
* fix sample configuration comments in subversion.conf [boo#916286]
* fix bashisms in mailer-init.sh script
(Moderate)SUSE bug 916286SUSE bug 923793SUSE bug 923794SUSE bug 923795CVE-2015-0202CVE-2015-0248CVE-2015-0251Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (Important)openSUSE 13.1
Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities.
Mozilla Firefox was updated to 37.0.1.
Mozilla Thunderbird was updated to 31.6.0.
mozilla-nspr was updated to 4.10.8 as a dependency.
The following vulnerabilities were fixed in Mozilla Firefox:
* Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392)
* Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393)
* Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32/CVE-2015-0812 bmo#1128126 boo#925394)
* resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395)
* Out of bounds read in QCMS library (MFSA-2015-34/CVE-2015-0811 bmo#1132468 boo#925396)
* Incorrect memory management for simple-type arrays in WebRTC (MFSA-2015-36/CVE-2015-0808 bmo#1109552 boo#925397)
* CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398)
* Memory corruption crashes in Off Main Thread Compositing (MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 bmo#1135511 bmo#1099437 boo#925399)
* Use-after-free due to type confusion flaws (MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (mo#1134560 boo#925400)
* Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401)
* Windows can retain access to privileged content on navigation to unprivileged pages (MFSA-2015-42/CVE-2015-0802 bmo#1124898 boo#925402)
The following vulnerability was fixed in functionality that was not released as an update to openSUSE:
* Certificate verification could be bypassed through the HTTP/2 Alt-Svc header (MFSA 2015-44/CVE-2015-0799 bmo#1148328 bnc#926166)
The functionality added in 37.0 and thus removed in 37.0.1 was:
* Opportunistically encrypt HTTP traffic where the server supports
HTTP/2 AltSvc
The following functionality was added or updated in Mozilla Firefox:
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL
centralized certificate revocation
* some more behaviour changes for TLS
The following vulnerabilities were fixed in Mozilla Thunderbird:
* Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392)
* Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393)
* resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395)
* CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398)
* Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401)
mozilla-nspr was updated to 4.10.8 as a dependency and received the following changes:
* bmo#573192: remove the stack-based PRFileDesc cache.
* bmo#756047: check for _POSIX_THREAD_PRIORITY_SCHEDULING > 0 instead of only checking if the identifier is defined.
* bmo#1089908: Fix variable shadowing in _PR_MD_LOCKFILE. Use PR_ARRAY_SIZE to get the array size of _PR_RUNQ(t->cpu).
* bmo#1106600: Replace PR_ASSERT(!"foo") with PR_NOT_REACHED("foo") to fix clang -Wstring-conversion warnings.
(Important)SUSE bug 925368SUSE bug 925392SUSE bug 925393SUSE bug 925394SUSE bug 925395SUSE bug 925396SUSE bug 925397SUSE bug 925398SUSE bug 925399SUSE bug 925400SUSE bug 925401SUSE bug 925402SUSE bug 926166CVE-2015-0799CVE-2015-0801CVE-2015-0802CVE-2015-0803CVE-2015-0804CVE-2015-0805CVE-2015-0806CVE-2015-0807CVE-2015-0808CVE-2015-0811CVE-2015-0812CVE-2015-0813CVE-2015-0814CVE-2015-0815CVE-2015-0816Security update for quassel (Moderate)openSUSE 13.1
The IRC client quassel was updated to fix two security issues.
The following vulnerabilities were fixed:
* quassel could crash when receiving an overlength CTCP query containing only multibyte characters (bnc#924930 CVE-2015-2778)
* quassel could incorrectly split a message in the middle of a multibyte character, leading to DoS (bnc#924933 CVE-2015-2779)
(Moderate)SUSE bug 924930SUSE bug 924933CVE-2015-2778CVE-2015-2779Security update for php5 (Moderate)openSUSE 13.1
PHP was updated to fix three security issues.
The following vulnerabilities were fixed:
* use-after-free vulnerability in the process_nested_data function (CVE-2015-2787 bnc#924972)
* unserialize SoapClient type confusion (bnc#925109)
* move_uploaded_file truncates a pathNAME upon encountering a x00 character (CVE-2015-2348 bnc#924970)
(Moderate)SUSE bug 924970SUSE bug 924972SUSE bug 925109CVE-2015-2348CVE-2015-2787Security update for potrace (Low)openSUSE 13.1
The bitmap to vector graphic tracing utility potrace was updated to fix one security issue.
The following vulnerability was fixed:
- Very large bitmaps could trigger a buffer overflow, crashing the program and causing denial of service (bsc#924904, CVE-2013-7437)
(Low)SUSE bug 924904CVE-2013-7437Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 41.0.2272.118 to fix two security issues.
The following vulnerabilities were fixed:
* A combination of V8, Gamepad and IPC bugs could lead to remote code execution outside of the sandbox (CVE-2015-1233, boo#925713)
* Buffer overflow via race condition in GPU (CVE-2015-1234, boo#925714) (Important)SUSE bug 925713SUSE bug 925714CVE-2015-1233CVE-2015-1234Security update for flash-player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.429 (bsc#913057):
* APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303,
CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307,
CVE-2015-0308, CVE-2015-0309.
- Disable flash player on machines without SSE2 (bnc#856386).
More information can be found on http://helpx.adobe.com/security/products/flash-player/apsb15-01.html
(Important)SUSE bug 856386SUSE bug 913057CVE-2015-0301CVE-2015-0302CVE-2015-0303CVE-2015-0304CVE-2015-0305CVE-2015-0306CVE-2015-0307CVE-2015-0308CVE-2015-0309Security update for tor (Moderate)openSUSE 13.1
Tor was updated to 0.2.4.27 to fix two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible.
The following security issues were fixed:
* A malicious client could trigger an assertion failure and halt a hidden service. (CVE-2015-2928)
* A client could crash with an assertion failure when parsing a malformed hidden service descriptor. (CVE-2015-2929)
This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks:
* Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. (Moderate)SUSE bug 926097CVE-2015-2928CVE-2015-2929Security update for the Linux Kernel (Important)openSUSE 13.1
The Linux kernel was updated to fix various bugs and security issues.
Following security issues were fixed:
- CVE-2014-8173: A NULL pointer dereference flaw was found in the way the
Linux kernels madvise MADV_WILLNEED functionality handled page table
locking. A local, unprivileged user could have used this flaw to crash
the system.
- CVE-2015-1593: A integer overflow reduced the effectiveness of the
stack randomization on 64-bit systems.
- CVE-2014-7822: A flaw was found in the way the Linux kernels splice()
system call validated its parameters. On certain file systems, a local,
unprivileged user could have used this flaw to write past the maximum
file size, and thus crash the system.
- CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
in the Linux kernel did not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which made
it easier for local users to bypass the ASLR protection mechanism via
a crafted application that reads a TLS base address.
- CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c
in the Linux kernel used an improper paravirt_enabled setting for KVM
guest kernels, which made it easier for guest OS users to bypass the ASLR
protection mechanism via a crafted application that reads a 16-bit value.
- CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux
kernel generated incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allowed remote attackers to bypass intended access restrictions
via packets with disallowed port numbers.
- CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local users to cause
a denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to a
key structure member during garbage collection of a key.
- CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
through did not properly maintain the semantics of rename_lock,
which allowed local users to cause a denial of service (deadlock and
system hang) via a crafted application.
- CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
Linux kernel did not restrict the number of Rock Ridge continuation
entries, which allowed local users to cause a denial of service (infinite
loop, and system crash or hang) via a crafted iso9660 image.
- CVE-2014-9584: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel did not validate a length value
in the Extensions Reference (ER) System Use Field, which allowed local
users to obtain sensitive information from kernel memory via a crafted
iso9660 image.
- CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
Linux kernel did not properly choose memory locations for the vDSO area,
which made it easier for local users to bypass the ASLR protection
mechanism by guessing a location at the end of a PMD.
Following bugs were fixed:
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#920901).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#920901).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#920901).
- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901).
- HID: usbhid: fix PIXART optical mouse (bnc#920901).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901).
- HID: usbhid: add always-poll quirk (bnc#920901).
- storvsc: ring buffer failures may result in I/O freeze (bnc#914175).
- mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled
process being killed (VM Functionality bnc#910150).
- Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).
- mnt: Implicitly add MNT_NODEV on remount when it was implicitly
added by mount (bsc#907988).
- DocBook: Do not exceed argument list limit.
- DocBook: Make mandocs parallel-safe.
- mm: free compound page with correct order (bnc#913695).
- udf: Check component length before reading it.
- udf: Check path length when reading symlink.
- udf: Verify symlink size before loading it.
- udf: Verify i_size when loading inode.
- xfs: remote attribute overwrite causes transaction overrun.
(Important)SUSE bug 903640SUSE bug 904899SUSE bug 907988SUSE bug 909078SUSE bug 910150SUSE bug 911325SUSE bug 911326SUSE bug 912202SUSE bug 912654SUSE bug 912705SUSE bug 913059SUSE bug 913695SUSE bug 914175SUSE bug 915322SUSE bug 917839SUSE bug 920901CVE-2014-7822CVE-2014-8134CVE-2014-8160CVE-2014-8173CVE-2014-8559CVE-2014-9419CVE-2014-9420CVE-2014-9529CVE-2014-9584CVE-2014-9585CVE-2015-1593Security update for Adobe Flash Player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution.
An exploit for CVE-2015-3043 was reported to exist in the wild.
The following vulnerabilities were fixed:
* Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
* Type confusion vulnerability that could lead to code execution (CVE-2015-0356).
* Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
* Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
* Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
* Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
* Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044). (Important)SUSE bug 927089CVE-2015-0346CVE-2015-0347CVE-2015-0348CVE-2015-0349CVE-2015-0350CVE-2015-0351CVE-2015-0352CVE-2015-0353CVE-2015-0354CVE-2015-0355CVE-2015-0356CVE-2015-0357CVE-2015-0358CVE-2015-0359CVE-2015-0360CVE-2015-3038CVE-2015-3039CVE-2015-3040CVE-2015-3041CVE-2015-3042CVE-2015-3043CVE-2015-3044Security update for rubygem-rest-client (Moderate)openSUSE 13.1
rubygem-rest-client was updated to fix one security issue.
The following vulnerability was fixed:
- Application logging of password information in plaintext could have allowed a local attacker to gain access to this information (bnc#917802)
(Moderate)SUSE bug 917802Security update for ntop (Moderate)openSUSE 13.1
The network monitoring tool ntop was updated to fix one security issue.
The following vulnerability was fixed:
- Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting (XSS) attacks against users of the web interface (bsc#882971, CVE-2014-4165)
(Moderate)SUSE bug 882971CVE-2014-4165Security update for icecast (Moderate)openSUSE 13.1
The streaming server icecast was updated to fix a remote denial of service vulnerability.
A remote attacker could crash icecast and cause denial of service when URL Auth is configured and used with stream_auth without credentials (bnc#926402 CVE-2015-3026)
(Moderate)SUSE bug 926402CVE-2015-3026Security update for xen (Important)openSUSE 13.1
Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs.
The following vulnerabilities were fixed:
- Long latency MMIO mapping operations are not preemptible (XSA-125 CVE-2015-2752 bnc#922705)
- Unmediated PCI command register access in qemu (XSA-126 CVE-2015-2756 bnc#922706)
- Hypervisor memory corruption due to x86 emulator flaw (bnc#919464 CVE-2015-2151 XSA-123)
- Information leak through version information hypercall (bnc#918998 CVE-2015-2045 XSA-122)
- Information leak via internal x86 system device emulation (bnc#918995 (CVE-2015-2044 XSA-121)
- HVM qemu unexpectedly enabling emulated VGA graphics backends (bnc#919663 CVE-2015-2152 XSA-119)
- information leakage when guest sets high resolution (bnc#895528 CVE-2014-3615)
The following non-security bugs were fixed:
- L3: XEN blktap device intermittently fails to connect (bnc#919098)
- Problems with detecting free loop devices on Xen guest startup (bnc#903680)
- xentop reports "Found interface vif101.0 but domain 101 does not exist." (bnc#861318)
- Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores (bnc#901488)
- SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)
(Important)SUSE bug 861318SUSE bug 895528SUSE bug 901488SUSE bug 903680SUSE bug 910254SUSE bug 918995SUSE bug 918998SUSE bug 919098SUSE bug 919464SUSE bug 919663SUSE bug 922705SUSE bug 922706CVE-2014-3615CVE-2015-2044CVE-2015-2045CVE-2015-2151CVE-2015-2152CVE-2015-2752CVE-2015-2756Security update for Chromium (Moderate)openSUSE 13.1
Chromium was updated to latest stable release 42.0.2311.90 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-1235: Cross-origin-bypass in HTML parser.
* CVE-2015-1236: Cross-origin-bypass in Blink.
* CVE-2015-1237: Use-after-free in IPC.
* CVE-2015-1238: Out-of-bounds write in Skia.
* CVE-2015-1240: Out-of-bounds read in WebGL.
* CVE-2015-1241: Tap-Jacking.
* CVE-2015-1242: Type confusion in V8.
* CVE-2015-1244: HSTS bypass in WebSockets.
* CVE-2015-1245: Use-after-free in PDFium.
* CVE-2015-1246: Out-of-bounds read in Blink.
* CVE-2015-1247: Scheme issues in OpenSearch.
* CVE-2015-1248: SafeBrowsing bypass.
* CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2015-3333: Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14).
* CVE-2015-3336: fullscreen and UI locking without user confirmeation
* CVE-2015-3335: unspecified impact of crafed programs running in NaCl sandbox
* CVE-2015-3334: "Media: Allowed by you" sometimes not shown in a permissions table
New functionality added:
* A number of new apps, extension and Web Platform APIs (including the Push API!)
* Lots of under the hood changes for stability and performance (Moderate)SUSE bug 927302CVE-2015-1235CVE-2015-1236CVE-2015-1237CVE-2015-1238CVE-2015-1240CVE-2015-1241CVE-2015-1242CVE-2015-1244CVE-2015-1245CVE-2015-1246CVE-2015-1247CVE-2015-1248CVE-2015-1249CVE-2015-3333CVE-2015-3334CVE-2015-3335CVE-2015-3336Security update for socat (Moderate)openSUSE 13.1
socat was updated 1.7.2.4 to fix one security issue and bugs.
The following vulnerabilities were fixed:
* socats PROXY-CONNECT address was vulnerable to a buffer overflow with data from command line (CVE-2014-0019, boo#860991)
The following bugs were fixed:
* socat would frequently crash on ppc and armv7l (boo#927161)
* various other bug fixes in 1.7.2.4 (Moderate)SUSE bug 860991SUSE bug 927161CVE-2014-0019Security update for Mozille Firefox (Moderate)openSUSE 13.1
Mozilla Firefox was updated to 37.0.2 to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-2706 Memory corruption during failed plugin initialization (bmo#1141081 MFSA 2015-45 bnc#928116) (Moderate)Security update for ntp (Moderate)openSUSE 13.1
NTP was updated to fix two security vulnerabilities:
* ntpd could accept unauthenticated packets with symmetric key crypto. (CVE-2015-1798)
* ntpd authentication did not protect symmetric associations against DoS attacks (CVE-2015-1799)
(Moderate)SUSE bug 924202CVE-2015-1798CVE-2015-1799Security update for curl (Moderate)openSUSE 13.1
curl was updated to fix four security issues.
The following vulnerabilities were fixed:
* CVE-2015-3143: curl could re-use NTML authenticateds connections
* CVE-2015-3144: curl could access memory out of bounds with zero length host names
* CVE-2015-3145: curl cookie parser could access memory out of boundary
* CVE-2015-3148: curl could treat Negotiate as not connection-oriented
(Moderate)SUSE bug 927556SUSE bug 927607SUSE bug 927608SUSE bug 927746CVE-2015-3143CVE-2015-3144CVE-2015-3145CVE-2015-3148Security update for util-linux (Moderate)openSUSE 13.1
util-linux was updated to fix a security issue, where local
attackers might be able to execute code as root with a prepared
USB stick (CVE-2014-9114 bsc#907434).
(Moderate)SUSE bug 907434CVE-2014-9114Security update for DirectFB (Important)openSUSE 13.1
DirectFB was updated to fix two security issues.
The following vulnerabilities were fixed:
* CVE-2014-2977: Multiple integer signedness errors could allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
* CVE-2014-2978: Remote attackers could cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
(Important)SUSE bug 878345SUSE bug 878349CVE-2014-2977CVE-2014-2978Security update for wpa_supplicant (Important)openSUSE 13.1
The wireless network encryption and authentication daemon wpa_supplicant was updated to fix a security issue.
The following vulnerability was fixed:
* CVE-2015-1863: A buffer overflow in handling SSIDs in P2P management frames allowed attackers in radio range to crash, expose memory content or potentially execute arbitrary code.
(Important)SUSE bug 927558CVE-2015-1863Security update for php5 (Important)openSUSE 13.1
PHP was updated to fix three security issues.
The following vulnerabilities were fixed:
* CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506)
* CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506)
* CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511)
On openSUSE 13.2, the following bug was fixed:
* boo#927147: php5-fpm did not start correctly (Important)SUSE bug 927147SUSE bug 928408SUSE bug 928506SUSE bug 928511CVE-2015-2783CVE-2015-3329CVE-2015-3330Security update for pcre (Moderate)openSUSE 13.1
The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues.
The following vulnerabilities were fixed:
* CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960)
* CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961]
* CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574]
(Moderate)SUSE bug 906574SUSE bug 924960SUSE bug 924961CVE-2014-8964CVE-2015-2325CVE-2015-2326Security update for Chromium (Moderate)openSUSE 13.1
Chromium was updated to 42.0.2311.135 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-1243: Use-after-free in DOM
* CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. (Moderate)SUSE bug 929075CVE-2015-1243CVE-2015-1250Security update for libssh (Low)openSUSE 13.1
libssh was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3146: Specially crafted packages inserted into a connection could have lead to a client or server process crash via a null pointer dereference. (Low)SUSE bug 928323CVE-2015-3146Security update for curl (Moderate)openSUSE 13.1
curl was updated to 7.42.1 to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies (bnc#928533) (Moderate)SUSE bug 928533CVE-2015-3153Security update for gnu_parallel (Low)openSUSE 13.1
GNU parallel was updated to version 20150422 to fix one security issue, several bugs and add functionality.
The following vulnerability was fixed:
* A local attacker could make a user overwrite one of his own files with a single byte when using --compress, --tmux, --pipe, --cat or --fifo when guessing random file names within a time window of 15 ms. [boo#928664]
In addition, the update to 20150422 adds a number of bug fixes, improvements and new features.
(Low)SUSE bug 928664Security update for dnsmasq (Moderate)openSUSE 13.1
The DNS server dnsmasq was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3294: A remote unauthenticated attacker could have caused a denial of service (DoS) or read heap memory, potentially disclosing information such as performed DNS queries or encryption keys. (bsc#928867)
(Moderate)SUSE bug 928867CVE-2015-3294Security update for libtasn1 (Low)openSUSE 13.1
The ASN.1 parsing library libtasn1 was updated to fix one memory handling issue.
The following vulnerability was fixed:
* CVE-2015-2806: A stack-based buffer overflow in libtasn1 allowed remote attackers to have unspecified impact via unknown vectors. (Low)SUSE bug 924828CVE-2015-2806Security update for qemu (Important)openSUSE 13.1
qemu was updated to fix a security issue:
* CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host.
(Important)SUSE bug 929339CVE-2015-3456Security update for clamav (Moderate)openSUSE 13.1
The ClamAV antivirus engine was updated to version 0.98.7 to fix several security and non-security issues.
The following vulnerabilities were fixed (bsc#929192):
* CVE-2015-2170: Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior.
* CVE-2015-2221: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior.
* CVE-2015-2222: Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior.
* CVE-2015-2668: Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux.
* CVE-2015-2305: Apply upstream patch for possible heap overflow in Henry Spencer's regex library.
The following bugfixes were applyed (bsc#929192):
* Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong.
* Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior.
* Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior.
* Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes.
* Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
* Improve detections within xar/pkg files.
* Improvements to PDF processing: decryption, escape sequence handling, and file property collection.
* Scanning/analysis of additional Microsoft Office 2003 XML format.
(Moderate)SUSE bug 929192CVE-2015-2170CVE-2015-2221CVE-2015-2222CVE-2015-2305CVE-2015-2668Security update for flash-player (Important)openSUSE 13.1 NonFree
The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues.
The following vulnerabilities were fixed (bsc#930677):
* APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078,
CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082,
CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086,
CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090,
CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
More information can be found at the Adobe Security Bulletin APSB15-09:
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
(Important)SUSE bug 930677CVE-2015-3044CVE-2015-3077CVE-2015-3078CVE-2015-3079CVE-2015-3080CVE-2015-3081CVE-2015-3082CVE-2015-3083CVE-2015-3084CVE-2015-3085CVE-2015-3086CVE-2015-3087CVE-2015-3088CVE-2015-3089CVE-2015-3090CVE-2015-3091CVE-2015-3092CVE-2015-3093Security update for MozillaThunderbird (Moderate)openSUSE 13.1
The Mozilla Thunderbird email, news, and chat client was updated to version 31.7.0 to fix several security issues.
The following vulnerabilities were fixed (bnc#930622):
* MFSA 2015-46/CVE-2015-2708 Miscellaneous memory safety hazards
* MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages (Moderate)SUSE bug 930622CVE-2011-3079CVE-2015-0797CVE-2015-2708CVE-2015-2710CVE-2015-2713CVE-2015-2716Security update for MozillaFirefox (Moderate)openSUSE 13.1
The Mozilla Firefox web browser was updated to version 38.0.1 to fix several security and non-security issues.
This update also includes a Mozilla Network Security Services (NSS) update to version 3.18.1.
The following vulnerabilities and issues were fixed:
Changes in Mozilla Firefox:
- update to Firefox 38.0.1
stability and regression fixes
* Systems with first generation NVidia Optimus graphics cards
may crash on start-up
* Users who import cookies from Google Chrome can end up with
broken websites
* Large animated images may fail to play and may stop other
images from loading
- update to Firefox 38.0 (bnc#930622)
* New tab-based preferences
* Ruby annotation support
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
security fixes:
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
Miscellaneous memory safety hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995)
Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
Buffer overflow with SVG content and CSS
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
Referrer policy ignored when links opened by middle-click and
context menu
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
Out-of-bounds read and write in asm.js validation
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
Use-after-free during text processing with vertical text enabled
* MFSA 2015-53/CVE-2015-2715 (bmo#988698)
Use-after-free due to Media Decoder Thread creation during shutdown
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
Buffer overflow when parsing compressed XML
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
Buffer overflow and out-of-bounds read while parsing MP4 video
metadata
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
Untrusted site hosting trusted page can intercept webchannel
responses
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
Privilege escalation through IPC channel messages
Changes in Mozilla NSS:
- update to 3.18.1
* Firefox target release 38
* No new functionality is introduced in this release.
Notable Changes:
* The following CA certificate had the Websites and Code Signing
trust bits restored to their original state to allow more time
to develop a better transition strategy for affected sites:
- OU = Equifax Secure Certificate Authority
* The following CA certificate was removed:
- CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
* The following intermediate CA certificate has been added as
actively distrusted because it was mis-used to issue certificates
for domain names the holder did not own or control:
- CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
* The version number of the updated root CA list has been set
to 2.4
- update to 3.18
* Firefox target release 38
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt (Moderate)SUSE bug 930622CVE-2011-3079CVE-2015-2708CVE-2015-2709CVE-2015-2710CVE-2015-2711CVE-2015-2712CVE-2015-2713CVE-2015-2715CVE-2015-2716CVE-2015-2717CVE-2015-2718Security update for quassel (Moderate)openSUSE 13.1
The distributed IRC client quassel was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3427: The SQL injection fix for CVE-2013-4422 was incomplete (boo#928728)
(Moderate)SUSE bug 928728CVE-2015-3427Security update for libraw (Moderate)openSUSE 13.1
The libraw library was updated to fix one security issue.
The following vulnerability was fixed:
* boo#930683: CVE-2015-3885: dcraw/libraw: input sanitization errors (Moderate)SUSE bug 930683CVE-2015-3885Security update for vsftpd (Low)openSUSE 13.1
This update for vsftpd fixes the following security issue:
- Fixed deny_file parsing to do more what is expected. bnc#900326
(Low)SUSE bug 900326Security update for Wireshark (Moderate)openSUSE 13.1
Wireshark was updated to 1.10.14 to fix three security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-3811: The WCP dissector could crash while decompressing data (wnpa-sec-2015-14)
* CVE-2015-3812: The X11 dissector could leak memory (wnpa-sec-2015-15)
* CVE-2015-3814: The IEEE 802.11 dissector could go into an infinite loop (wnpa-sec-2015-17) (Moderate)SUSE bug 930691CVE-2015-3811CVE-2015-3812CVE-2015-3814Security update for glibc, glibc-testsuite, glibc-utils, glibc.i686 (Moderate)openSUSE 13.1
glibc was updated to fix security issues and bugs:
- Separate internal state between getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007)
- Fix read past end of pattern in fnmatch (bsc#920338, BZ #17062, BZ #18032, BZ #18036)
- Fix buffer overflow in nss_dns (CVE-2015-1781, bsc#927080, BZ #18287)
Also this bug got fixed:
- Simplify handling of nameserver configuration in resolver (bsc#917539)
(Moderate)SUSE bug 917539SUSE bug 918187SUSE bug 920338SUSE bug 927080CVE-2014-8121CVE-2015-1781Security update for GNU parallel (Moderate)openSUSE 13.1
GNU parallel was updated to 20150522 to complete a fix one security issue and augment a fix for another.
The following vulnerabilities were fixed:
* The security issue for --sshlogin + --fifo/--cat has been fixed.
* After further security analysis the issue fixed in 20150422 also fixed the problem for --tmux. (Moderate)SUSE bug 932143Security update for mysql-connector-java (Moderate)openSUSE 13.1
mysql-connector-java was updated to 5.1.35 to fix one security issue and a number of bugs.
The following vulnerability was fixed:
* CVE-2015-2575: Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data.
In addition, mysql-connector-java was updated to 5.1.35 to fix a number of upstream bugs, details of which listed in CHANGES as well as http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html (Moderate)SUSE bug 927981CVE-2015-2575Security Update for openstack-dashboard (Moderate)openSUSE 13.1
OpenStack Dashboard was updated to fix bugs and security issues.
Full changes:
- Update to version horizon-2013.2.5.dev2.g9ee7273:
* fix Horizon login page DOS attack (bnc#908199, CVE-2014-8124)
* update version to 2013.2.5
* Updated from global requirements
* Pin docutils to 0.9.1
* Set python hash seed to 0 in tox.ini
* Check host is not none in each availability zone
* Fix XSS issue with the unordered_list filter (bnc#891815, CVE-2014-3594)
+ 0001-Use-default_project_id-for-v3-users.patch (manually)
* Replace UserManager with None in tests
* Update test-requirements to fix sphinx build_doc
* Fix multiple Cross-Site Scripting (XSS) vulnerabilities
(bnc#885588, CVE-2014-3473, CVE-2014-3474, CVE-2014-3475)
* Fix issues with importing the Login form
Bug 869696 - Admin password injection on Horizon Dashboard is broken.
- Update to version horizon-2013.2.4.dev8.g07c097f:
* Bug fix on neutron's API to return the correct target ID
* Fix display of images in Rebuild Instance
* Get instance networking information from Neutron
* Bump stable/havana next version to 2013.2.4
* Do not release FIP on disassociate action
* Introduces escaping in Horizon/Orchestration
2013.2.3 (bnc#871855, CVE-2014-0157)
- Update to version horizon-2013.2.3.dev8.g3d04c3c:
* Reduce number of novaclient calls
* Don't copy the flavorid when updating flavors
* Allow snapshots of paused and suspended instances
* Fixing tests to work with keystoneclient 0.6.0
* Bump stable/havana next version to 2013.2.3
+ Use upstream URL as source (enables verification)
+ Import translations for Havana 2013.2.2 udpate
- Update to version 2013.2.2.dev29.g96bd650:
+ Update Transifex resource name for havana
+ Fix inappropriate logouts on load-balanced Horizon
- Update to version 2013.2.2.dev25.g6508afd:
+ disable volume creation, when cinder is disabled
+ Bad workflow-steps check: has_required_fields
+ Specify tenant_id when retrieving LBaaS/VPNaaS resource
- Update to version 2013.2.2.dev19.g7a8eadc:
+ Give HealthMonitor a proper display name
- Update to version 2013.2.2.dev17.gaa55b24:
+ Common keystone version fallback
- Move settings.py (default settings) to branding-upstream
subpackage: a branding package might want to change some default
settings.
- add 0001-Common-keystone-version-fallback.patch,
0001-Use-default_project_id-for-v3-users.patch
- Update to version 2013.2.2.dev15.g2b6dfa7:
+ fix help text in "Create An image" window
+ Change how scrollShift is calculated
+ unify keypair name handling
- Add 0001-Give-no-background-color-to-the-pie-charts.patch: do not
give a background color to pie charts.
- Update to version 2013.2.2.dev9.gc6d38a1:
+ Wrong marker sent to keystone
- Update to version 2013.2.2.dev7.g2e11482:
+ Adding management_url to test mock client
- add 0001-Bad-workflow-steps-check-has_required_fields.patch
- Make python-horizon require the 2013.2 version of
python-horizon-branding (and not the 2013.2.xyz version). This
makes it easier to create non-upstream branding; we already do
this for the other branding subpackage.
- Update to version 2013.2.2.dev6.g2c1f1f3:
+ Add check for BlockDeviceMappingV2 nova extension
+ Gracefully handle Users with no email attribute
+ Import install_venv from oslo
+ Bump stable/havana next version to 2013.2.2
- Update to version 2013.2.1.dev41.g9668e80:
+ Updated from global requirements
- put everything under /srv/www/openstack-dashboard
- Update to version 2013.2.1.dev40.g852e5c8:
+ Import translations for Havana 2013.2.1 udpate
+ Deleting statistics tables from resource usage page
+ Allow "Working" in spinner to be translatable
+ lbaas/horizon - adds tcp protocol choice when create lb
+ Fix a bug some optional field in LBaaS are mandatory
+ Fix bug so that escaped html is not shown in volume detach dialog
+ Role name should not be translated in Domain Groups dialog
+ Fix incomplete translation of "Update members" widget
+ Fix translatable string for "Injected File Path Bytes"
+ Add extra extension file to makemessage command line
+ Add contextual markers to BatchAction messages
+ Logging user out after self password change
+ Add logging configuration for iso8601 module
+ Ensure all compute meters are listed in dropdown
+ Fix bug by escaping strings from Nova before displaying them
(bnc#852175, CVE-2013-6858)
- add/use generic openstack-branding provides
- Update to version 2013.2.1.dev9.g842ba5f:
+ Fix default port of MS SQL in security group template
+ Provide missing hover hints for instance:&lt;type&gt; meters
+ translate text: "subnet"/"subnet details"
+ Change "Tenant" to "Project"
+ Avoid discarding precision of metering data
- Use Django's signed_cookies session backend like upstream and drop
the usage of cache_db
- No need to set SECRET_KEY anymore, upstream learned it too
python-django_openstack_auth was updated to 1.1.3:
- Various i18n fixes
- Revoke tokens when logging out or changing the tenant
- Run tests locally, therefore merge test package back into main
- Properly build HTML documentation and install it
- Add pt_BR locale
- Updated (build) requirements
- Add django_openstack_auth-hacking-requires.patch: hacking dep is nonsense
- include tests runner
- add -test subpackage
(Moderate)SUSE bug 852175SUSE bug 869696SUSE bug 871855SUSE bug 885588SUSE bug 891815SUSE bug 908199CVE-2013-6858CVE-2014-0157CVE-2014-3473CVE-2014-3474CVE-2014-3475CVE-2014-3594CVE-2014-8124Security update for Chromium (Moderate)openSUSE 13.1
Chromium was updated to 43.0.2357.65 to fix security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2015-1251: Use-after-free in Speech (boo#931659)
- CVE-2015-1252: Sandbox escape in Chrome (boo#931671)
- CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)
- CVE-2015-1254: Cross-origin bypass in Editing (boo#931669)
- CVE-2015-1255: Use-after-free in WebAudio (boo#931674)
- CVE-2015-1256: Use-after-free in SVG (boo#931664)
- CVE-2015-1257: Container-overflow in SVG (boo#931665)
- CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666)
- CVE-2015-1259: Uninitialized value in PDFium (boo#931667)
- CVE-2015-1260: Use-after-free in WebRTC (boo#931668)
- CVE-2015-1261: URL bar spoofing (boo#931673)
- CVE-2015-1262: Uninitialized value in Blink (boo#931672)
- CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663)
- CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661)
- CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660)
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21) (Moderate)SUSE bug 931659SUSE bug 931660SUSE bug 931661SUSE bug 931663SUSE bug 931664SUSE bug 931665SUSE bug 931666SUSE bug 931667SUSE bug 931668SUSE bug 931669SUSE bug 931670SUSE bug 931671SUSE bug 931672SUSE bug 931673SUSE bug 931674CVE-2015-1251CVE-2015-1252CVE-2015-1253CVE-2015-1254CVE-2015-1255CVE-2015-1256CVE-2015-1257CVE-2015-1258CVE-2015-1259CVE-2015-1260CVE-2015-1261CVE-2015-1262CVE-2015-1263CVE-2015-1264CVE-2015-1265Security update for xen (Important)openSUSE 13.1
The XEN hypervisor was updated to fix two security issues:
- Fixed a buffer overflow in the floppy drive emulation, which could be
used to denial of service attacks or potential code execution against
the host. (CVE-2015-3456)
- Xen did not initialize certain fields, which allowed certain
remote service domains to obtain sensitive information from memory
via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist
request. (CVE-2015-3340)
(Important)SUSE bug 927967SUSE bug 929339CVE-2015-3340CVE-2015-3456Security update for nbd (Moderate)openSUSE 13.1
- Fix CVE-2013-7441 (boo#931987)
* CVE-2013-7441.patch
- Fix CVE-2015-0847 (boo#930173)
* nbd_signaling_CVE-2015-0847.patch
(Moderate)SUSE bug 930173SUSE bug 931987CVE-2013-7441CVE-2015-0847Security update for php5 (Moderate)openSUSE 13.1
php5 was updated to fix four security issues.
The following vulnerabilities were fixed:
* CVE-2015-4024: Multipart/form-data remote dos Vulnerability (bnc#931421)
* CVE-2015-4026: pcntl_exec() does not check path validity (bnc#931776)
* CVE-2015-4022: overflow in ftp_genlist() resulting in heap overflow (bnc#931772)
* CVE-2015-4021: memory corruption in phar_parse_tarfile when entry filename starts with NULL (bnc#931769)
(Moderate)SUSE bug 931421SUSE bug 931769SUSE bug 931772SUSE bug 931776CVE-2015-4021CVE-2015-4022CVE-2015-4024CVE-2015-4026Security update for MozillaFirefox (Important)openSUSE 13.1
MozillaFirefox was updated to version 35.0 (bnc#910669)
Notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)
Security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)
(Important)SUSE bug 908892SUSE bug 910669CVE-2014-8634CVE-2014-8635CVE-2014-8636CVE-2014-8637CVE-2014-8638CVE-2014-8639CVE-2014-8640CVE-2014-8641CVE-2014-8642CVE-2014-8643Security update for e2fsprogs (Moderate)openSUSE 13.1
e2fsprogs was updated to fix two security issues.
The following vulnerabilities were fixed:
* CVE-2015-1572: A local user could have executed arbitrary code by causing a crafted block group descriptor to be marked as dirty. Completes fix for CVE-2015-0247. (boo#918346)
* CVE-2015-0247: A local user could have executed arbitrary code via crafted block group descriptor data in a filesystem image. (boo#915402)
(Moderate)SUSE bug 915402SUSE bug 918346CVE-2015-0247CVE-2015-1572Security update for fuse (Moderate)openSUSE 13.1
* Update to version 2.9.4
- fix exec environment for mount and umount (bsc#931452,
CVE-2015-3202)
- properly restore the default signal handler
- fix directory file handle passed to ioctl() method.
- fix for uids/gids larger than 2147483647
- initialize stat buffer passed to getattr() and fgetattr()
(Moderate)SUSE bug 931452CVE-2015-3202Security update for zeromq (Moderate)openSUSE 13.1
zeromq was updated to fix one security issue and two non-security bugs.
The following vulnerabilities were fixed:
* CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol (boo#931978)
The following bugs were fixed:
* boo#912460: avoid curve test to hang for ppc ppc64 ppc64le architectures
* boo#907584: zeromq package could not be updated due to a file conflict, split tools into a separate subpackage
(Moderate)SUSE bug 907584SUSE bug 912460SUSE bug 931978CVE-2014-9721Security update for proftpd (Moderate)openSUSE 13.1
The ftp server ProFTPD was updated to 1.3.5a to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3306: Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy (boo#927290)
In addition, proftpd was updated to 1.3.5a to fix a number of upstream bugs and improve functionality.
(Moderate)SUSE bug 927290CVE-2013-4359CVE-2015-3306Recommended update for wpa_supplicant (Moderate)openSUSE 13.1
wpa_supplicant was updated to fix three security issues.
The following vulnerabilities were fixed:
CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding (boo#930077)
CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing (boo#930078)
CVE-2015-4143: EAP-pwd missing payload length validation (boo#930079)
(Moderate)SUSE bug 930077SUSE bug 930078SUSE bug 930079CVE-2015-4141CVE-2015-4142CVE-2015-4143Security update for Adobe Flash Player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues.
The following vulnerabilities were fixed:
* CVE-2015-3096: bypass for CVE-2014-5333
* CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure
* CVE-2015-3099: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure
* CVE-2015-3100: stack overflow vulnerability that could lead to code execution
* CVE-2015-3102: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure
* CVE-2015-3103: use-after-free vulnerabilities that could lead to code execution
* CVE-2015-3104: integer overflow vulnerability that could lead to code execution
* CVE-2015-3105: memory corruption vulnerability that could lead to code execution
* CVE-2015-3106: use-after-free vulnerabilities that could lead to code execution
* CVE-2015-3107: use-after-free vulnerabilities that could lead to code execution
* CVE-2015-3108: memory leak vulnerability that could be used to bypass ASLR (Important)SUSE bug 934088CVE-2015-3096CVE-2015-3098CVE-2015-3099CVE-2015-3100CVE-2015-3102CVE-2015-3103CVE-2015-3104CVE-2015-3105CVE-2015-3106CVE-2015-3107CVE-2015-3108Security update for python-setuptools (Moderate)openSUSE 13.1
Python-setup tools was updated to fix one security issues.
The following vulnerability was fixed:
* non-RFC6125-compliant host name matching - substring wildcard should not match IDNA prefix (booc#930189)
(Moderate)SUSE bug 930189Security update for tidy (Moderate)openSUSE 13.1
Tidy was updated to fix one security issue.
The following vulnerability was fixed:
* A heap-based buffer overflow in tidy could have unspecified impact when processing user-supplied input.
(Moderate)SUSE bug 933588Security update for cups (Critical)openSUSE 13.1
This update fixes the following issues:
- CVE-2015-1158 and CVE-2015-1159
fixes a possible privilege escalation via cross-site scripting
and bad print job submission used to replace cupsd.conf on server
(CUPS STR#4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159
bugzilla.suse.com bsc#924208).
In general it is crucial to limit access to CUPS to trustworthy
users who do not misuse their permission to submit print jobs
which means to upload arbitrary data onto the CUPS server, see
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
and cf. the entries about CVE-2012-5519 below.
(Critical)SUSE bug 924208CVE-2012-5519CVE-2015-1158CVE-2015-1159Security update for php5 (Moderate)openSUSE 13.1
PHP was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-4148: A type confusion flay in SoapClient could lead to information disclosure [bnc#933227]
(Moderate)SUSE bug 933227CVE-2015-4148Security update for dpkg, update-alternatives (Moderate)openSUSE 13.1
dpkg and update-alternatives were updated to 1.16.16 to fix one security issue and severan non-security bugs.
The following vulnerabilities were fixed:
* CVE-2015-0840: Specially crafted deb packages could have been used to bypass source package integrity verification in local installs (boo#926749)
Also contains a number of upstream bugs and improvements.
(Moderate)SUSE bug 926749CVE-2015-0840Security update for strongswan (Moderate)openSUSE 13.1
strongswan was updated to fix a rogue servers vulnerability, that may
enable rogue servers able to authenticate itself with certificate
issued by any CA the client trusts, to gain user credentials from
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
More information can be found on https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%28cve-2015-4171%29.html
(Moderate)SUSE bug 933591CVE-2015-4171Security update for busybox (Moderate)openSUSE 13.1
Busybox was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2014-9645: fixed a potential modprobe filter bypassing rule by filtering / (boo#914660) (Moderate)SUSE bug 914660CVE-2014-9645Security update for xen (Important)openSUSE 13.1
Xen was updated to fix eight vulnerabilities.
The following vulnerabilities were fixed:
* CVE-2015-2751: Certain domctl operations may be abused to lock up the host (XSA-127 boo#922709)
* CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (boo#931625)
* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (boo#931626)
* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (boo#931627)
* CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (boo#931628)
* CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (boo#932790)
* CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (boo#932770)
* CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996) (Important)SUSE bug 922709SUSE bug 931625SUSE bug 931626SUSE bug 931627SUSE bug 931628SUSE bug 932770SUSE bug 932790SUSE bug 932996CVE-2015-2751CVE-2015-3209CVE-2015-4103CVE-2015-4104CVE-2015-4105CVE-2015-4106CVE-2015-4163CVE-2015-4164Security update for cgit (Moderate)openSUSE 13.1
The git web frontend cgit was updated to 0.11.2 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems in git. Malicious commits could affect client users on all platforms using case-insensitive file systems when using vulnerable git versions.
In addition cgit was updated to 0.11.2 with minor improvements and bug fixes.
The embedded git version was updated to 2.4.3. (Moderate)SUSE bug 910756CVE-2014-9390Security update for libwmf (Moderate)openSUSE 13.1
libwmf was updated to fix three security issues and one non-security bug.
The following vulnerabilities were fixed:
* CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges. (boo#933109)
* CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)
* CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf allowed context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. (boo#495842, boo#831299)
The following non-security bug was fixed:
* boo#892356: Make libwmf-tools not depend on libwmf-devel (Moderate)SUSE bug 495842SUSE bug 831299SUSE bug 892356SUSE bug 933109CVE-2009-1364CVE-2015-0848CVE-2015-4588Security update for cacti (Moderate)openSUSE 13.1
cacti was updated to 0.8.8d to fix multiple security issues and bugs.
The following vulnerabilities were fixed:
* SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
* Cacti Cross-Site Scripting Vulnerability Notification [FG-VD-15-017]
* SQL Injection and Location header injection from cdef id CVE-2015-4342
* SQL injection in graph templates
Also contains bug fixes in the upstream 0.8.8d release.
(Moderate)SUSE bug 934187CVE-2015-4342Security update for curl (Moderate)openSUSE 13.1
Curl was updated to fix two security issues and enable metalink support
The following vulnerabilities were fixed:
* CVE-2015-3236: libcurl could have wrongly send HTTP credentials when re-using connections (boo#934501)
* CVE-2015-3237: libcurl could have been tricked by a malicious SMB server to send off data it did not intend to (boo#934502)
The following feature was enabled:
* boo#851126: enable metalink support. (Moderate)SUSE bug 851126SUSE bug 934501SUSE bug 934502CVE-2015-3236CVE-2015-3237Security update for openssl (Important)openSUSE 13.1
openssl was updated to fix six security issues.
The following vulnerabilities were fixed:
* CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. (boo#931698)
* CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487)
* CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489)
* CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491)
* CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493)
* CVE-2015-1791: race condition in NewSessionTicket (boo#933911)
* CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898) (Important)SUSE bug 931698SUSE bug 933898SUSE bug 933911SUSE bug 934487SUSE bug 934489SUSE bug 934491SUSE bug 934493SUSE bug 934494CVE-2015-1788CVE-2015-1789CVE-2015-1790CVE-2015-1791CVE-2015-1792CVE-2015-3216CVE-2015-4000Security update for chromium (Moderate)openSUSE 13.1
chromium was updated to 43.0.2357.130 to fix several security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-1266: Scheme validation error in WebUI
* CVE-2015-1268: Cross-origin bypass in Blink
* CVE-2015-1267: Cross-origin bypass in Blink
* CVE-2015-1269: Normalization error in HSTS/HPKP preload list
* boo#935022: Prevent Chromium from downloading a binary blob for speech recognition
Contains the following non-security changes:
* resolved browser font magnification/scaling issue.
* Fixed an issue where sometimes a blank page would print
* Icons not displaying properly on Linux
(Moderate)SUSE bug 935022SUSE bug 935723CVE-2015-1266CVE-2015-1267CVE-2015-1268CVE-2015-1269Security update for Adobe Flash Player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.468 to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3113: A heap buffer overflow vulnerability could have allowed code execution (bsc#935701, APSB15-14) (Important)SUSE bug 935701CVE-2015-3113Security update for p7zip (Moderate)openSUSE 13.1
p7zip was update to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-1038: Attackers could have written to arbitrary files via a symlink attack in a specially crafted archive (boo#912878) (Moderate)SUSE bug 912878CVE-2015-1038Security update for rubygem-RedCloth (Moderate)openSUSE 13.1
rubygem-RedCloth was updated to fix one security issue.
The following vulnerability was fixed:
CVE-2012-6684: A cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a javascript: URI (boo#912212)
(Moderate)SUSE bug 912212CVE-2012-6684Security update for phpMyAdmin (Moderate)openSUSE 13.1
phpMyAdmin was updated to 4.2.13.3 to fix three security issues.
The following vulnerabilities were fixed:
* CVE-2015-3902: CSRF vulnerability in setup (PMASA-2015-2, boo#930992)
* CVE-2015-3903: Vulnerability allowing man-in-the-middle attack (PMASA-2015-3, boo#930993)
* CVE-2015-2206: Risk of BREACH attack (PMASA-2015-1, boo#920773)
Also contains all upstream bug fixes in the 4.2.13 branch. (Moderate)SUSE bug 920773SUSE bug 930992SUSE bug 930993CVE-2015-2206CVE-2015-3902CVE-2015-3903Security update for php5 (Important)openSUSE 13.1
The PHP script interpreter was updated to receive various security fixes:
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.
(Important)SUSE bug 935224SUSE bug 935225SUSE bug 935226SUSE bug 935227SUSE bug 935232SUSE bug 935234SUSE bug 935274SUSE bug 935275CVE-2015-3411CVE-2015-3412CVE-2015-4598CVE-2015-4599CVE-2015-4600CVE-2015-4601CVE-2015-4602CVE-2015-4603CVE-2015-4604CVE-2015-4605CVE-2015-4643CVE-2015-4644Security update for flash-player (Critical)openSUSE 13.1 NonFree
flash-player was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5119: Unspecified vulnerability allowing remote attackers to take over the system (bsc#937339).
(Critical)SUSE bug 937339CVE-2015-5119Security update for mysql-community-server (Moderate)openSUSE 13.1
mysql-community-server was updated to version 5.6.25 to fix one security issue.
This security issue was fixed:
* CVE-2015-4000: Logjam Attack: mysql uses 512 bit dh groups in SSL (bsc#934789).
For other changes and details please check
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html
(Moderate)SUSE bug 934789CVE-2015-4000Security update for tiff (Moderate)openSUSE 13.1
tiff was updated to version 4.0.4 to fix six security issues found by fuzzing initiatives.
These security issues were fixed:
- CVE-2014-8127: Out-of-bounds write (bnc#914890).
- CVE-2014-9655: Access of uninitialized memory (bnc#916927).
- CVE-2014-8130: Out-of-bounds write (bnc#914890).
- CVE-2015-1547: Use of uninitialized memory in NeXTDecode (bnc#916925).
- CVE-2014-8129: Out-of-bounds write (bnc#914890).
- CVE-2014-8128: Out-of-bounds write (bnc#914890).
(Moderate)SUSE bug 914890SUSE bug 916925SUSE bug 916927CVE-2014-8127CVE-2014-8128CVE-2014-8129CVE-2014-8130CVE-2014-9655CVE-2015-1547Security update for libwmf (Moderate)openSUSE 13.1
libwmf was updated to fix four security issues.
These security issues were fixed:
- CVE-2015-4588: Heap overflow (bnc#933109).
- CVE-2015-4696: Use after free (bnc#936062).
- CVE-2015-4695: Heap buffer over read (bnc#936058).
- CVE-2015-0848: Heap overflow (bnc#933109).
(Moderate)SUSE bug 933109SUSE bug 936058SUSE bug 936062CVE-2015-0848CVE-2015-4588CVE-2015-4695CVE-2015-4696Security update for MariaDB (Important)openSUSE 13.1
MariaDB was updated to its current minor version, fixing bugs and security issues.
These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work
with client software that no longer allows short DH groups over SSL, as e.g.
our current openssl packages.
On openSUSE 13.1, MariaDB was updated to 5.5.44.
On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.
Please read the release notes of MariaDB
https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/
for more information.
(Important)SUSE bug 859345SUSE bug 914370SUSE bug 924663SUSE bug 934789SUSE bug 936407SUSE bug 936408SUSE bug 936409CVE-2014-6464CVE-2014-6469CVE-2014-6491CVE-2014-6494CVE-2014-6496CVE-2014-6500CVE-2014-6507CVE-2014-6555CVE-2014-6559CVE-2014-6568CVE-2014-8964CVE-2015-0374CVE-2015-0381CVE-2015-0382CVE-2015-0411CVE-2015-0432CVE-2015-0433CVE-2015-0441CVE-2015-0499CVE-2015-0501CVE-2015-0505CVE-2015-2325CVE-2015-2326CVE-2015-2568CVE-2015-2571CVE-2015-2573CVE-2015-3152CVE-2015-4000Update for gnu-efi, pesign, shim (Moderate)openSUSE 13.1
shim was updated to fix several security issues.
- OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675).
- Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676).
- Memory corruption when processing user provided MOK lists (CVE-2014-3677).
More information is available at https://bugzilla.novell.com/show_bug.cgi?id=889332
To enable this update gnu-efi was updated to 3.0u and pesign to version 0.109
(Moderate)SUSE bug 798043SUSE bug 807760SUSE bug 808106SUSE bug 813079SUSE bug 813448SUSE bug 841426SUSE bug 863205SUSE bug 866690SUSE bug 867974SUSE bug 872503SUSE bug 873857SUSE bug 875385SUSE bug 877003SUSE bug 889332SUSE bug 889765Security update for MozillaFirefox, mozilla-nss (Important)openSUSE 13.1
MozillaFirefox was updated to version 39.0 to fix 21 security issues.
These security issues were fixed:
- CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979).
- CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs (bsc#935979).
- CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).
- CVE-2015-2729: Out-of-bound read while computing an oscillator rendering range in Web Audio (bsc#935979).
- CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (bsc#935979).
- CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979).
- CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979).
- CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979).
- CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (bsc#935979).
- CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).
- CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935979).
- CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979).
New features:
- Share Hello URLs with social networks
- Support for 'switch' role in ARIA 1.1 (web accessibility)
- SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
- Support for new Unicode 8.0 skin tone emoji
- Removed support for insecure SSLv3 for network communications
- Disable use of RC4 except for temporarily whitelisted hosts
- NPAPI Plug-in performance improved via asynchronous initialization
mozilla-nss was updated to version 3.19.2 to fix some of the security issues listed above.
(Important)SUSE bug 932142SUSE bug 933439SUSE bug 935979CVE-2015-2721CVE-2015-2722CVE-2015-2724CVE-2015-2725CVE-2015-2726CVE-2015-2727CVE-2015-2728CVE-2015-2729CVE-2015-2730CVE-2015-2731CVE-2015-2733CVE-2015-2734CVE-2015-2735CVE-2015-2736CVE-2015-2737CVE-2015-2738CVE-2015-2739CVE-2015-2740CVE-2015-2741CVE-2015-2743CVE-2015-4000Security update for flash-player (Critical)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.438 to fix one security isssue.
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
(APSB15-02, CVE-2015-0310)
(Critical)SUSE bug 914333CVE-2015-0310Security update for roundcubemail (Low)openSUSE 13.1
roundcubemail was updated to version 1.0.6 to fix many minor bugs and three security issues.
The following vulnerabilities were fixed:
* CVE-2015-2180: security improvement in DBMail driver of password plugin (shell execution)
* CVE-2015-2181: security improvement in DBMail driver of password plugin (multiple buffer overflows)
* security improvement in contact photo handling (Low)CVE-2015-2180CVE-2015-2181Security update for libunwind (Low)openSUSE 13.1
libunwind was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3239: Off-by-one in dwarf_to_unw_regnum() (bsc#936786).
(Low)SUSE bug 936786CVE-2015-3239Security update for bind (Moderate)openSUSE 13.1
bind was updated to fix three security issues.
These security issues were fixed:
- CVE-2015-1349: named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330).
- CVE-2014-8500: ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 did not limit delegation chaining, which allowed remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals (bsc#908994).
- CVE-2015-4620: Resolver crash when validating (bsc#936476).
(Moderate)SUSE bug 908994SUSE bug 918330SUSE bug 936476SUSE bug 937028CVE-2014-8500CVE-2015-1349CVE-2015-4620Security update for MozillaThunderbird (Important)openSUSE 13.1
MozillaThunderbird was updated to fix 20 security issues.
These security issues were fixed:
- CVE-2015-2727: Mozilla Firefox 38.0 and Firefox ESR 38.0 allowed user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression (bsc#935979).
- CVE-2015-2725: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#935979).
- CVE-2015-2736: The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allowed remote attackers to have an unspecified impact via a crafted ZIP archive (bsc#935979).
- CVE-2015-2724: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#935979).
- CVE-2015-2730: Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, did not properly perform Elliptical Curve Cryptography (ECC) multiplications, which made it easier for remote attackers to spoof ECDSA signatures via unspecified vectors (bsc#935979).
- CVE-2015-2743: PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allowed remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass (bsc#935979).
- CVE-2015-2740: Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allowed remote attackers to cause a denial of service or have unspecified other impact via unknown vectors (bsc#935979).
- CVE-2015-2741: Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allowed user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled (bsc#935979).
- CVE-2015-2728: The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue (bsc#935979).
- CVE-2015-2729: The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 did not properly calculate an oscillator rendering range, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors (bsc#935979).
- CVE-2015-2739: The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors (bsc#935979).
- CVE-2015-2738: The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979).
- CVE-2015-2737: The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979).
- CVE-2015-2721: Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, did not properly determine state transitions for the TLS state machine, which allowed man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue (bsc#935979).
- CVE-2015-2735: nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allowed remote attackers to have an unspecified impact via a crafted ZIP archive (bsc#935979).
- CVE-2015-2734: The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979).
- CVE-2015-2733: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allowed remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker (bsc#935979).
- CVE-2015-2722: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allowed remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker (bsc#935979).
- CVE-2015-2731: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy (bsc#935979).
- CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue (bsc#931600).
(Important)SUSE bug 931600SUSE bug 935979CVE-2015-2721CVE-2015-2722CVE-2015-2724CVE-2015-2725CVE-2015-2727CVE-2015-2728CVE-2015-2729CVE-2015-2730CVE-2015-2731CVE-2015-2733CVE-2015-2734CVE-2015-2735CVE-2015-2736CVE-2015-2737CVE-2015-2738CVE-2015-2739CVE-2015-2740CVE-2015-2741CVE-2015-2743CVE-2015-4000Security update for Adobe Flash Player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.491 to fix two security issues.
The following vulnerabilities were fixed:
* CVE-2015-5122: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation.
* CVE-2015-5123: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation. (Important)SUSE bug 937752CVE-2015-5122CVE-2015-5123Security update for libidn (Moderate)openSUSE 13.1
libidn was updated to version 1.31 to fix one security issue.
This security issue was fixed:
- CVE-2015-2059: Out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241).
(Moderate)SUSE bug 923241CVE-2015-2059Security update for rubygem-rack (Moderate)openSUSE 13.1
rubygem-rack was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Potential Denial of Service Vulnerability in Rack (bsc#934797).
(Moderate)SUSE bug 934797CVE-2015-3225Security update for rubygem-rack-1_3 (Moderate)openSUSE 13.1
rubygem-rack-1_3 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Potential Denial of Service Vulnerability in Rack (bsc#934797).
(Moderate)SUSE bug 934797CVE-2015-3225Security update for dbus-1 (Moderate)openSUSE 13.1
This update fixes the following security issues:
* CVE-2014-8148:
- Do not allow calls to UpdateActivationEnvironment from uids
other than the uid of the dbus-daemon. If a system service
installs unsafe security policy rules that allow arbitrary
method calls (such as CVE-2014-8148) then this prevents
memory consumption and possible privilege escalation via
UpdateActivationEnvironment.
* CVE-2012-3524: Don't access environment variables (bnc#912016)
(Moderate)SUSE bug 912016CVE-2012-3524CVE-2014-8148Security update for rubygem-rack-1_4 (Moderate)openSUSE 13.1
rubygem-rack-1_4 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Potential Denial of Service Vulnerability in Rack (bsc#934797).
(Moderate)SUSE bug 934797CVE-2015-3225Security update for rubygem-jquery-rails (Moderate)openSUSE 13.1
rubygem-jquery-rails was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-1840: CSRF Vulnerability in jquery-ujs and jquery-rails (bsc#934795).
(Moderate)SUSE bug 934795CVE-2015-1840Security update for libcryptopp (Moderate)openSUSE 13.1
libcryptopp was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 did not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allowed remote attackers to obtain private keys via a timing attack (bsc#936435).
(Moderate)SUSE bug 936435CVE-2015-2141Security update for pdns, pdns-recursor (Moderate)openSUSE 13.1
pdns, pdns-recursor were updated to fix two security issues.
These security issues were fixed:
- CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allowed remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself (bsc#927569).
- CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569).
(Moderate)SUSE bug 927569CVE-2015-1868CVE-2015-5470Security update for rubygem-activesupport-3_2 (Moderate)openSUSE 13.1
rubygem-activesupport-3_2 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800).
(Moderate)SUSE bug 934800CVE-2015-3227Security update for cacti (Moderate)openSUSE 13.1
Cacti was updated to 0.8.8e to fix several security issues.
The following vulnerabilities were fixed:
* Multiple XSS and SQL injection vulnerabilities [boo#937997]
* CVE-2015-4634: SQL injection in graphs.php [boo#937997]
In addition, this update contains upstream bug fixes.
(Moderate)SUSE bug 937997CVE-2015-4634Security update for java-1_7_0-openjdk (Important)openSUSE 13.1
OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data.
* CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
* CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
* CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data.
* CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data.
* CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
* CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
* CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS).
* CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. (Important)SUSE bug 937828SUSE bug 938248CVE-2015-2590CVE-2015-2596CVE-2015-2597CVE-2015-2601CVE-2015-2613CVE-2015-2619CVE-2015-2621CVE-2015-2625CVE-2015-2627CVE-2015-2628CVE-2015-2632CVE-2015-2637CVE-2015-2638CVE-2015-2664CVE-2015-2808CVE-2015-4000CVE-2015-4729CVE-2015-4731CVE-2015-4732CVE-2015-4733CVE-2015-4736CVE-2015-4748CVE-2015-4749CVE-2015-4760Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 44.0.2403.89 to fix multiple security issues.
The following vulnerabilities were fixed:
* CVE-2015-1271: Heap-buffer-overflow in pdfium
* CVE-2015-1273: Heap-buffer-overflow in pdfium
* CVE-2015-1274: Settings allowed executable files to run immediately after download
* CVE-2015-1275: UXSS in Chrome for Android
* CVE-2015-1276: Use-after-free in IndexedDB
* CVE-2015-1279: Heap-buffer-overflow in pdfium
* CVE-2015-1280: Memory corruption in skia
* CVE-2015-1281: CSP bypass
* CVE-2015-1282: Use-after-free in pdfium
* CVE-2015-1283: Heap-buffer-overflow in expat
* CVE-2015-1284: Use-after-free in blink
* CVE-2015-1286: UXSS in blink
* CVE-2015-1287: SOP bypass with CSS
* CVE-2015-1270: Uninitialized memory read in ICU
* CVE-2015-1272: Use-after-free related to unexpected GPU process termination
* CVE-2015-1277: Use-after-free in accessibility
* CVE-2015-1278: URL spoofing using pdf files
* CVE-2015-1285: Information leak in XSS auditor
* CVE-2015-1288: Spell checking dictionaries fetched over HTTP
* CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives
* CVE-2015-5605: Rgular-expression implementation mishandles interrupts, DoS via JS
The following non-security changes are included:
* A number of new apps/extension APIs
* Lots of under the hood changes for stability and performance
* Pepper Flash plugin updated to 18.0.0.209 (Important)SUSE bug 939077CVE-2015-1270CVE-2015-1271CVE-2015-1272CVE-2015-1273CVE-2015-1274CVE-2015-1275CVE-2015-1276CVE-2015-1277CVE-2015-1278CVE-2015-1279CVE-2015-1280CVE-2015-1281CVE-2015-1282CVE-2015-1283CVE-2015-1284CVE-2015-1285CVE-2015-1286CVE-2015-1287CVE-2015-1288CVE-2015-1289CVE-2015-5605Security update for wireshark (Moderate)openSUSE 13.1
This update fixes the following security issues:
+ The WCCP dissector could crash
wnpa-sec-2015-01 CVE-2015-0559 CVE-2015-0560 [boo#912365]
+ The LPP dissector could crash.
wnpa-sec-2015-02 CVE-2015-0561 [boo#912368]
+ The DEC DNA Routing Protocol dissector could crash.
wnpa-sec-2015-03 CVE-2015-0562 [boo#912369]
+ The SMTP dissector could crash.
wnpa-sec-2015-04 CVE-2015-0563 [boo#912370]
+ Wireshark could crash while decypting TLS/SSL sessions.
wnpa-sec-2015-05 CVE-2015-0564 [boo#912372]
(Moderate)SUSE bug 912365SUSE bug 912368SUSE bug 912369SUSE bug 912370SUSE bug 912372CVE-2015-0559CVE-2015-0560CVE-2015-0561CVE-2015-0562CVE-2015-0563CVE-2015-0564Security update for lxc (Moderate)openSUSE 13.1
lxc was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc (bnc#938523)
(Moderate)SUSE bug 938523CVE-2015-1334Security update for openldap2 (Moderate)openSUSE 13.1
OpenLDAP was updated to fix two security issues and one bug.
The following vulnerabilities were fixed:
* CVE-2015-1546: slapd crash in valueReturnFilter cleanup (bnc#916914)
* CVE-2015-1545: slapd crashes on search with deref control and empty attr list (bnc#916897)
The following non-security bug was fixed:
* boo#905959: Prevent connection-0 (internal connection) from show up in the monitor backend
(Moderate)SUSE bug 905959SUSE bug 916897SUSE bug 916914CVE-2015-1545CVE-2015-1546Security update for otrs (Moderate)openSUSE 13.1
This update fixes the following issue:
CVE-2014-9324: The GenericInterface in OTRS Help Desk access-control problems (bnc#910988)
(Moderate)SUSE bug 910988CVE-2014-9324Security update for bind (Important)openSUSE 13.1
bind was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5477: Remote DoS via TKEY queries (boo#939567)
Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.
(Important)SUSE bug 939567CVE-2015-5477Security update for gpsm (Low)openSUSE 13.1
gpsm was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2013-2038: Denial of service by a remote attacker via specially crafted packages (boo#818136) (Low)SUSE bug 818136CVE-2013-2038Security update for php5 (Moderate)openSUSE 13.1
PHP was updated to fix two security issues.
The following vulnerabilities were fixed:
* CVE-2015-5589: PHP could be crashed when processing an invalid file with the "phar" extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (boo#938721)
* CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (boo#938719)
(Moderate)SUSE bug 938719SUSE bug 938721CVE-2015-5589CVE-2015-5590Security update for ghostscript (Low)openSUSE 13.1
Ghostscript was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3228: Specially crafted files could have caused an interger overflow, resulting in a crash of the application or unspecified other impact (bsc#939342) (Low)SUSE bug 939342CVE-2015-3228Security update for strongswan (Moderate)openSUSE 13.1
This update fixes the following security issues:
- denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
- Applied an upstream patch reverting to store algorithms in the
registration order again as ordering them by identifier caused
weaker algorithms to be proposed first by default (bsc#897512).
(Moderate)SUSE bug 897048SUSE bug 897512SUSE bug 910491CVE-2014-9221Security update for gnutls (Moderate)openSUSE 13.1
- fix for CVE-2015-3622 in bundled libtasn1 (bsc#929414)
* invalid read in octet string
* added gnutls-CVE-2015-3622.patch
- fix for GNUTLS-SA-2015-2 (bsc#929690)
* ServerKeyExchange signature issue
* added gnutls-GNUTLS-SA-2015-2.patch
(Moderate)SUSE bug 929414SUSE bug 929690CVE-2015-3622Security update for glibc (Important)openSUSE 13.1
glibc was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-4043: The posix_spawn_file_actions_addopen function in glibc did not copy its path argument in accordance with the POSIX specification, which allowed context-dependent attackers to trigger use-after-free vulnerabilities (bsc#882600).
(Important)SUSE bug 882600CVE-2014-4043Security update for flash-player (Critical)openSUSE 13.1 NonFree
Security update to 11.2.202.508 (bsc#941239):
* APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125,
CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,
CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134,
CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544,
CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548,
CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552,
CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,
CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560,
CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
(Critical)SUSE bug 941239CVE-2015-3107CVE-2015-5124CVE-2015-5125CVE-2015-5127CVE-2015-5128CVE-2015-5129CVE-2015-5130CVE-2015-5131CVE-2015-5132CVE-2015-5133CVE-2015-5134CVE-2015-5539CVE-2015-5540CVE-2015-5541CVE-2015-5544CVE-2015-5545CVE-2015-5546CVE-2015-5547CVE-2015-5548CVE-2015-5549CVE-2015-5550CVE-2015-5551CVE-2015-5552CVE-2015-5553CVE-2015-5554CVE-2015-5555CVE-2015-5556CVE-2015-5557CVE-2015-5558CVE-2015-5559CVE-2015-5560CVE-2015-5561CVE-2015-5562CVE-2015-5563Security update for MozillaFirefox (Important)openSUSE 13.1
- update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
* Suggested Tiles show sites of interest, based on categories
from your recent browsing history
* Hello allows adding a link to conversations to provide context
on what the conversation will be about
* New style for add-on manager based on the in-content
preferences style
* Improved scrolling, graphics, and video playback performance
with off main thread compositing (GNU/Linux only)
* Graphic blocklist mechanism improved: Firefox version ranges
can be specified, limiting the number of devices blocked
security fixes:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
Out-of-bounds read with malformed MP3 file
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
Use-after-free in MediaStream playback
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518)
Arbitrary file overwriting through Mozilla Maintenance Service
with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
Out-of-bounds write with Updater and malicious MAR file
(does not affect openSUSE RPM packages which do not ship the
updater)
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
Feed protocol with POST bypasses mixed content protections
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
Crash when using shared memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
Heap overflow in gdk-pixbuf when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
Mozilla Content Security Policy allows for asterisk wildcards
in violation of CSP specification
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
Use-after-free in XMLHttpRequest with shared workers
- added mozilla-no-stdcxx-check.patch
- removed obsolete patches
* mozilla-add-glibcxx_use_cxx11_abi.patch
* firefox-multilocale-chrome.patch
- rebased patches
- requires version 40 of the branding package
- removed browser/searchplugins/ location as it's not valid anymore
- includes security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
Same origin violation and local file stealing via PDF reader
(Important)SUSE bug 940806SUSE bug 940918CVE-2015-4473CVE-2015-4474CVE-2015-4475CVE-2015-4477CVE-2015-4478CVE-2015-4479CVE-2015-4480CVE-2015-4481CVE-2015-4482CVE-2015-4483CVE-2015-4484CVE-2015-4485CVE-2015-4486CVE-2015-4487CVE-2015-4488CVE-2015-4489CVE-2015-4490CVE-2015-4491CVE-2015-4492CVE-2015-4493CVE-2015-4495Security update for subversion (Moderate)openSUSE 13.1
subversion was updated to version 1.8.14 to fix two security issues.
These security issues were fixed:
- CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517).
- CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514).
(Moderate)SUSE bug 939514SUSE bug 939517CVE-2015-3184CVE-2015-3187Security update for virtualbox (Moderate)openSUSE 13.1
- Version bump to 4.2.32 bnc#938408 CVE-2015-2594
* Storage: fixed a crash when taking snapshots (4.2.30 regression)
* ExtPack: don't fail if the TMP directory contains non-latin1 characters (bug #14159)
* Main: implemented dedicated event processing queue
* Linux hosts: fixed a bug which made the netfilter driver ignore certain events (bug #12264)
Also included from Version bump to 4.2.30 bnc#935900 CVE-2015-3456:
* Various small fixes here and there
- Fix the multiinstall on kernel modules to avoid conflicts bnc#925663
- Drop smap.diff fails to apply to the latest release
(Moderate)SUSE bug 925663SUSE bug 935900SUSE bug 938408CVE-2015-2594CVE-2015-3456Security update for xfsprogs (Moderate)openSUSE 13.1
xfsprogs was updated to fix one security vulnerability and bugs.
- Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150)
- Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition
(Moderate)SUSE bug 939367CVE-2012-2150Security update for MozillaThunderbird (Moderate)openSUSE 13.1
This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806):
* MFSA 2015-79/CVE-2015-4473
Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
Out-of-bounds read with malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518)
Arbitrary file overwriting through Mozilla Maintenance Service
with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
Out-of-bounds write with Updater and malicious MAR file
(does not affect openSUSE RPM packages which do not ship the
updater)
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
Crash when using shared memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
Heap overflow in gdk-pixbuf when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
Use-after-free in XMLHttpRequest with shared workers
(Moderate)SUSE bug 940806CVE-2015-4473CVE-2015-4475CVE-2015-4478CVE-2015-4479CVE-2015-4480CVE-2015-4481CVE-2015-4482CVE-2015-4484CVE-2015-4485CVE-2015-4486CVE-2015-4487CVE-2015-4488CVE-2015-4489CVE-2015-4491CVE-2015-4492CVE-2015-4493Security update for MozillaFirefox (Moderate)openSUSE 13.1
MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs.
Changes in MozillaFirefox:
- update to Firefox 40.0.3 (bnc#943550)
* Disable the asynchronous plugin initialization (bmo#1198590)
* Fix a segmentation fault in the GStreamer support (bmo#1145230)
* Fix a regression with some Japanese fonts used in the <input>
field (bmo#1194055)
* On some sites, the selection in a select combox box using the
mouse could be broken (bmo#1194733)
security fixes
* MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278, bsc#943557)
Use-after-free when resizing canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bmo#1042699, bsc#943558)
Add-on notification bypass through data URLs
(Moderate)SUSE bug 943550CVE-2015-4497CVE-2015-4498This update fixes two security vulnerabilities (CVE-2014-3591,CVE-2015-0837) (Moderate)openSUSE 13.1
This update fixes two security vulnerabilities (bsc#920057):
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]
(Moderate)SUSE bug 920057CVE-2014-3591CVE-2015-0837Security update for gnutls (Moderate)openSUSE 13.1
Gnutls was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-6251: Decoding specific certificates with very long DistinguishedName (DN) entries could have caused a double free, which may have resulted in a Denial of Service (GNUTLS-SA-2015-3)
(Moderate)SUSE bug 941794CVE-2015-6251Security update for net-snmp (Moderate)openSUSE 13.1
net-snmp was updated to fix one secuirty vulnerability and 2 bugs.
- Fix an incompletely initialized vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621)
- Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863)
- Stop snmptrapd on removal.
(Moderate)SUSE bug 935863SUSE bug 940188CVE-2015-5621Security update for tor (Low)openSUSE 13.1
Tor was updated to fix one logging privacy issue.
The following issue was fixed:
* Malformed hostnames in socks5 requests were written to the log regardless of SafeLogging option (CWE-532) [boo#943362]
(Low)SUSE bug 943362Security update for perl-XML-LibXML (Moderate)openSUSE 13.1
perl-XML-LibXML was updated to version 2.0.121 to fix one security vulnerability.
- Fix "expand_entities" option that was not preserved under some circumstances. (bsc#929237, CVE-2015-3451)
(Moderate)SUSE bug 929237CVE-2015-3451Security update for libvdpau (Moderate)openSUSE 13.1
libvdpau was updated to use secure_getenv() instead of getenv() for several variables
so it can be more safely used in setuid applications.
* CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)
* CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)
* CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)
(Moderate)SUSE bug 943967SUSE bug 943968SUSE bug 943969CVE-2015-5198CVE-2015-5199CVE-2015-5200Security update for squid (Moderate)openSUSE 13.1
Squid was updated to fix a security issue.
If the Squid HTTP Proxy configured with client-first SSL bumping did not correctly validate server certificate. (CVE-2015-3455)
(Moderate)SUSE bug 929493CVE-2015-3455Security update for sblim-sfcb (Moderate)openSUSE 13.1
sblim-sfcb was updated to fix a security issue with a crash due to a null pointer dereference in lookupProviders() (CVE-2015-5185)
(Moderate)SUSE bug 942628CVE-2015-5185Security update for elfutils (Moderate)openSUSE 13.1
elfutils was updated to fix a directory traversal vulnerability (bnc#911662 CVE-2014-9447)
(Moderate)SUSE bug 911662CVE-2014-9447Security update for remind (Moderate)openSUSE 13.1
remind was updated to fix a buffer overflow in DumpSysVar (CVE-2015-5957) (bnc#940924)
(Moderate)SUSE bug 940924CVE-2015-5957Security update for Chromium (Moderate)openSUSE 13.1
Chromium was updated to the 45.0.2454.85 of the stable channel to fix multiple security issues.
The following vulnerabilities were fixed:
* CVE-2015-1291: Cross-origin bypass in DOM
* CVE-2015-1292: Cross-origin bypass in ServiceWorker
* CVE-2015-1293: Cross-origin bypass in DOM
* CVE-2015-1294: Use-after-free in Skia
* CVE-2015-1295: Use-after-free in Printing
* CVE-2015-1296: Character spoofing in omnibox
* CVE-2015-1297: Permission scoping error in WebRequest
* CVE-2015-1298: URL validation error in extensions
* CVE-2015-1299: Use-after-free in Blink
* CVE-2015-1300: Information leak in Blink
* CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. (Moderate)SUSE bug 944144CVE-2015-1291CVE-2015-1292CVE-2015-1293CVE-2015-1294CVE-2015-1295CVE-2015-1296CVE-2015-1297CVE-2015-1298CVE-2015-1299CVE-2015-1300CVE-2015-1301Security update for libgcrypt (Low)openSUSE 13.1
libgcrypt was updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA.
A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries.
GnuPG already performed this check by itself and was not affected. This fix is equivalent, but not equal to CVE-2015-5738 (Low)SUSE bug 944835Security update for python-django (Moderate)openSUSE 13.1
python Django was updated to fix a remote denial of service (resource exhaustion) possibility
in the auth views module. (bsc#941587, CVE-2015-5963)
Also is_safe_url() was made to reject URLs that start with control characters
to mitigate possible XSS attack via user-supplied redirect URLs
(bnc#923176, CVE-2015-2317)
- Method check_for_test_cookie is deprecated, bnc#914706
- Update to version 1.5.12 with various security fixes:
+ Fixed a regression with dynamically generated inlines and allowed field
references in the admin
+ Allowed related many-to-many fields to be referenced in the admin
+ Allowed inline and hidden references to admin fields
(Moderate)SUSE bug 913053SUSE bug 913054SUSE bug 913055SUSE bug 913056SUSE bug 914706SUSE bug 923176SUSE bug 941587CVE-2015-0219CVE-2015-0220CVE-2015-0221CVE-2015-0222CVE-2015-2317CVE-2015-5963Security update for bind (Important)openSUSE 13.1
BIND was updated to fix a denial of service against servers performing validation on DNSSEC-signed
records (CVE-2015-5722, bsc#944066).
(Important)SUSE bug 944066CVE-2015-5722Security update for icedtea-web (Important)openSUSE 13.1
The icedtea-web java plugin was updated to 1.6.1.
Changes included:
* Enabled Entry-Point attribute check
* permissions sandbox and signed app and unsigned app with
permissions all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* comments in deployment.properties now should persists load/save
* fixed bug in caching of files with query
* fixed issues with recreating of existing shortcut
* trustAll/trustNone now processed correctly
* headless no longer shows dialogues
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208)
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209)
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed
* NetX
- fixed issues with -html shortcuts
- fixed issue with -html receiving garbage in width and height
* PolicyEditor
- file flag made to work when used standalone
- file flag and main argument cannot be used in combination
* Fix generation of man-pages with some versions of "tail"
Also included is the update to 1.6
* Massively improved offline abilities. Added Xoffline switch to
force work without inet connection.
* Improved to be able to run with any JDK
* JDK 6 and older no longer supported
* JDK 8 support added (URLPermission granted if applicable)
* JDK 9 supported
* Added support for Entry-Point manifest attribute
* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property
to control scan of Manifest file
* starting arguments now accept also -- abbreviations
* Added new documentation
* Added support for menu shortcuts - both javaws
applications/applets and html applets are supported
* added support for -html switch for javaws. Now you can run most
of the applets without browser at all
* Control Panel
- PR1856: ControlPanel UI improvement for lower resolutions
(800*600)
* NetX
- PR1858: Java Console accepts multi-byte encodings
- PR1859: Java Console UI improvement for lower resolutions
(800*600)
- RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception
java.lang.ClassCastException in method
sun.applet.PluginAppletViewer$8.run()
- Dropped support for long unmaintained -basedir argument
- Returned support for -jnlp argument
- RH1095311, PR574 - References class sun.misc.Ref removed in
OpenJDK 9 - fixed, and so buildable on JDK9
* Plugin
- PR1743 - Intermittant deadlock in PluginRequestProcessor
- PR1298 - LiveConnect - problem setting array elements (applet
variables) from JS
- RH1121549: coverity defects
- Resolves method overloading correctly with superclass
heirarchy distance
* PolicyEditor
- codebases can be renamed in-place, copied, and pasted
- codebase URLs can be copied to system clipboard
- displays a progress dialog while opening or saving files
- codebases without permissions assigned save to file anyway
(and re-appear on next open)
- PR1776: NullPointer on save-and-exit
- PR1850: duplicate codebases when launching from security dialogs
- Fixed bug where clicking "Cancel" on the "Save before Exiting"
dialog could result in the editor exiting without saving
changes
- Keyboard accelerators and mnemonics greatly improved
- "File - New" allows editing a new policy without first
selecting the file to save to
* Common
- PR1769: support signed applets which specify Sandbox
permissions in their manifests
* Temporary Permissions in security dialog now multi-selectable
and based on PolicyEditor permissions
- Update to 1.5.2
* NetX
- RH1095311, PR574 - References class sun.misc.Ref removed in
OpenJDK 9 - fixed, and so buildable on JDK9
- RH1154177 - decoded file needed from cache
- fixed NPE in https dialog
- empty codebase behaves as "."
(Important)SUSE bug 755054SUSE bug 830880SUSE bug 944208SUSE bug 944209CVE-2012-4540CVE-2015-5234CVE-2015-5235Security update for flash-player (Critical)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues:
More information can be found on:
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
(Critical)SUSE bug 946880CVE-2015-5567CVE-2015-5568CVE-2015-5570CVE-2015-5571CVE-2015-5572CVE-2015-5573CVE-2015-5574CVE-2015-5575CVE-2015-5576CVE-2015-5577CVE-2015-5578CVE-2015-5579CVE-2015-5580CVE-2015-5581CVE-2015-5582CVE-2015-5584CVE-2015-5587CVE-2015-5588CVE-2015-6676CVE-2015-6677CVE-2015-6678CVE-2015-6679CVE-2015-6682Security update for cyrus-imapd (Moderate)openSUSE 13.1
This recommended update provides version 2.3.19 of cyrus-imapd
* Security fix: handle urlfetch range starting outside message range
* Disable use of SSLv2/SSLv3
* Support for Berkeley DB 5.x (thanks Ondrej Sury)
* Support for newer glibc versions (thanks Thomas Jarosch)
* Fixed bug #3465: support for perl 5.14 (thanks hsk@imb-jena.de)
* Fixed bug #3640: reject NULL bytes in headers on LMTP delivery (thanks Julien Coloos)
(Moderate)SUSE bug 945841Security update for mysql-community-server (Moderate)openSUSE 13.1
The MySQL Community Server edition was updated to 5.6.26, fixing security issues and bugs.
All changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html
* Fixed CVEs:
CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582
CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772
CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771
CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641
CVE-2015-2661, CVE-2015-4767
* disable Performance Schema by default. Since MySQL 5.6.6 upstream
enabled Performance Schema by default which results in increased
memory usage. The added option disable Performance Schema again in
order to decrease MySQL memory usage [bnc#852477].
* install INFO_BIN and INFO_SRC, noticed in MDEV-6912
* remove superfluous '--group' parameter from mysql-systemd-helper
* make -devel package installable in the presence of LibreSSL
* cleanup after the update-message if it was displayed
* add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly [bnc#943096]
(Moderate)SUSE bug 852477SUSE bug 902396SUSE bug 938412SUSE bug 942908SUSE bug 943096CVE-2015-2582CVE-2015-2611CVE-2015-2617CVE-2015-2620CVE-2015-2639CVE-2015-2641CVE-2015-2643CVE-2015-2648CVE-2015-2661CVE-2015-4737CVE-2015-4752CVE-2015-4756CVE-2015-4757CVE-2015-4761CVE-2015-4767CVE-2015-4769CVE-2015-4771CVE-2015-4772Security update for php5 (Important)openSUSE 13.1
The PHP5 script interpreter was updated to fix various security issues:
* CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295]
* CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293]
* CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296]
* CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403]
* CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402]
* CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]
* CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412]
(Important)SUSE bug 942291SUSE bug 942293SUSE bug 942294SUSE bug 942295SUSE bug 942296SUSE bug 945402SUSE bug 945403SUSE bug 945412SUSE bug 945428CVE-2015-6831CVE-2015-6832CVE-2015-6833CVE-2015-6834CVE-2015-6835CVE-2015-6836CVE-2015-6837CVE-2015-6838Security update for MozillaFirefox (Important)openSUSE 13.1
MozillaFirefox was updated to Firefox 41.0 (bnc#947003)
Security issues fixed:
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
Site attribute spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only)
Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API
(Important)SUSE bug 947003CVE-2015-4476CVE-2015-4500CVE-2015-4501CVE-2015-4502CVE-2015-4503CVE-2015-4504CVE-2015-4505CVE-2015-4506CVE-2015-4507CVE-2015-4508CVE-2015-4509CVE-2015-4510CVE-2015-4511CVE-2015-4512CVE-2015-4516CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7178CVE-2015-7179CVE-2015-7180Security update for phpMyAdmin (Low)openSUSE 13.1
phpMyAdmin was updated to the latest supported upstream release 4.4.14. Besides all upstream bug fixes and improvements, it fixes the following vulnerability:
* CVE-2015-6830: reCaptcha bypass boo#945420 (Low)SUSE bug 945420CVE-2015-6830Security update for MozillaThunderbird (Important)openSUSE 13.1
MozillaThunderbird was updated to fix 17 security issues.
These security issues were fixed:
- CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003).
- CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003).
- CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003).
- CVE-2015-4500: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003).
- CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via a crafted header in a WebM video (bsc#947003).
- CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003).
- CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003).
- CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allowed remote attackers to execute arbitrary code via a crafted VP9 file (bsc#947003).
- CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allowed local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service (bsc#947003).
- CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element (bsc#947003).
- CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 used an incorrect argument to the sscanf function, which might allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-7174: The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003).
- CVE-2015-7175: The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003).
(Important)SUSE bug 947003CVE-2015-4500CVE-2015-4505CVE-2015-4506CVE-2015-4509CVE-2015-4511CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7178CVE-2015-7179CVE-2015-7180Security update for seamonkey (Important)openSUSE 13.1
seamonkey was updated to fix 25 security issues.
These security issues were fixed:
- CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003).
- CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003).
- CVE-2015-4502: js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandled certain receiver arguments, which allowed remote attackers to bypass intended window access restrictions via a crafted web site (bsc#947003).
- CVE-2015-4503: The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandled array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allowed remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application (bsc#947003).
- CVE-2015-4500: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003).
- CVE-2015-4501: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003).
- CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allowed remote attackers to execute arbitrary code via a crafted VP9 file (bsc#947003).
- CVE-2015-4507: The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allowed remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site (bsc#947003).
- CVE-2015-4504: The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allowed remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image (bsc#947003).
- CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allowed local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service (bsc#947003).
- CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003).
- CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003).
- CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003).
- CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 used an incorrect argument to the sscanf function, which might allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-7174: The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003).
- CVE-2015-7175: The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow (bsc#947003).
- CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via a crafted header in a WebM video (bsc#947003).
- CVE-2015-4510: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation (bsc#947003).
- CVE-2015-4512: gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering (bsc#947003).
- CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003).
- CVE-2015-4516: Mozilla Firefox before 41.0 allowed remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that did not use ES5 APIs (bsc#947003).
- CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element (bsc#947003).
(Important)SUSE bug 935979SUSE bug 947003CVE-2015-4500CVE-2015-4501CVE-2015-4502CVE-2015-4503CVE-2015-4504CVE-2015-4505CVE-2015-4506CVE-2015-4507CVE-2015-4509CVE-2015-4510CVE-2015-4511CVE-2015-4512CVE-2015-4516CVE-2015-4517CVE-2015-4519CVE-2015-4520CVE-2015-4521CVE-2015-4522CVE-2015-7174CVE-2015-7175CVE-2015-7176CVE-2015-7177CVE-2015-7178CVE-2015-7179CVE-2015-7180Security update for vorbis-tools (Moderate)openSUSE 13.1
vorbis-tools was updated to fix a buffer overflow in aiff_open(), that could be used
to crash or potentially execute code when opening aiff format files. (CVE-2015-6749, bsc#943795).
(Moderate)SUSE bug 943795CVE-2015-6749Security update for redis (Moderate)openSUSE 13.1
redis was updated to version 2.8.22 (boo#934048) to fix
a LUA sandbox update. (CVE-2015-4335)
Details can be found on http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
For the other changes see in the package:
/usr/share/doc/packages/redis/00-RELEASENOTES
(Moderate)SUSE bug 934048CVE-2015-4335Security update for apache2 (Moderate)openSUSE 13.1
Apache2 was updated to fix security issues.
- CVE-2015-3185: The ap_some_auth_required function in server/request.c in
the Apache HTTP Server 2.4.x did not consider that a Require directive may
be associated with an authorization setting rather than an authentication
setting, which allows remote attackers to bypass intended access
restrictions in opportunistic circumstances by leveraging the presence
of a module that relies on the 2.2 API behavior. [bnc#938723]
- CVE-2015-3183: The chunked transfer coding implementation in the
Apache HTTP Server did not properly parse chunk headers, which allows
remote attackers to conduct HTTP request smuggling attacks via a crafted
request, related to mishandling of large chunk-size values and invalid
chunk-extension characters in modules/http/http_filters.c. [bnc#938728]
On openSUSE 13.1:
- CVE-2015-4000: Fix Logjam vulnerability: change the default SSLCipherSuite
cipherstring to disable export cipher suites and deploy Ephemeral Elliptic-Curve
Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to
generate a strong and unique Diffie Hellman Group and append it
to the server certificate file [bnc#931723].
(Moderate)SUSE bug 931723SUSE bug 938723SUSE bug 938728CVE-2015-3183CVE-2015-3185CVE-2015-4000Security update for froxlor (Moderate)openSUSE 13.1
froxlor was updated to version 0.9.34 (bnc#846355), fixing bugs and bringing features.
(Moderate)SUSE bug 846355CVE-2014-0185Security update for conntrack-tools (Moderate)openSUSE 13.1
conntrack-tools was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-6496: Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. (boo#942149) (Moderate)SUSE bug 942149CVE-2015-6496Security update for IPython, python3-IPython (Moderate)openSUSE 13.1
IPython was updated to fix a cross-site-scripting vulnerability in handling local foldernames. (CVE-2015-6938, bnc#945828)
(Moderate)SUSE bug 945828CVE-2015-6938Security update for freetype2 (Moderate)openSUSE 13.1
This update of the freetype2 library fixes two security issues.
These security issues were fixed:
- CVE-2014-9745: Infinite loop in parse_encoding in t1load.c (bsc#945849)
- CVE-2014-9747: Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (bsc#947966)
(Moderate)SUSE bug 945849SUSE bug 947966CVE-2014-9745CVE-2014-9747Security update for lxc (Moderate)openSUSE 13.1
lxc was update to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (boo#946744) (Moderate)SUSE bug 946744CVE-2015-1335Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 45.0.2454.101 to fix two security issues.
The following vulnerabilities were fixed:
* CVE-2015-1303: Cross-origin bypass in DOM [boo#947504]
* CVE-2015-1304: Cross-origin bypass in V8 [boo#947507] (Important)SUSE bug 947504SUSE bug 947507CVE-2015-1303CVE-2015-1304Security update for polkit (Important)openSUSE 13.1
Polkit was updated to 0.113 to fix four security issues.
The following vulnerabilities were fixed:
* CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119)
* CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816)
* CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246)
* CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922) (Important)SUSE bug 933922SUSE bug 935119SUSE bug 939246SUSE bug 943816CVE-2015-3218CVE-2015-3255CVE-2015-3256CVE-2015-4625Security update for Adobe Flash Player (Important)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.535 to fix a number of security issues. (boo#950169, APSB15-25)
The following vulnerabilities were fixed:
* CVE-2015-7628: Vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure
* CVE-2015-5569: Defense-in-depth feature in the Flash broker API
* CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644: Use-after-free vulnerabilities that could lead to code execution
* CVE-2015-7632: Buffer overflow vulnerability that could lead to code execution
* CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634: Memory corruption vulnerabilities that could lead to code execution (Important)SUSE bug 950169CVE-2015-5569CVE-2015-7625CVE-2015-7626CVE-2015-7627CVE-2015-7628CVE-2015-7629CVE-2015-7630CVE-2015-7631CVE-2015-7632CVE-2015-7633CVE-2015-7634CVE-2015-7643CVE-2015-7644Security update for spice (Moderate)openSUSE 13.1
Spice was updated to fix four security issues.
The following vulnerabilities were fixed:
* CVE-2015-3247: heap corruption in the spice server (bsc#944460)
* CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976)
* CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460)
* CVE-2013-4282: Buffer overflow in password handling (bsc#848279)
(Moderate)SUSE bug 848279SUSE bug 944460SUSE bug 944787SUSE bug 948976CVE-2013-4282CVE-2015-3247CVE-2015-5260CVE-2015-5261Security update for jakarta-taglibs-standard (Moderate)openSUSE 13.1
jakarta-taglibs-standard was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-0254: Apache Standard Taglibs before 1.2.3 allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension (bsc#920813).
(Moderate)SUSE bug 920813CVE-2015-0254Security update for rsync (Moderate)openSUSE 13.1
rsync was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914).
This non-security issue was fixed:
- reintroduce "use slp" directive (bsc#922710)
* disable it by default
* slp doesn't seem to be used much and it often caused problems
(eg boo#898513, bsc#922710)
(Moderate)SUSE bug 898513SUSE bug 900914SUSE bug 922710CVE-2014-8242Security update for flash-player (Critical)openSUSE 13.1 NonFree
flash-player was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).
(Critical)SUSE bug 950474CVE-2015-7645Security update for openssl (Important)openSUSE 13.1
openssl was updated to 1.0.1k to fix various security
issues and bugs.
More information can be found in the openssl advisory:
http://openssl.org/news/secadv_20150108.txt
Following issues were fixed:
* CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64.
* CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.
* CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.
* CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.
* CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites
* CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message.
* CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record.
(Important)SUSE bug 911399SUSE bug 912014SUSE bug 912015SUSE bug 912018SUSE bug 912292SUSE bug 912293SUSE bug 912294SUSE bug 912296CVE-2014-3569CVE-2014-3570CVE-2014-3571CVE-2014-3572CVE-2014-8275CVE-2015-0204CVE-2015-0205CVE-2015-0206Security update for python-django (Moderate)openSUSE 13.1
python-django was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 used an incorrect regular expression, which allowed remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator (bsc#937523).
- CVE-2015-5143: The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allowed remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys (bsc#937522).
(Moderate)SUSE bug 937522SUSE bug 937523CVE-2015-5143CVE-2015-5144Security update for MozillaFirefox (Important)openSUSE 13.1
MozillaFirefox was updated to version 41.0.2 to fix one security issue.
This security issue was fixed:
- CVE-2015-7184: Cross-origin restriction bypass using Fetch (bsc#950686).
These non-security issues were fixed:
* Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124)
* Fix potential hangs with Flash plugins (bmo#1185639)
* Fix a regression in the bookmark creation (bmo#1206376)
* Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665)
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
(Important)SUSE bug 949983SUSE bug 950686CVE-2015-7184Security update for Chromium (Moderate)openSUSE 13.1
Chromium was update do the stable release 46.0.2490.71 to fix security issues.
The following vulnerabilities were fixed:
* CVE-2015-6755: Cross-origin bypass in Blink
* CVE-2015-6756: Use-after-free in PDFium
* CVE-2015-6757: Use-after-free in ServiceWorker
* CVE-2015-6758: Bad-cast in PDFium
* CVE-2015-6759: Information leakage in LocalStorage
* CVE-2015-6760: Improper error handling in libANGLE
* CVE-2015-6761: Memory corruption in FFMpeg
* CVE-2015-6762: CORS bypass via CSS fonts
* CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2015-7834: Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (Moderate)SUSE bug 950290CVE-2015-6755CVE-2015-6756CVE-2015-6757CVE-2015-6758CVE-2015-6759CVE-2015-6760CVE-2015-6761CVE-2015-6762CVE-2015-6763CVE-2015-6764CVE-2015-7834Security update for libevent (Moderate)openSUSE 13.1
libevent was updated to fixed heap overflows in buffer API (bsc#897243 CVE-2014-6272)
(Moderate)SUSE bug 897243CVE-2014-6272Security update for nodejs (Important)openSUSE 13.1
nodejs was updated to version 4.2.1 to fix one security issue.
This security issue was fixed:
- CVE-2015-7384: HTTP Denial of Service Vulnerability (bsc#948602).
Various other issues were fixed, please see the changelog.
(Important)SUSE bug 948045SUSE bug 948602CVE-2015-7384Security update for wireshark (Moderate)openSUSE 13.1
wireshark was updated to version 1.12.8 to fix ten security issues.
These security issues were fixed:
- CVE-2015-6247: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 did not validate a certain offset value, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500).
- CVE-2015-6246: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500).
- CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 used incorrect integer data types, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500).
- CVE-2015-6244: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500).
- CVE-2015-6243: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions (bsc#941500).
- CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 did not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allowed remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet (bsc#941500).
- CVE-2015-6241: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 did not properly terminate a data structure after a failure to locate a number within a string, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500).
- CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437).
- CVE-2015-6249: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 did not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500).
- CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 did not check whether the expected amount of data is available, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500).
(Moderate)SUSE bug 941500SUSE bug 950437CVE-2015-6241CVE-2015-6242CVE-2015-6243CVE-2015-6244CVE-2015-6245CVE-2015-6246CVE-2015-6247CVE-2015-6248CVE-2015-6249CVE-2015-7830Security update for squid (Moderate)openSUSE 13.1
squid was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-9749: Nonce replay vulnerability in Digest authentication (bsc#949942).
(Moderate)SUSE bug 949942CVE-2014-9749Security update for MozillaThunderbird (Moderate)openSUSE 13.1
MozillaThunderbird was updated to Thunderbird 31.4.0 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
(Moderate)SUSE bug 910669CVE-2014-8634CVE-2014-8635CVE-2014-8638CVE-2014-8639Security update for java-1_7_0-openjdk (Important)openSUSE 13.1
java-1_7_0-openjdk was updated to fix 17 security issues.
These security issues were fixed:
- CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376).
- CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376).
- CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376).
- CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376).
- CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376).
- CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376).
- CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376).
- CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376).
- CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376).
- CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376).
- CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376).
- CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376).
- CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376).
- CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376).
- CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376).
- CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376).
- CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376).
(Important)SUSE bug 951376CVE-2015-4734CVE-2015-4803CVE-2015-4805CVE-2015-4806CVE-2015-4835CVE-2015-4840CVE-2015-4842CVE-2015-4843CVE-2015-4844CVE-2015-4860CVE-2015-4872CVE-2015-4881CVE-2015-4882CVE-2015-4883CVE-2015-4893CVE-2015-4903CVE-2015-4911Security update for audiofile (Low)openSUSE 13.1
audiofile was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-7747: Overflow when changing both number of channels and sample format (bsc#949399).
(Low)SUSE bug 949399CVE-2015-7747Security update for roundcubemail (Moderate)openSUSE 13.1
roundcubemail was updated to version 1.0.7 to fix two security issues.
These security issues were fixed:
- XSS issue in drag-n-drop file uploads
- Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this was only the case when the configuration was manually changed) (bsc#952006)
The package comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried.
(Moderate)SUSE bug 938840SUSE bug 952006Security update for libssh (Moderate)openSUSE 13.1
This update fixed the following security issue:
- Fix CVE-2014-8132: Double free on dangling pointers in initial key exchange packet; (bsc#910790).
(Moderate)SUSE bug 910790CVE-2014-8132Security update for util-linux (Moderate)openSUSE 13.1
util-linux was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5218: Prevent colcrt buffer overflow (bsc#949754).
This non-security issue was fixed:
- bsc#903440: Calendar "cal" crash with segmentation fault when execute in background.
(Moderate)SUSE bug 903440SUSE bug 949754CVE-2015-5218Security update for sudo (Moderate)openSUSE 13.1
sudo was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806).
(Moderate)SUSE bug 917806CVE-2014-9680Security update for potrace (Moderate)openSUSE 13.1
potrace was updated to fix one security issue.
This security issue was fixed:
- CVE-2013-7437: Multiple integer overflows in potrace 1.11 allowed remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow (bsc#924904).
(Moderate)SUSE bug 924904CVE-2013-7437Security update for bouncycastle (Important)openSUSE 13.1
bouncycastle was updated to version 1.53 to fix one security issue.
This security issue was fixed:
- CVE-2015-7940: Invalid curve attack (bsc#951727).
(Important)SUSE bug 951727CVE-2015-7940Security update for wpa_supplicant (Moderate)openSUSE 13.1
wpa_supplicant was updated to fix one security issue.
This security issue was fixed:
- bsc#937419: Incomplete WPS and P2P NFC NDEF record payload length validation.
(Moderate)SUSE bug 937419Security update for postgresql92 (Moderate)openSUSE 13.1
postgresql92 was updated to version 9.2.14 to fix one security issue.
This security issue was fixed:
- CVE-2015-5288: The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allowed attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt (bsc#949669).
For the full release notes see:
http://www.postgresql.org/docs/current/static/release-9-2-14.html
(Moderate)SUSE bug 949669CVE-2015-5288Security update for krb5 (Important)openSUSE 13.1
krb5 was updated to fix three security issues.
These security issues were fixed:
- CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952188).
- CVE-2015-2696: Applications which call gss_inquire_context() on a partially-established IAKERB context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952189).
- CVE-2015-2697: Incorrect string handling in build_principal_va can lead to DOS (bsc#952190).
(Important)SUSE bug 952188SUSE bug 952189SUSE bug 952190CVE-2015-2695CVE-2015-2696CVE-2015-2697Security update for phpMyAdmin (Low)openSUSE 13.1
phpMyAdmin was updated to version 4.4.15.1 to fix one security issue.
This security issue was fixed:
- CVE-2015-7873: The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allowed remote attackers to spoof content via the url parameter (bsc#951960).
(Low)SUSE bug 951960CVE-2015-7873Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey (Important)openSUSE 13.1
Mozilla Firefox was updated to version 42.0, fixing bugs and security issues.
Mozilla xulrunner was updated to xulrunner 38.4.0.
Seamonkey was updated to 2.39.
New features in Mozilla Firefox:
* Private Browsing with Tracking Protection blocks certain Web
elements that could be used to record your behavior across sites
* Control Center that contains site security and privacy controls
* Login Manager improvements
* WebRTC improvements
* Indicator added to tabs that play audio with one-click muting
* Media Source Extension for HTML5 video available for all sites
Security fixes:
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
Certain escaped characters in host of Location-header are being
treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
mozilla-nspr was updated to 4.10.10:
* MFSA 2015-133/CVE-2015-7183 (bmo#1205157)
memory corruption issues
This update includes the update to version 4.10.9
* bmo#1021167: Leak of |poll_list| on failure in _MW_PollInternal
* bmo#1030692: Make compiling nspr on windows possible again.
* bmo#1088790: dosprint() doesn't support %zu and other size formats
* bmo#1130787: prtime.h does not compile with MSVC's /Za (ISO C/C++
conformance) option
* bmo#1153610: MIPS64: Add support for n64 ABI
* bmo#1156029: Teach clang-analyzer about PR_ASSERT
* bmo#1160125: MSVC version detection is broken CC is set to a wrapper
(like sccache)
* bmo#1163346: Add NSPR support for FreeBSD mips/mips64
* bmo#1169185: Add support for OpenRISC (or1k)
* bmo:1174749: Remove configure block for iOS that uses MACOS_SDK_DIR
* bmo#1174781: PR_GetInheritedFD can use uninitialized variables
mozilla-nss was updated to 3.20.1:
* requires NSPR 4.10.10
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868)
memory corruption issues
- Install the static libfreebl.a that is needed in order to link
Sun elliptical curves provider in Java 7.
This includes the update of Mozilla NSS to NSS 3.20
New functionality:
* The TLS library has been extended to support DHE ciphersuites in
server applications.
New Functions:
* SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group
parameters that can be used by NSS for a server socket.
* SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group
parameters that are smaller than the library default's minimum size.
New Types:
* SSLDHEGroupType - Enumerates the set of DHE parameters embedded in
NSS that can be used with function SSL_DHEGroupPrefSet.
New Macros:
* SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable
DHE ciphersuites for a server socket.
Notable Changes:
* For backwards compatibility reasons, the server side implementation
of the TLS library keeps all DHE ciphersuites disabled by default.
They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE
and the SSL_OptionSet or the SSL_OptionSetDefault API.
* The server side implementation of the TLS implementation does not
support session tickets when using a DHE ciphersuite (see bmo#1174677).
* Support for the following ciphersuites has been added:
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* By default, the server side TLS implementation will use DHE
parameters with a size of 2048 bits when using DHE ciphersuites.
* NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and
8192 bits, which were copied from version 08 of the Internet-Draft
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for
TLS", Appendix A.
* A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a
server application to select one or multiple of the embedded DHE
parameters as the preferred parameters. The current implementation of
NSS will always use the first entry in the array that is passed as a
parameter to the SSL_DHEGroupPrefSet API. In future versions of the
TLS implementation, a TLS client might signal a preference for
certain DHE parameters, and the NSS TLS server side implementation
might select a matching entry from the set of parameters that have
been configured as preferred on the server side.
* NSS optionally supports the use of weak DHE parameters with DHE
ciphersuites to support legacy clients. In order to enable this
support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each
time this API is called for the first time in a process, a fresh set
of weak DHE parameters will be randomly created, which may take a
long amount of time. Please refer to the comments in the header file
that declares the SSL_EnableWeakDHEPrimeGroup API for additional
details.
* The size of the default PQG parameters used by certutil when
creating DSA keys has been increased to use 2048 bit parameters.
* The selfserv utility has been enhanced to support the new DHE features.
* NSS no longer supports C compilers that predate the ANSI C standard (C89).
It also includes the update to NSS 3.19.3; certstore updates only
* The following CA certificates were removed
- Buypass Class 3 CA 1
- T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
- SG TRUST SERVICES RACINE
- TC TrustCenter Universal CA I
- TC TrustCenter Class 2 CA II
* The following CA certificate had the Websites trust bit turned off
- ComSign Secured CA
* The following CA certificates were added
- T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- Certinomis - Root CA
* The version number of the updated root CA list has been set to 2.5
- Install blapi.h and algmac.h that are needed in order to build
Sun elliptical curves provider in Java 7
(Important)SUSE bug 952810CVE-2015-4513CVE-2015-4514CVE-2015-4515CVE-2015-4518CVE-2015-7181CVE-2015-7182CVE-2015-7183CVE-2015-7185CVE-2015-7186CVE-2015-7187CVE-2015-7188CVE-2015-7189CVE-2015-7190CVE-2015-7191CVE-2015-7192CVE-2015-7193CVE-2015-7194CVE-2015-7195CVE-2015-7196CVE-2015-7197CVE-2015-7198CVE-2015-7199CVE-2015-7200Security update for xen (Important)openSUSE 13.1
xen was updated to fix 13 security issues.
These security issues were fixed:
- CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845).
- CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS) (bsc#950703).
- CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705).
- CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706).
- CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267).
- CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642).
- CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367).
- CVE-2015-7311: libxl fails to honour readonly flag on disks with qemu-xen (bsc#947165).
- CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712).
- CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709).
- CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463).
- CVE-2015-6815: e1000: infinite loop issue (bsc#944697).
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
This non-security issues was fixed:
- bsc#941074: VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working.
(Important)SUSE bug 877642SUSE bug 932267SUSE bug 938344SUSE bug 939709SUSE bug 939712SUSE bug 941074SUSE bug 944463SUSE bug 944697SUSE bug 947165SUSE bug 950367SUSE bug 950703SUSE bug 950705SUSE bug 950706SUSE bug 951845CVE-2014-0222CVE-2015-4037CVE-2015-5154CVE-2015-5165CVE-2015-5166CVE-2015-5239CVE-2015-6815CVE-2015-7311CVE-2015-7835CVE-2015-7969CVE-2015-7971CVE-2015-7972Security update for git (Moderate)openSUSE 13.1
Git was updated to fix one security issue.
The following vulnerability was fixed:
* boo#948969: remote code execution with recursive fetch of submodules
(Moderate)SUSE bug 948969Security update for flash-player (Moderate)openSUSE 13.1 NonFree
The flash-player package was updated to fix the following security issues:
- Security update to 11.2.202.548 (bsc#954512):
* APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653,
CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657,
CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661,
CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043,
CVE-2015-8044, CVE-2015-8046
(Moderate)SUSE bug 954512CVE-2015-7651CVE-2015-7652CVE-2015-7653CVE-2015-7654CVE-2015-7655CVE-2015-7656CVE-2015-7657CVE-2015-7658CVE-2015-7659CVE-2015-7660CVE-2015-7661CVE-2015-7662CVE-2015-7663CVE-2015-8042CVE-2015-8043CVE-2015-8044CVE-2015-8046Security update for python-tornado (Low)openSUSE 13.1
python-tornado was updates to fix one security issue.
The following vulnerability was fixed:
* CVE-2014-9720: XSRF cookie allowed side-channel attack against TLS (BREACH)
(Low)SUSE bug 930361SUSE bug 930362CVE-2014-9720Security update for libsndfile (Moderate)openSUSE 13.1
The libsndfile package was updated to fix three security issues:
- CVE-2015-7805: fix for heap overflow via specially crafted AIFF header
(bsc#953516)
- CVE-2015-8075: fix for out of bounds read access in function
psf_strlcpy_crlf (bsc#953519)
- CVE-2014-9756: fix a divide-by-zero issue that can lead to an DoS
(bsc#953521)
(Moderate)SUSE bug 953516SUSE bug 953519SUSE bug 953521CVE-2014-9756CVE-2015-7805CVE-2015-8075Security update for putty (Moderate)openSUSE 13.1
PuTTY was updated to 0.66 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-5309: Malicious ECH control sequences could have caused an integer overflow, buffer underrun in terminal emulator bnc#954191
Also contains all bug fixes up to the 0.66 release.
(Moderate)SUSE bug 954191CVE-2015-5309Security update for flash-player (Critical)openSUSE 13.1 NonFree
Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01, CVE-2015-0311).
More information can be found on https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
An update of flashplayer (executable binary) for i386 is currently not
available. Disabled!
(Critical)SUSE bug 914463CVE-2015-0311Security update for xscreensaver (Moderate)openSUSE 13.1
Xscreensaver was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-8025: xscreensaver could be bypassed by disconnecting HDMI cable (bsc#952062).
(Moderate)SUSE bug 952062CVE-2015-8025Security update for krb5 (Moderate)openSUSE 13.1
The krb5 package was update to fix the following security issue:
- CVE-2015-2698: Fixed a memory corruption regression introduced by resolution of CVE-2015-2698 (bsc#954204).
(Moderate)SUSE bug 954204CVE-2015-2698Security update for libksba (Moderate)openSUSE 13.1
The libksba package was updated to fix the follow security issues:
- Fixed an integer overflow, out of bounds read and stack overflow (bsc#926826).
(Moderate)SUSE bug 926826Security update for Chromium (Moderate)openSUSE 13.1
Chromium was updated to 46.0.2490.86 to fix one security issue and bugs.
The following vulnerability was fixed:
* CVE-2015-1302: Information leak in PDF viewer (boo#954579)
The following bug fix udpates are included:
* boo#950957: Change the default homepage based on the new landing page for the openSUSE Project. (Moderate)SUSE bug 950957SUSE bug 954579CVE-2015-1302Security update for miniupnpc (Moderate)openSUSE 13.1
MiniUPnP was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-6031: XML parser buffer overflow (boo#950759)
(Moderate)SUSE bug 950759CVE-2015-6031Security update for libpng16 (Important)openSUSE 13.1
libpng was updated to fix some security issues:
* CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with very wide interlaced images
* CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data
libpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED.
(Important)SUSE bug 912076SUSE bug 912929CVE-2014-9495CVE-2015-0973Security update for git (Moderate)openSUSE 13.1
This update fixes the following security issue:
- CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive
file system ( bnc#910756)
(Moderate)SUSE bug 910756CVE-2014-9390Security update for libpng16 (Important)openSUSE 13.1
The libpng16 package was updated to fix the following security issues:
- CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980).
(Important)SUSE bug 954980CVE-2015-8126Security update for libpng12 (Important)openSUSE 13.1
The libpng12 package was updated to fix the following security issues:
- CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980).
- CVE-2015-7981: Fixed an out-of-bound read (bsc#952051).
(Important)SUSE bug 952051SUSE bug 954980CVE-2015-7981CVE-2015-8126Security update for strongswan (Moderate)openSUSE 13.1
The strongswan package was updated to fix the following security issue:
- CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).
(Moderate)SUSE bug 953817CVE-2015-8023security update for ppp (Moderate)openSUSE 13.1
The ppp package was updated to fix one security issue.
- CVE-2015-3310: Fixed buffer overflow in radius plug-ins rc_mksid() (bnc#927841).
(Moderate)SUSE bug 927841CVE-2015-3310Security update for virtualbox (Moderate)openSUSE 13.1
The virtualbox package was updated to version 4.2.36 to fix the following security and non security issues:
- Version bump tp 4.2.36 (released 2015-11-11 by Oracle)
* several fixes - Oracle is not more specific
- Version bump to 4.2.34 (released 2015-10-20 by Oracle) (bsc#951432)
* CVE-2015-4813: Only Windows guests are impacted. Windows guests without VirtualBox Guest Additions installed are not affected.
* CVE-2015-4896: Only VMs with Remote Display feature (RDP) enabled are impacted by CVE-2015-4896.
* several fixes
- Linux hosts: Linux 4.2 fix
- Linux hosts: Linux 4.3 compile fixes
- Windows hosts: hardening fixes
- Linux Additions: Linux 4.2 fixes (bug #14227)
(Moderate)SUSE bug 951432CVE-2015-4813CVE-2015-4896Security update for GnuPG (Low)openSUSE 13.1
GnuPG was updated to fix two memory handling issues with potential security impact:
* CVE-2015-1606: Invalid memory read using a garbled keyring (bsc#918089)
* CVE-2015-1607: memcpy with overlapping ranges (bsc#918090) (Low)SUSE bug 918089SUSE bug 918090CVE-2015-1606CVE-2015-1607Security update for cyrus-imapd (Moderate)openSUSE 13.1
This update for cyrus-imapd fixes the following issues:
- Added cyrus-imapd-2.3.19-cve-2015-8077.patch:
boo#954200, CVE-2015-8077: Integer overflow in range checks
(Moderate)SUSE bug 954200CVE-2015-8077Security update for python-django (Moderate)openSUSE 13.1
The python-django package was updated to fix the following security issue:
- CVE-2015-8213: Fixed a problem to prevent settings leak in date template filter (bnc#955412)
(Moderate)SUSE bug 955412CVE-2015-8213Security update for libmspack (Moderate)openSUSE 13.1
libmspack was updated to fix a possible infinite loop caused DoS (bnc912214, CVE-2014-9556).
(Moderate)SUSE bug 912214CVE-2014-9556Security update for flash-player (Important)openSUSE 13.1 NonFree
This update for flash-player to version 11.2.202.554 fixes the following security issues
in Adobe security advisory APSB15-32.
* These updates resolve heap buffer overflow vulnerabilities that could
lead to code execution (CVE-2015-8438, CVE-2015-8446).
* These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417,
CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045,
CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408).
* These updates resolve security bypass vulnerabilities (CVE-2015-8453,
CVE-2015-8440, CVE-2015-8409).
* These updates resolve a stack overflow vulnerability that could lead
to code execution (CVE-2015-8407).
* These updates resolve a type confusion vulnerability that could lead
to code execution (CVE-2015-8439).
* These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2015-8445).
* These updates resolve a buffer overflow vulnerability that could lead
to code execution (CVE-2015-8415)
* These updates resolve use-after-free vulnerabilities that could
lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437,
CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452,
CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411,
CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423,
CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426,
CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434,
CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058,
CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067,
CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065,
CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403,
CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070,
CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).
Please also see
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
(Important)SUSE bug 958324CVE-2015-8045CVE-2015-8047CVE-2015-8048CVE-2015-8049CVE-2015-8050CVE-2015-8055CVE-2015-8056CVE-2015-8057CVE-2015-8058CVE-2015-8059CVE-2015-8060CVE-2015-8061CVE-2015-8062CVE-2015-8063CVE-2015-8064CVE-2015-8065CVE-2015-8066CVE-2015-8067CVE-2015-8068CVE-2015-8069CVE-2015-8070CVE-2015-8071CVE-2015-8401CVE-2015-8402CVE-2015-8403CVE-2015-8404CVE-2015-8405CVE-2015-8406CVE-2015-8407CVE-2015-8408CVE-2015-8409CVE-2015-8410CVE-2015-8411CVE-2015-8412CVE-2015-8413CVE-2015-8414CVE-2015-8415CVE-2015-8416CVE-2015-8417CVE-2015-8418CVE-2015-8419CVE-2015-8420CVE-2015-8421CVE-2015-8422CVE-2015-8423CVE-2015-8424CVE-2015-8425CVE-2015-8426CVE-2015-8427CVE-2015-8428CVE-2015-8429CVE-2015-8430CVE-2015-8431CVE-2015-8432CVE-2015-8433CVE-2015-8434CVE-2015-8435CVE-2015-8436CVE-2015-8437CVE-2015-8438CVE-2015-8439CVE-2015-8440CVE-2015-8441CVE-2015-8442CVE-2015-8443CVE-2015-8444CVE-2015-8445CVE-2015-8446CVE-2015-8447CVE-2015-8448CVE-2015-8449CVE-2015-8450CVE-2015-8451CVE-2015-8452CVE-2015-8453CVE-2015-8454CVE-2015-8455Security update for Mozilla Thunderbird (Moderate)openSUSE 13.1
The MozillaThunderbird package was updated to version 38.4.0 to fix several security and non security issues:
Changes in MozillaThunderbird:
- update to Thunderbird 38.4.0 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR 4.10.10 and NSS 3.19.2.1
- added explicit appdata provides (bnc#952325)
- fix build on aarch64 by reusing the crashreporter conditional
from MozillaFirefox
- fix libjpeg-turbo configuration (Moderate)SUSE bug 952325SUSE bug 952810CVE-2015-4513CVE-2015-4514CVE-2015-7181CVE-2015-7182CVE-2015-7183CVE-2015-7188CVE-2015-7189CVE-2015-7193CVE-2015-7194CVE-2015-7196CVE-2015-7197CVE-2015-7198CVE-2015-7199CVE-2015-7200Security update to MySQL 5.6.27 (Important)openSUSE 13.1
MySQL was updated to 5.6.27 to fix security issues and bugs.
The following vulnerabilities were fixed as part of the upstream release [boo#951391]:
CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,
CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800,
CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819,
CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,
CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,
CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,
CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,
CVE-2015-4913
Details on these and other changes can be found at:
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
The following security relevant changes are included additionally:
* CVE-2015-3152: MySQL lacked SSL enforcement.
Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl
connection is required. The mysql client will now print an error if
ssl is required, but the server can not handle a ssl connection
[boo#924663], [boo#928962]
(Important)SUSE bug 924663SUSE bug 928962SUSE bug 951391CVE-2015-0286CVE-2015-0288CVE-2015-1789CVE-2015-1793CVE-2015-3152CVE-2015-4730CVE-2015-4766CVE-2015-4792CVE-2015-4800CVE-2015-4802CVE-2015-4815CVE-2015-4816CVE-2015-4819CVE-2015-4826CVE-2015-4830CVE-2015-4833CVE-2015-4836CVE-2015-4858CVE-2015-4861CVE-2015-4862CVE-2015-4864CVE-2015-4866CVE-2015-4870CVE-2015-4879CVE-2015-4890CVE-2015-4895CVE-2015-4904CVE-2015-4905CVE-2015-4910CVE-2015-4913Security update for hivex (Moderate)openSUSE 13.1
hivex was updated to fix a possible denial of service due to missing size checks (bnc#908614).
(Moderate)SUSE bug 908614CVE-2014-9273Security update to MariaDB 5.5.46 (Important)openSUSE 13.1
MariaDB was updated to 5.5.46 to fix security issues and bugs.
The following vulnerabilities were fixed in the upstream release:
CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,
CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,
CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,
CVE-2015-4913, CVE-2015-4792
A list of upstream changes and release notes can be found here:
https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5546-changelog/
(Important)CVE-2015-4792CVE-2015-4802CVE-2015-4807CVE-2015-4815CVE-2015-4826CVE-2015-4830CVE-2015-4836CVE-2015-4858CVE-2015-4861CVE-2015-4870CVE-2015-4913Security update for libraw (Low)openSUSE 13.1
This update fixes the following security issue:
* CVE-2015-8367 - It was found that phase_one_correct function does not handle memory object’s initialization correctly, which may have unspecified impact (bsc#957517).
(Low)SUSE bug 957517CVE-2015-8367Security update for libpng12 (Moderate)openSUSE 13.1
This update fixes the following security issue:
* CVE-2015-8126 Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980)
(Moderate)SUSE bug 954980CVE-2015-8126Security update for libpng16 (Moderate)openSUSE 13.1
libpng16 was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-8126: previously fixed incompletely [boo#954980]
(Moderate)SUSE bug 954980CVE-2015-8126Security update for OpenSSL (Moderate)openSUSE 13.1
OpenSSL was updated to fix three security issues.
The following vulnerabilities were fixed:
* CVE-2015-3194: Certificate verify crash with missing PSS parameter (bsc#957815)
* CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812)
* CVE-2015-3196: Race condition handling PSK identify hint (bsc#957813) (Moderate)SUSE bug 957812SUSE bug 957813SUSE bug 957815CVE-2015-3194CVE-2015-3195CVE-2015-3196Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 47.0.2526.80 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2015-6788: Type confusion in extensions
* CVE-2015-6789: Use-after-free in Blink
* CVE-2015-6790: Escaping issue in saved pages
* CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives
The following vulnerabilities were fixed in 47.0.2526.73:
* CVE-2015-6765: Use-after-free in AppCache
* CVE-2015-6766: Use-after-free in AppCache
* CVE-2015-6767: Use-after-free in AppCache
* CVE-2015-6768: Cross-origin bypass in DOM
* CVE-2015-6769: Cross-origin bypass in core
* CVE-2015-6770: Cross-origin bypass in DOM
* CVE-2015-6771: Out of bounds access in v8
* CVE-2015-6772: Cross-origin bypass in DOM
* CVE-2015-6764: Out of bounds access in v8
* CVE-2015-6773: Out of bounds access in Skia
* CVE-2015-6774: Use-after-free in Extensions
* CVE-2015-6775: Type confusion in PDFium
* CVE-2015-6776: Out of bounds access in PDFium
* CVE-2015-6777: Use-after-free in DOM
* CVE-2015-6778: Out of bounds access in PDFium
* CVE-2015-6779: Scheme bypass in PDFium
* CVE-2015-6780: Use-after-free in Infobars
* CVE-2015-6781: Integer overflow in Sfntly
* CVE-2015-6782: Content spoofing in Omnibox
* CVE-2015-6783: Signature validation issue in Android Crazy Linker.
* CVE-2015-6784: Escaping issue in saved pages
* CVE-2015-6785: Wildcard matching issue in CSP
* CVE-2015-6786: Scheme bypass in CSP
* CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.
* Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23) (Important)SUSE bug 957519SUSE bug 958481CVE-2015-6764CVE-2015-6765CVE-2015-6766CVE-2015-6767CVE-2015-6768CVE-2015-6769CVE-2015-6770CVE-2015-6771CVE-2015-6772CVE-2015-6773CVE-2015-6774CVE-2015-6775CVE-2015-6776CVE-2015-6777CVE-2015-6778CVE-2015-6779CVE-2015-6780CVE-2015-6781CVE-2015-6782CVE-2015-6783CVE-2015-6784CVE-2015-6785CVE-2015-6786CVE-2015-6787CVE-2015-6788CVE-2015-6789CVE-2015-6790CVE-2015-6791Security update for libXfont (Moderate)openSUSE 13.1
This update for libXfont fixes the following issue:
- A negative DWIDTH is legal. This was broken by the security fix for
CVE-2015-1804. (boo#958383).
(Moderate)SUSE bug 958383CVE-2015-1804Security update for seamonkey (Important)openSUSE 13.1
Mozilla seamonkey was updated to SeaMonkey 2.32 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- use GStreamer 1.0 from 13.2 on
(Important)SUSE bug 910669CVE-2014-8634CVE-2014-8635CVE-2014-8636CVE-2014-8637CVE-2014-8638CVE-2014-8639CVE-2014-8640CVE-2014-8641CVE-2014-8642CVE-2014-8643Security update for quassel (Moderate)openSUSE 13.1
Quassel was updated to fix a remote DoS security issue.
The following vulnerability was fixed:
* CVE-2015-8547: Remote DoS in Quassel core
(Moderate)SUSE bug 958928CVE-2015-8547Security update for Chromium (Important)openSUSE 13.1
Chromium was updated to 47.0.2525.106 to fix security issues.
Vulnerabilities were fixed under the following collective identifier:
* CVE-2015-6792: Fixes from internal audits and fuzzing. [boo#959458] (Important)SUSE bug 959458CVE-2015-6792Security update for MozillaFirefox (Moderate)openSUSE 13.1
This update for MozillaFirefox fixes the following security issues:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)
Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs
(Moderate)SUSE bug 959277CVE-2015-7201CVE-2015-7202CVE-2015-7203CVE-2015-7204CVE-2015-7205CVE-2015-7207CVE-2015-7208CVE-2015-7210CVE-2015-7211CVE-2015-7212CVE-2015-7213CVE-2015-7214CVE-2015-7215CVE-2015-7216CVE-2015-7217CVE-2015-7218CVE-2015-7219CVE-2015-7220CVE-2015-7221CVE-2015-7222CVE-2015-7223Security update for samba, ldb, talloc, tdb, tevent (Important)openSUSE 13.1
This update for ldb, samba, talloc, tdb, tevent fixes the following issues:
ldb was updated to 1.1.24.
+ Fix ldap \00 search expression attack dos; cve-2015-3223; (bso#11325)
+ Fix remote read memory exploit in ldb; cve-2015-5330; (bso#11599)
+ Move ldb_(un)pack_data into ldb_module.h for testing
+ Fix installation of _ldb_text.py
+ Fix propagation of ldb errors through tdb
+ Fix bug triggered by having an empty message in database during search
+ Test improvements
+ Improved python bindings
+ Validate_ldb of string(generalized-time) does not accept millisecond format ".000Z"; (bso#9810)
+ Fix logic in ldb_val_to_time()
+ Allow to register extended match rules
+ Fixes for segfaults in pyldb
+ Documentation fixes
+ Build system improvements
+ Fix a typo in the comment, ldb_flags_mod_xxx -> ldb_flag_mod_xxx
+ Fix check for third_party
+ Make the successful ldb_transaction_start() message clearer
+ Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory()
+ Ldb-samba: move pyldb-utils dependency to python_samba__ldb
+ Build: improve detection of srcdir
Samba was updated to 4.1.22.
+ Malicious request can cause samba ldap server to hang, spinning using cpu;
CVE-2015-3223; (bso#11325); (boo#958581).
+ Remote read memory exploit in ldb; cve-2015-5330; (bso#11599);
(boo#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (boo#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (boo#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (boo#958583).
+ Fix microsoft ms15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (boo#958585).
+ Fix remote dos in samba (ad) ldap server; cve-2015-7540; (bso#9187);
(boo#958580).
+ Ensure attempt to ssh into locked account triggers
"Your account is disabled....." to the console; (boo#953382).
+ Prevent null pointer access in samlogon fallback when security
credentials are null; (boo#949022).
talloc was updated to 2.1.5; (boo#954658).
+ Minor build fixes
+ Point ld_library_path to the just-built libraries while calling make test.
+ Disable rpath-install and silent-rules while configure.
+ Update to 2.1.4; (boo#951660).
+ Test that talloc magic differs between processes.
+ Increment minor version due to added talloc_test_get_magic.
+ Provide tests access to talloc_magic.
+ Test magic protection measures.
+ Update the samba library distribution key file 'talloc.keyring'; (bso#945116).
+ Update to 2.1.3; (boo#939051).
+ Improved python3 bindings
+ Documentation fixes regarding talloc_reference() and talloc_unlink()
tdb was updated to version 1.3.8; (boo#954658).
+ Fix broken build with --disable-python
+ Minor build fixes
+ Disable rpath-install and silent-rules while configure.
+ Update the samba library distribution key file 'tdb.keyring'; (bso#945116).
+ Update to version 1.3.7.
+ First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381)
+ Improved python3 bindings
+ Update to version 1.3.6.
+ Fix runtime detection for robust mutexes in the standalone build; (bso#11326).
+ Possible fix for the build with robust mutexes on solaris 11; (bso#11319).
+ Update to version 1.3.5.
+ Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock
variant of tdb_chainlock_read()
+ Do not build test binaries if it's not a standalone build
+ Fix cid 1034842 resource leak
+ Fix cid 1034841 resource leak
+ Don't let tdb_wrap_open() segfault with name==null
+ Update to version 1.3.4.
+ Toos: allow transactions with tdb_mutex_locking
+ Test: add tdb1-run-mutex-transaction1 test
+ Allow transactions on on tdb's with tdb_mutex_locking
+ Update to version 1.3.3.
+ Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid
combination
+ Update to version 1.3.2.
+ Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs.
+ Fix a comment
+ Fix tdb_runtime_check_for_robust_mutexes()
+ Improve wording in a comment
+ Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch
+ Tdb_wrap: make mutexes easier to use
+ Tdb_wrap: only pull in samba-debug
+ Tdb_wrap: standalone compile without includes.h
+ Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context
- Update to version 1.3.1.
+ Tools: fix a compiler warning
+ Defragment the freelist in tdb_allocate_from_freelist()
+ Add "freelist_size" sub-command to tdbtool
+ Use tdb_freelist_merge_adjacent in tdb_freelist_size()
+ Add tdb_freelist_merge_adjacent()
+ Add utility function check_merge_ptr_with_left_record()
+ Simplify tdb_free() using check_merge_with_left_record()
+ Add utility function check_merge_with_left_record()
+ Improve comments for tdb_free().
+ Factor merge_with_left_record() out of tdb_free()
+ Fix debug message in tdb_free()
+ Reduce indentation in tdb_free() for merging left
+ Increase readability of read_record_on_left()
+ Factor read_record_on_left() out of tdb_free()
+ Build: improve detection of srcdir.
tevent was update to version 0.9.26; (boo#954658).
+ New tevent_thread_proxy api
+ Minor build fixes
+ Update the samba library distribution key file 'tevent.keyring'; (bso#945116).
+ Update to 0.9.25.
+ Fix compile error in solaris ports backend.
+ Fix access after free in tevent_common_check_signal(); (bso#11308).
+ Improve pytevent bindings.
+ Testsuite fixes.
+ Improve the documentation of the tevent_add_fd() assumtions. it must be
talloc_free'ed before closing the fd! (bso##11141); (bso#11316).
+ Update to 0.9.24.
+ Ignore unexpected signal events in the same way the epoll backend does.
+ Update to 0.9.23.
+ Update the tevent_data.dox tutrial stuff to fix some errors, including
white space problems.
+ Use tevent_req_simple_recv_unix in a few places.
+ Update to 0.9.22.
+ Remove unused exit_code in tevent_select.c
+ Remove unused exit_code in tevent_poll.c
+ Build: improve detection of srcdir
+ Lib: tevent: make tevent_sig_increment atomic.
+ Update flags in tevent pkgconfig file
+ Utilize doxygen to generate the api documentation and package it.
(Important)SUSE bug 939050SUSE bug 939051SUSE bug 949022SUSE bug 951660SUSE bug 953382SUSE bug 954658SUSE bug 958580SUSE bug 958581SUSE bug 958582SUSE bug 958583SUSE bug 958584SUSE bug 958585SUSE bug 958586CVE-2015-3223CVE-2015-5252CVE-2015-5296CVE-2015-5299CVE-2015-5330CVE-2015-7540CVE-2015-8467Security update for subversion (Moderate)openSUSE 13.1
This update for subversion fixes the following issues:
- Apache Subversion 1.8.15
This release fixes one security issue:
Remotely triggerable heap overflow and out-of-bounds read in
mod_dav_svn caused by integer overflow when parsing skel-encoded
request bodies. CVE-2015-5343 [boo#958300]
* fix a segfault with old style text delta
* fsfs: reduce memory allocation with Apache
* mod_dav_svn: emit first log items as soon as possible
* mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
* swig: fix memory corruption in svn_client_copy_source_t
* better configure-time detection of httpd authz fix
(drop subversion-1.8.14-httpd-version-number-detection.patch,
replace subversion-1.8.9-allow-httpd-2.4.6.patch with
subversion-1.8.15-allow-httpd-2.4.6.patch as a result
(Moderate)SUSE bug 958300CVE-2015-5343Security update for bind (Important)openSUSE 13.1
This update for bind fixes the following security issue:
- CVE-2015-8000: Fix remote denial of service by misparsing incoming responses
(boo#958861).
(Important)SUSE bug 958861CVE-2015-8000Security update for gummi (Moderate)openSUSE 13.1
This update for gummi fixes the following issues:
- CVE-2015-7758: Fix an exploitable issue caused by gummi setting predictable file names in /tmp;
patch taken from debian patch tracker and submitted upstream (bnc#949682).
(Moderate)SUSE bug 949682CVE-2015-7758Security update for grub2 (Important)openSUSE 13.1
This update for grub2 fixes the following issue:
Changes in grub2:
- CVE-2015-8370: Fix for overflow in grub_password_get and grub_user_get functions (bnc#956631)
(Important)SUSE bug 956631CVE-2015-8370Security update for libxml2 (Moderate)openSUSE 13.1
- update to 2.9.3
* full changelog: http://www.xmlsoft.org/news.html
* fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499,
CVE-2015-5312, CVE-2015-7497, CVE-2015-7498,
CVE-2015-8035, CVE-2015-7942, CVE-2015-1819,
CVE-2015-7941, CVE-2014-3660, CVE-2014-0191,
CVE-2015-8241, CVE-2015-8317
* fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735],
[bsc#954429], [bsc#956018], [bsc#956021],
[bsc#956260], [bsc#957105], [bsc#957106],
[bsc#957107], [bsc#957109], [bsc#957110]
(Moderate)SUSE bug 928193SUSE bug 951734SUSE bug 951735SUSE bug 954429SUSE bug 956018SUSE bug 956021SUSE bug 956260SUSE bug 957105SUSE bug 957106SUSE bug 957107SUSE bug 957109SUSE bug 957110CVE-2014-0191CVE-2014-3660CVE-2015-1819CVE-2015-5312CVE-2015-7497CVE-2015-7498CVE-2015-7499CVE-2015-7500CVE-2015-7941CVE-2015-7942CVE-2015-8035CVE-2015-8241CVE-2015-8242CVE-2015-8317Security update for jasper (Moderate)openSUSE 13.1
This update fixes the following security issues:
- CVE-2014-8157, CVE-2014-8158: use after free and OOB vulnerabilities (bnc#911837)
(Moderate)SUSE bug 911837CVE-2014-8157CVE-2014-8158Security update for flash-player (Important)openSUSE 13.1 NonFree
This update for flash-player fixes the following issues:
- Security update to 11.2.202.559 (boo#960317):
* APSB16-01, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634,
CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639,
CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643,
CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647,
CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
(Important)SUSE bug 960317CVE-2015-8459CVE-2015-8460CVE-2015-8634CVE-2015-8635CVE-2015-8636CVE-2015-8638CVE-2015-8639CVE-2015-8640CVE-2015-8641CVE-2015-8642CVE-2015-8643CVE-2015-8644CVE-2015-8645CVE-2015-8646CVE-2015-8647CVE-2015-8648CVE-2015-8649CVE-2015-8650CVE-2015-8651Security update for Mozilla Thunderbird (Important)openSUSE 13.1
Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues.
The following vulnerabilities were fixed: (boo#959277)
* CVE-2015-7201: Miscellaneous memory safety hazards
* CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed
* CVE-2015-7212: Integer overflow allocating extremely large textures
* CVE-2015-7205: Underflow through code inspection
* CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
* CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright
* CVE-2015-7214: Cross-site reading attack through data and view-source URIs
(Important)SUSE bug 959277CVE-2015-7201CVE-2015-7205CVE-2015-7210CVE-2015-7212CVE-2015-7213CVE-2015-7214CVE-2015-7222Security update for mozilla-nss (Moderate)openSUSE 13.1
This update to mozilla-nss 3.20.2 fixes the following issues:
* CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (boo#952810)
(Moderate)SUSE bug 959888CVE-2015-7575Security update for patch (Moderate)openSUSE 13.1
This update fixes the following security issue:
+ Security fix for a directory traversal flaw when
handling git-style patches. This could allow an attacker to
overwrite arbitrary files by applying a specially crafted patch.
[boo#913678] [CVE-2015-1196]
This update fixes the following issues:
+ When a file isn't being deleted because the file contents don't
match the patch, the resulting message is now "Not deleting
file ... as content differs from patch" instead of "File ...
is not empty after patch; not deleting".
+ Function names in hunks (from diff -p) are now preserved in
reject files [boo#904519]
(Moderate)SUSE bug 904519SUSE bug 913678CVE-2015-1196Security update for vlc (Moderate)openSUSE 13.1
vlc was updated to the current openSUSE Tumbleweed version.
live555 was also updated to the current openSUSE Tumbleweed version as a dependency.
Security issues fixed:
- Fix various buffer overflows and null ptr dereferencing (boo#914268,
CVE-2014-9625).
Other fixes:
- Enable SSE2 instruction set for x86_64
- Disable fluidsynth again: the crashes we had earlier are still
not all fixed. They are less, but less common makes it more
difficult to debug.
On openSUSE 13.1:
- Update to version 2.1.5:
+ Core: Fix compilation on OS/2.
+ Access: Stability improvements for the QTSound capture module.
+ Mac OS X audio output:
- Fix channel ordering.
- Increase the buffersize.
+ Decoders:
- Fix DxVA2 decoding of samples needing more surfaces.
- Improve MAD resistance to broken mp3 streams.
- Fix PGS alignment in MKV.
+ Qt Interface: Don't rename mp3 converted files to .raw.
+ Mac OS X Interface:
- Correctly support video-on-top.
- Fix video output event propagation on Macs with retina
displays.
- Stability improvements when using future VLC releases side by
side.
+ Streaming: Fix transcode when audio format changes.
+ Updated translations.
- Update to version 2.1.4:
+ Demuxers: Fix issue in WMV with multiple compressed payload and
empty payloads.
+ Video Output: Fix subtitles size rendering on Windows.
+ Mac OS X:
- Fix DVD playback regression.
- Fix misleading error message during video playback on
OS X 10.9.
- Fix hardware acceleration memleaks.
(Moderate)SUSE bug 914268CVE-2014-9625Security update for claws-mail (Moderate)openSUSE 13.1
This update for claws-mail fixes the following security issue:
* CVE-2015-8614: buffer overrun issues in Japanese character set conversion code could allow an adversary to remotely crash claws and potentially have further unspecified impact (boo#959993) (Moderate)SUSE bug 959993CVE-2015-8614Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to 3.12.62 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
- CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).
- CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975531 bsc#975533).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. (bsc#983143)
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).
- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).
- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (bnc#978401)
- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363).
- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. (bsc#979213)
- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).
- CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. (bnc#986365).
- CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).
- CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. (bsc#986569)
- CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).
The following non-security bugs were fixed:
- Add wait_event_cmd() (bsc#953048).
- alsa: hrtimer: Handle start/stop more properly (bsc#973378).
- base: make module_create_drivers_dir race-free (bnc#983977).
- btrfs: be more precise on errors when getting an inode from disk (bsc#981038).
- btrfs: do not use src fd for printk (bsc#980348).
- btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038).
- btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).
- btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844).
- cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552).
- ceph: tolerate bad i_size for symlink inode (bsc#985232).
- drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).
- drm/mgag200: Add support for a new rev of G200e (bsc#983904).
- drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).
- drm/mgag200: remove unused variables (bsc#983904).
- drm: qxl: Workaround for buggy user-space (bsc#981344).
- EDAC: Correct channel count limit (bsc#979521).
- EDAC: Remove arbitrary limit on number of channels (bsc#979521).
- EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521).
- EDAC/sb_edac: Fix computation of channel address (bsc#979521).
- EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521).
- EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521).
- EDAC: Use static attribute groups for managing sysfs entries (bsc#979521).
- efifb: Add support for 64-bit frame buffer addresses (bsc#973499).
- efifb: Fix 16 color palette entry calculation (bsc#983318).
- efifb: Fix KABI of screen_info struct (bsc#973499).
- ehci-pci: enable interrupt on BayTrail (bnc#947337).
- enic: set netdev->vlan_features (bsc#966245).
- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
- hid-elo: kill not flush the work (bnc#982354).
- iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772).
- ipvs: count pre-established TCP states as active (bsc#970114).
- kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544).
- kabi/severities: Added raw3270_* PASS to allow IBM LTC changes. (bnc#979922, LTC#141736)
- ktime: make ktime_divns exported on 32-bit architectures.
- md: be careful when testing resync_max against curr_resync_completed (bsc#953048).
- md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048).
- md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048).
- md/raid56: Do not perform reads to support writes until stripe is ready.
- md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048).
- md/raid5: allow the stripe_cache to grow and shrink (bsc#953048).
- md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048).
- md/raid5: avoid races when changing cache size (bsc#953048).
- md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048).
- md/raid5: be more selective about distributing flags across batch (bsc#953048).
- md/raid5: break stripe-batches when the array has failed (bsc#953048).
- md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048).
- md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048).
- md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048).
- md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048).
- md/raid5: close recently introduced race in stripe_head management.
- md/raid5: consider updating reshape_position at start of reshape (bsc#953048).
- md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048).
- md/raid5: do not do chunk aligned read on degraded array (bsc#953048).
- md/raid5: do not index beyond end of array in need_this_block() (bsc#953048).
- md/raid5: do not let shrink_slab shrink too far (bsc#953048).
- md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048).
- md/raid5: Ensure a batch member is not handled prematurely (bsc#953048).
- md/raid5: ensure device failure recorded before write request returns (bsc#953048).
- md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048).
- md/raid5: fix allocation of 'scribble' array (bsc#953048).
- md/raid5: fix another livelock caused by non-aligned writes (bsc#953048).
- md/raid5: fix handling of degraded stripes in batches (bsc#953048).
- md/raid5: fix init_stripe() inconsistencies (bsc#953048).
- md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048).
- md/raid5: fix newly-broken locking in get_active_stripe.
- md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE.
- md/raid5: handle possible race as reshape completes (bsc#953048).
- md/raid5: ignore released_stripes check (bsc#953048).
- md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048).
- md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048).
- md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048).
- md/raid5: need_this_block: tidy/fix last condition (bsc#953048).
- md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048).
- md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048).
- md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048).
- md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list.
- md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048).
- md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048).
- md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048).
- md/raid5: separate large if clause out of fetch_block() (bsc#953048).
- md/raid5: separate out the easy conditions in need_this_block (bsc#953048).
- md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048).
- md/raid5: strengthen check on reshape_position at run (bsc#953048).
- md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048).
- md/raid5: use bio_list for the list of bios to return (bsc#953048).
- md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048).
- md: remove unwanted white space from md.c (bsc#953048).
- md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048).
- mm: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).
- mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).
- net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).
- net: disable fragment reassembly if high_thresh is set to zero (bsc#970506).
- netfilter: bridge: do not leak skb in error paths (bsc#982544).
- netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).
- netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544).
- net: fix wrong mac_len calculation for vlans (bsc#968667).
- net/qlge: Avoids recursive EEH error (bsc#954847).
- net: Start with correct mac_len in skb_network_protocol (bsc#968667).
- nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087).
- PCI/AER: Clear error status registers during enumeration and restore (bsc#985978).
- perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489).
- perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489).
- ppp: defer netns reference release for ppp channel (bsc#980371).
- qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590).
- raid5: add a new flag to track if a stripe can be batched (bsc#953048).
- raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048).
- raid5: avoid release list until last reference of the stripe (bsc#953048).
- raid5: batch adjacent full stripe write (bsc#953048).
- raid5: check faulty flag for array status during recovery (bsc#953048).
- RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048).
- raid5: fix a race of stripe count check.
- raid5: fix broken async operation chain (bsc#953048).
- raid5: get_active_stripe avoids device_lock.
- raid5: handle expansion/resync case with stripe batching (bsc#953048).
- raid5: handle io error of batch list (bsc#953048).
- raid5: make_request does less prepare wait.
- raid5: relieve lock contention in get_active_stripe().
- raid5: relieve lock contention in get_active_stripe().
- raid5: Retry R5_ReadNoMerge flag when hit a read error.
- RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048).
- raid5: speedup sync_request processing (bsc#953048).
- raid5: track overwrite disk count (bsc#953048).
- raid5: update analysis state for failed stripe (bsc#953048).
- raid5: use flex_array for scribble data (bsc#953048).
- Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469).
- s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736).
- s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736).
- s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736).
- s390/3270: fix view reference counting (bnc#979922, LTC#141736).
- s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736).
- s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736).
- s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138).
- s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456).
- s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106).
- sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521).
- sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521).
- sb_edac: Fix support for systems with two home agents per socket (bsc#979521).
- sb_edac: look harder for DDRIO on Haswell systems (bsc#979521).
- sb_edac: support for Broadwell -EP and -EX (bsc#979521).
- sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498).
- sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498).
- sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498).
- sched/x86: Fix up typo in topology detection (bsc#974165).
- scsi: Increase REPORT_LUNS timeout (bsc#982282).
- series.conf: move netfilter section at the end of core networking
- series.conf: move stray netfilter patches to the right section
- target/rbd: do not put snap_context twice (bsc#981143).
- target/rbd: remove caw_mutex usage (bsc#981143).
- Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference.
- Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece.
- usb: quirk to stop runtime PM for Intel 7260 (bnc#984456).
- usb: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698).
- VSOCK: Fix lockdep issue (bsc#977417).
- VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417).
- wait: introduce wait_event_exclusive_cmd (bsc#953048).
- x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521).
- x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521).
- x86/efi: parse_efi_setup() build fix (bsc#979485).
- x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
- x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058).
- x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).
- x86: standardize mmap_rnd() usage (bnc#974308).
- xen: fix i586 build after SLE12-SP1 commit 2f4c3ff45d5e.
- xfs: fix premature enospc on inode allocation (bsc#984148).
- xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).
- xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).
(Important)SUSE bug 947337SUSE bug 950998SUSE bug 951844SUSE bug 953048SUSE bug 954847SUSE bug 956491SUSE bug 957990SUSE bug 962742SUSE bug 963655SUSE bug 963762SUSE bug 965087SUSE bug 966245SUSE bug 968667SUSE bug 970114SUSE bug 970506SUSE bug 971770SUSE bug 972933SUSE bug 973378SUSE bug 973499SUSE bug 974165SUSE bug 974308SUSE bug 974620SUSE bug 975531SUSE bug 975533SUSE bug 975772SUSE bug 975788SUSE bug 977417SUSE bug 978401SUSE bug 978469SUSE bug 978822SUSE bug 979213SUSE bug 979419SUSE bug 979485SUSE bug 979489SUSE bug 979521SUSE bug 979548SUSE bug 979681SUSE bug 979867SUSE bug 979879SUSE bug 979922SUSE bug 980348SUSE bug 980363SUSE bug 980371SUSE bug 981038SUSE bug 981143SUSE bug 981344SUSE bug 982282SUSE bug 982354SUSE bug 982544SUSE bug 982698SUSE bug 983143SUSE bug 983213SUSE bug 983318SUSE bug 983721SUSE bug 983904SUSE bug 983977SUSE bug 984148SUSE bug 984456SUSE bug 984755SUSE bug 985232SUSE bug 985978SUSE bug 986362SUSE bug 986365SUSE bug 986569SUSE bug 986572SUSE bug 986811SUSE bug 988215SUSE bug 988498SUSE bug 988552SUSE bug 990058CVE-2014-9904CVE-2015-7833CVE-2015-8551CVE-2015-8552CVE-2015-8845CVE-2016-0758CVE-2016-1583CVE-2016-2053CVE-2016-3672CVE-2016-4470CVE-2016-4482CVE-2016-4486CVE-2016-4565CVE-2016-4569CVE-2016-4578CVE-2016-4805CVE-2016-4997CVE-2016-5244CVE-2016-5828CVE-2016-5829Security update for wireshark (Low)openSUSE 13.1
Wireshark was updated to 1.12.9 to fix a number of crashes in protocol dissectors. [boo#960382]
* CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
* CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
* CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
* CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
* CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.
* CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
* CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted
* CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
* CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
* CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
* CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.
* CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
* CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.
* CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
* CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
(Low)SUSE bug 960382CVE-2015-8711CVE-2015-8712CVE-2015-8713CVE-2015-8714CVE-2015-8715CVE-2015-8716CVE-2015-8717CVE-2015-8718CVE-2015-8719CVE-2015-8720CVE-2015-8721CVE-2015-8722CVE-2015-8723CVE-2015-8724CVE-2015-8725CVE-2015-8726CVE-2015-8727CVE-2015-8728CVE-2015-8729CVE-2015-8730CVE-2015-8731CVE-2015-8732CVE-2015-8733Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to fix bugs and security issues.
The following security bugs were fixed:
- CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers
to cause a denial of service (stack consumption and panic) or possibly
have unspecified other impact by triggering use of the GRO path for
packets with tunnel stacking, as demonstrated by interleaved IPv4 headers
and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486).
- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,
which is reportedly exploited in the wild (bsc#1004418).
The following non-security bugs were fixed:
- sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419).
- sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419).
- tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).
(Important)SUSE bug 1001419SUSE bug 1001486SUSE bug 1002165SUSE bug 1004418CVE-2016-5195CVE-2016-8666Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2016-0728: A reference leak in keyring handling with
join_session_keyring() could lead to local attackers gain root
privileges. (bsc#962075).
- CVE-2015-7550: A local user could have triggered a race between read and
revoke in keyctl (bnc#958951).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions
in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8543: The networking implementation in the Linux kernel
did not validate protocol identifiers for certain protocol families,
which allowed local users to cause a denial of service (NULL function
pointer dereference and system crash) or possibly gain privileges by
leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).
- CVE-2014-8989: The Linux kernel did not properly restrict dropping
of supplemental group memberships in certain namespace scenarios,
which allowed local users to bypass intended file permissions by
leveraging a POSIX ACL containing an entry for the group category
that is more restrictive than the entry for the other category, aka a
"negative groups" issue, related to kernel/groups.c, kernel/uid16.c,
and kernel/user_namespace.c (bnc#906545).
- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on
the x86_64 platform mishandles IRET faults in processing NMIs that
occurred during userspace execution, which might allow local users to
gain privileges by triggering an NMI (bnc#937969).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in
the Linux kernel through 4.2.3 did not ensure that certain slot numbers
are valid, which allowed local users to cause a denial of service (NULL
pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl
call (bnc#949936).
- CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6,
and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial
of service (host OS panic or hang) by triggering many #DB (aka Debug)
exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6,
and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial
of service (host OS panic or hang) by triggering many #AC (aka Alignment
Check) exceptions, related to svm.c and vmx.c (bnc#953527).
- CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local users to cause
a denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to
a key structure member during garbage collection of a key (bnc#912202).
- CVE-2015-7990: Race condition in the rds_sendmsg function in
net/rds/sendmsg.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by using a socket that was not
properly bound. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2015-6937 (bnc#952384 953052).
- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by using a socket that was not properly bound (bnc#945825).
- CVE-2015-7885: The dgnc_mgmt_ioctl function in
drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did
not initialize a certain structure member, which allowed local users to
obtain sensitive information from kernel memory via a crafted application
(bnc#951627).
- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux
kernel did not validate attempted changes to the MTU value, which allowed
context-dependent attackers to cause a denial of service (packet loss)
via a value that is (1) smaller than the minimum compliant value or
(2) larger than the MTU of an interface, as demonstrated by a Router
Advertisement (RA) message that is not validated by a daemon, a different
vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is
limited to the NetworkManager product (bnc#955354).
- CVE-2015-8767: A case can occur when sctp_accept() is called by the
user during a heartbeat timeout event after the 4-way handshake. Since
sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the
listening socket but released with the new association socket. The result
is a deadlock on any future attempts to take the listening socket lock. (bsc#961509)
- CVE-2015-8575: Validate socket address length in sco_sock_bind() to
prevent information leak (bsc#959399).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
(bsc#957990).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of
service or arbitrary code execution (depending on the configuration)
(bsc#957988).
The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).
- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).
- KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).
- KVM: x86: update masterclock values on TSC writes (bsc#961739).
- NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839).
- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949).
- blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).
- blktap: refine mm tracking (bsc#952976).
- cdrom: Random writing support for BD-RE media (bnc#959568).
- genksyms: Handle string literals with spaces in reference files (bsc#958510).
- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
- ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).
- ipv6: fix tunnel error handling (bsc#952579).
- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
- uas: Add response iu handling (bnc#954138).
- usbvision fix overflow of interfaces array (bnc#950998).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). (Important)SUSE bug 814440SUSE bug 851610SUSE bug 869564SUSE bug 873385SUSE bug 906545SUSE bug 907818SUSE bug 909077SUSE bug 909477SUSE bug 911326SUSE bug 912202SUSE bug 915517SUSE bug 915577SUSE bug 917830SUSE bug 918333SUSE bug 919007SUSE bug 919018SUSE bug 919463SUSE bug 919596SUSE bug 921313SUSE bug 921949SUSE bug 922583SUSE bug 922936SUSE bug 922944SUSE bug 926238SUSE bug 926240SUSE bug 927780SUSE bug 927786SUSE bug 928130SUSE bug 929525SUSE bug 930399SUSE bug 931988SUSE bug 932348SUSE bug 933896SUSE bug 933904SUSE bug 933907SUSE bug 933934SUSE bug 935542SUSE bug 935705SUSE bug 936502SUSE bug 936831SUSE bug 937032SUSE bug 937033SUSE bug 937969SUSE bug 938706SUSE bug 940338SUSE bug 944296SUSE bug 945825SUSE bug 947155SUSE bug 949936SUSE bug 950998SUSE bug 951194SUSE bug 951440SUSE bug 951627SUSE bug 952384SUSE bug 952579SUSE bug 952976SUSE bug 953052SUSE bug 953527SUSE bug 954138SUSE bug 954404SUSE bug 955224SUSE bug 955354SUSE bug 955422SUSE bug 956708SUSE bug 956934SUSE bug 957988SUSE bug 957990SUSE bug 958504SUSE bug 958510SUSE bug 958886SUSE bug 958951SUSE bug 959190SUSE bug 959399SUSE bug 959568SUSE bug 960839SUSE bug 961509SUSE bug 961739SUSE bug 962075CVE-2014-2568CVE-2014-8133CVE-2014-8989CVE-2014-9090CVE-2014-9419CVE-2014-9529CVE-2014-9683CVE-2014-9715CVE-2014-9728CVE-2014-9729CVE-2014-9730CVE-2014-9731CVE-2015-0272CVE-2015-0777CVE-2015-1420CVE-2015-1421CVE-2015-2041CVE-2015-2042CVE-2015-2150CVE-2015-2666CVE-2015-2830CVE-2015-2922CVE-2015-2925CVE-2015-3212CVE-2015-3339CVE-2015-3636CVE-2015-4001CVE-2015-4002CVE-2015-4003CVE-2015-4004CVE-2015-4036CVE-2015-4167CVE-2015-4692CVE-2015-4700CVE-2015-5157CVE-2015-5283CVE-2015-5307CVE-2015-5364CVE-2015-5366CVE-2015-5707CVE-2015-6937CVE-2015-7550CVE-2015-7799CVE-2015-7833CVE-2015-7872CVE-2015-7885CVE-2015-7990CVE-2015-8104CVE-2015-8215CVE-2015-8543CVE-2015-8550CVE-2015-8551CVE-2015-8552CVE-2015-8569CVE-2015-8575CVE-2015-8767CVE-2016-0728Security update for phpMyAdmin (Moderate)openSUSE 13.1
phpMyAdmin was updated to 4.4.15.2 to fix one security issue and one non-security bug.
The following vulnerability was fixed:
* CVE-2015-8669: It was possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed (boo#960282)
The following bug was fixed:
* boo#960854: dependency of php-json was missing (Moderate)SUSE bug 960282SUSE bug 960854CVE-2015-8669Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to 3.12.67 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM platform, when KVM is used, allowed host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call. (bsc#994758)
- CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767).
- CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).
- CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).
- CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).
- CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).
- CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
- CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).
- CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).
- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).
- CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability (bnc#987542).
- CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608).
The following non-security bugs were fixed:
- aacraid: Fix RRQ overload (bsc#1003079).
- acpi / pm: Ignore wakeup setting if the ACPI companion can't wake up (FATE#315621).
- af_vsock: Shrink the area influenced by prepare_to_wait (bsc#994520).
- apparmor: add missing id bounds check on dfa verification (bsc#1000304).
- apparmor: check that xindex is in trans_table bounds (bsc#1000304).
- apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304).
- apparmor: do not expose kernel stack (bsc#1000304).
- apparmor: ensure the target profile name is always audited (bsc#1000304).
- apparmor: exec should not be returning ENOENT when it denies (bsc#1000304).
- apparmor: fix arg_size computation for when setprocattr is null terminated (bsc#1000304).
- apparmor: fix audit full profile hname on successful load (bsc#1000304).
- apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287).
- apparmor: fix disconnected bind mnts reconnection (bsc#1000304).
- apparmor: fix log failures for all profiles in a set (bsc#1000304).
- apparmor: fix module parameters can be changed after policy is locked (bsc#1000304).
- apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304).
- apparmor: fix oops, validate buffer size in apparmor_setprocattr() (bsc#1000304).
- apparmor: fix put() parent ref after updating the active ref (bsc#1000304).
- apparmor: fix refcount bug in profile replacement (bsc#1000304).
- apparmor: fix refcount race when finding a child profile (bsc#1000304).
- apparmor: fix replacement bug that adds new child to old parent (bsc#1000304).
- apparmor: fix uninitialized lsm_audit member (bsc#1000304).
- apparmor: fix update the mtime of the profile file on replacement (bsc#1000304).
- apparmor: internal paths should be treated as disconnected (bsc#1000304).
- apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).
- arm64: Ensure pmd_present() returns false after pmd_mknotpresent() (Automatic NUMA Balancing (fate#315482)).
- arm64: mm: remove broken &= operator from pmd_mknotpresent (Automatic NUMA Balancing (fate#315482)).
- avoid dentry crash triggered by NFS (bsc#984194).
- be2net: Do not leak iomapped memory on removal (bsc#921784 FATE#318561).
- be2net: fix BE3-R FW download compatibility check (bsc#921784 FATE#318561).
- be2net: fix wrong return value in be_check_ufi_compatibility() (bsc#921784 FATE#318561).
- be2net: remove vlan promisc capability from VF's profile descriptors (bsc#921784 FATE#318561).
- blacklist.conf:
- blacklist.conf: 78f3d050c34b We do not support fsl hardware
- blacklist.conf: add 5195c14c8b27 (reverted and superseded by a commit we already have)
- blacklist.conf: Add entry for 7bf52fb891b64b8d61caf0b82060adb9db761aec The commit 7bf52fb891b6 ("mm: vmscan: reclaim highmem zone if buffer_heads is over limit") is unnecessary as the fix is also available from commit d4debc66d1fc ("vmscan: remove unnecessary temporary vars in do_try_to_free_pages").
- blacklist.conf: add pointless networking follow-up fixes
- blacklist.conf: Add two fanotify commits which we do not need (fixes tag was not quite accurate)
- blacklist.conf: Blacklist unsupported architectures
- blkfront: fix an error path memory leak (luckily none so far).
- blk-mq: fix undefined behaviour in order_to_size() (fate#315209).
- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
- blktap2: eliminate race from deferred work queue handling (bsc#911687).
- bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes (fate#316924).
- bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687).
- bonding: fix curr_active_slave/carrier with loadbalance arp monitoring (fate#316924).
- bonding: Prevent IPv6 link local address on enslaved devices (fate#316924).
- bonding: prevent out of bound accesses (fate#316924).
- bonding: set carrier off for devices created through netlink (bsc#999577).
- btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).
- btrfs: add missing discards when unpinning extents with -o discard (bsc#904489).
- btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489).
- btrfs: do not create or leak aliased root while cleaning up orphans (bsc#904489).
- btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).
- btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489).
- btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779)
- btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489).
- btrfs: handle quota reserve failure properly (bsc#1005666).
- btrfs: iterate over unused chunk space in FITRIM (bsc#904489).
- btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).
- btrfs: properly track when rescan worker is running (bsc#989953).
- btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489).
- btrfs: reorder patches to place local patches back at the end of the series
- btrfs: skip superblocks during discard (bsc#904489).
- btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192).
- btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712).
- cdc-acm: added sanity checking for probe() (bsc#993891).
- cephfs: ignore error from invalidate_inode_pages2_range() in direct write (bsc#995153).
- cephfs: remove warning when ceph_releasepage() is called on dirty page (bsc#995153).
- clockevents: export clockevents_unbind_device instead of clockevents_unbind (bnc#937888).
- conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (bsc#966864).
- cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).
- cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).
- dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)
- drivers/hv: share Hyper-V SynIC constants with userspace (bnc#937888).
- drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#937888).
- drivers: hv: vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (bnc#937888).
- drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#937888).
- drivers: hv: vmbus: Cleanup vmbus_set_event() (bnc#937888).
- drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#937888).
- drivers: hv: vmbus: do not manipulate with clocksources on crash (bnc#937888).
- drivers: hv: vmbus: Force all channel messages to be delivered on CPU 0 (bnc#937888).
- drivers: hv: vmbus: Get rid of the unused irq variable (bnc#937888).
- drivers: hv: vmbus: handle various crash scenarios (bnc#937888).
- drivers: hv: vmbus: remove code duplication in message handling (bnc#937888).
- drivers: hv: vmbus: Support handling messages on multiple CPUs (bnc#937888).
- drivers: hv: vmbus: Support kexec on ws2012 r2 and above (bnc#937888).
- efi: Small leak on error in runtime map code (fate#315019).
- ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)
- ext4: Add parameter for tuning handling of ext2 (bsc#976195).
- Fix kabi change cause by adding flock_owner to open_context (bsc#998689).
- fix pCPU handling (luckily none so far).
- fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch (bsc#1003153).
- fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681).
- fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).
- fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).
- fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).
- fs/cifs: make share unaccessible at root level mountable (bsc#799133).
- fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133).
- fs/cifs: REVERT fix wrongly prefixed path to root (bsc#963655, bsc#979681)
- fs/select: add vmalloc fallback for select(2) (bsc#1000189).
- ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).
- hyperv: enable call to clockevents_unbind_device in kexec/kdump path
- hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in the base kernel
- i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).
- ib/IWPM: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).
- ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545 FATE#316891).
- introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).
- iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).
- ipv6: fix multipath route replace error recovery (bsc#930399).
- ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt.
- ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).
- ipv6: send only one NEWLINK when RA causes changes (bsc#934067).
- iscsi: Add a missed complete in iscsit_close_connection (bsc#992555, bsc#987805).
- iwlwifi: dvm: fix flush support for old firmware (bsc#940545).
- kabi: clockevents: export clockevents_unbind again.
- kabi: hide harmless change in struct inet_connection_sock (fate#318553).
- kABI: protect backing-dev include in mm/migrate.
- kABI: protect enum usb_device_speed.
- kABI: protect struct mlx5_modify_qp_mbox_in.
- kABI: protect struct mmc_packed (kabi).
- kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).
- kaweth: fix firmware download (bsc#993890).
- kaweth: fix oops upon failed memory allocation (bsc#993890).
- kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).
- kernel/printk/printk.c: fix faulty logic in the case of recursive printk (bnc#744692, bnc#789311).
- kvm: do not handle APIC access page if in-kernel irqchip is not in use (bsc#959463).
- kvm: vmx: defer load of APIC access page address during reset (bsc#959463).
- libceph: enable large, variable-sized OSD requests (bsc#988715).
- libceph: make r_request msg_size calculation clearer (bsc#988715).
- libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715).
- libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715).
- libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).
- libfc: do not send ABTS when resetting exchanges (bsc#962846).
- libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846).
- libfc: Fixup disc_mutex handling (bsc#962846).
- libfc: fixup locking of ptp_setup() (bsc#962846).
- libfc: Issue PRLI after a PRLO has been received (bsc#962846).
- libfc: reset exchange manager during LOGO handling (bsc#962846).
- libfc: Revisit kref handling (bnc#990245).
- libfc: sanity check cpu number extracted from xid (bsc#988440).
- libfc: send LOGO for PLOGI failure (bsc#962846).
- lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).
- md: check command validity early in md_ioctl() (bsc#1004520).
- md: Drop sending a change uevent when stopping (bsc#1003568).
- md: lockless I/O submission for RAID1 (bsc#982783).
- md/raid5: fix a recently broken BUG_ON() (bsc#1006691).
- memcg: convert threshold to bytes (bnc#931454).
- memcg: fix thresholds for 32b architectures (bnc#931454).
- mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975 VM performance -- git fixes).
- mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).
- module: Issue warnings when tainting kernel (bsc#974406).
- mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
- mpt3sas: Update patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch (bsc#967640, bsc#992244).
- msi-x: fix an error path (luckily none so far).
- netback: fix flipping mode (bsc#996664).
- netback: fix refounting (bsc#978094).
- netfront: do not truncate grant references.
- netfront: use correct linear area after linearizing an skb (bsc#1007886).
- nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1003400).
- nfs: Add a stub for GETDEVICELIST (bnc#898675).
- nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584).
- nfsd: Use free_conn to free connection (bsc#979451).
- nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).
- nfs: Fix a regression in the read() syscall (bsc#999584).
- nfs: fix BUG() crash in notify_change() with patch to chown_common() (bnc#876463).
- nfs: fix pg_test page count calculation (bnc#898675).
- nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776).
- nfsv4: add flock_owner to open context (bnc#998689).
- nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689).
- nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689).
- nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689).
- nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT (bnc#866130).
- oom: print nodemask in the oom report (bnc#1003866).
- packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).
- perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM (bsc#997896).
- pm / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252).
- pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441).
- powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).
- printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).
- qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).
- qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)
- radeon: avoid boot hang in Xen Dom0 (luckily none so far).
- ratelimit: extend to print suppressed messages on release (bsc#979928).
- ratelimit: fix bug in time interval by resetting right begin time (bsc#979928).
- rbd: truncate objects on cmpext short reads (bsc#988715).
- rcu: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257)
- Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch. After a write, we must free the 'request', not the 'response'. This error crept in during the backport. bsc#995153
- Refresh patches.xen/xen3-patch-3.9 (bsc#991247).
- Rename patches.xen/xen3-kgr-{0107,1003}-reserve-a-place-in-thread_struct-for-storing-RIP.patch to match its non-Xen counterpart.
- Revert "can: dev: fix deadlock reported after bus-off".
- Revert "Input: i8042 - break load dependency between atkbd/psmouse and i8042".
- Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports".
- rpm/config.sh: do not prepend "60." to release string This is needed for SLE maintenance workflow, no need for that in evergreen-13.1.
- rpm/config.sh: Set the SP1 release string to 60.<RELEASE> (bsc#997059)
- rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)
- rtnetlink: avoid 0 sized arrays (fate#316924).
- s390: add SMT support (bnc#994438, LTC#144756).
- sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419).
- sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419).
- scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
- scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
- scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
- sd: Fix memory leak caused by RESET_WP patch (bsc#999779).
- squashfs3: properly handle dir_emit() failures (bsc#998795).
- sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (bnc#868923).
- sunrpc: Fix a regression when reconnecting (bsc#946309).
- supported.conf: Add ext2
- supported.conf: Add iscsi modules to -base (bsc#997299)
- supported.conf: Add tun to -base (bsc#992593)
- supported.conf: Add veth to -base (bsc#992591)
- target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP (bsc#987621).
- target: Fix race between iscsi-target connection shutdown + ABORT_TASK (bsc#987621).
- tcp: add proper TS val into RST packets (bsc#937086).
- tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).
- tcp: fix child sockets to use system default congestion control if not set (fate#318553).
- tcp: fix cwnd limited checking to improve congestion control (bsc#988617).
- tcp: refresh skb timestamp at retransmit time (bsc#937086).
- timers: Use proper base migration in add_timer_on() (bnc#993392).
- tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).
- tunnels: Remove encapsulation offloads on decap (bsc#1001486).
- Update patches.kabi/kabi.clockevents_unbind.patch (bnc#937888).
- uprobes: Fix the memcg accounting (bnc#931454).
- usb: fix typo in wMaxPacketSize validation (bsc#991665).
- usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
- usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634).
- usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).
- vmxnet3: Wake queue from reset work (bsc#999907).
- x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance git-fixes).
- xenbus: do not invoke ->is_ready() for most device states (bsc#987333).
- xenbus: inspect the correct type in xenbus_dev_request_and_reply().
- xen: Linux 3.12.63.
- xen: Linux 3.12.64.
- xen/pciback: Fix conf_space read/write overlap check.
- xen-pciback: return proper values during BAR sizing.
- xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
- xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153).
- xfs: handle dquot buffer readahead in log recovery correctly (bsc#955446).
- xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
- xhci: silence warnings in switch (bnc#991665).
(Important)SUSE bug 1000189SUSE bug 1000287SUSE bug 1000304SUSE bug 1000776SUSE bug 1001419SUSE bug 1001486SUSE bug 1002165SUSE bug 1003079SUSE bug 1003153SUSE bug 1003400SUSE bug 1003568SUSE bug 1003866SUSE bug 1003925SUSE bug 1004252SUSE bug 1004418SUSE bug 1004462SUSE bug 1004517SUSE bug 1004520SUSE bug 1005666SUSE bug 1006691SUSE bug 1007615SUSE bug 1007886SUSE bug 744692SUSE bug 772786SUSE bug 789311SUSE bug 799133SUSE bug 857397SUSE bug 860441SUSE bug 865545SUSE bug 866130SUSE bug 868923SUSE bug 874131SUSE bug 875631SUSE bug 876145SUSE bug 876463SUSE bug 898675SUSE bug 904489SUSE bug 909994SUSE bug 911687SUSE bug 915183SUSE bug 921338SUSE bug 921784SUSE bug 922064SUSE bug 922634SUSE bug 924381SUSE bug 924384SUSE bug 930399SUSE bug 931454SUSE bug 934067SUSE bug 937086SUSE bug 937888SUSE bug 940545SUSE bug 941420SUSE bug 946309SUSE bug 954986SUSE bug 955446SUSE bug 956514SUSE bug 959463SUSE bug 961257SUSE bug 962846SUSE bug 963655SUSE bug 963767SUSE bug 966864SUSE bug 967640SUSE bug 970943SUSE bug 971975SUSE bug 971989SUSE bug 974406SUSE bug 974620SUSE bug 975596SUSE bug 975772SUSE bug 976195SUSE bug 977687SUSE bug 978094SUSE bug 979451SUSE bug 979681SUSE bug 979928SUSE bug 982783SUSE bug 983619SUSE bug 984194SUSE bug 984419SUSE bug 984779SUSE bug 984992SUSE bug 985562SUSE bug 986445SUSE bug 987192SUSE bug 987333SUSE bug 987542SUSE bug 987565SUSE bug 987621SUSE bug 987805SUSE bug 988440SUSE bug 988617SUSE bug 988715SUSE bug 989152SUSE bug 989953SUSE bug 990245SUSE bug 991247SUSE bug 991608SUSE bug 991665SUSE bug 992244SUSE bug 992555SUSE bug 992591SUSE bug 992593SUSE bug 992712SUSE bug 993392SUSE bug 993841SUSE bug 993890SUSE bug 993891SUSE bug 994296SUSE bug 994438SUSE bug 994520SUSE bug 994748SUSE bug 994758SUSE bug 995153SUSE bug 995968SUSE bug 996664SUSE bug 997059SUSE bug 997299SUSE bug 997708SUSE bug 997896SUSE bug 998689SUSE bug 998795SUSE bug 998825SUSE bug 999577SUSE bug 999584SUSE bug 999600SUSE bug 999779SUSE bug 999907SUSE bug 999932CVE-2013-5634CVE-2015-8956CVE-2016-2069CVE-2016-5696CVE-2016-6130CVE-2016-6327CVE-2016-6480CVE-2016-6828CVE-2016-7042CVE-2016-7097CVE-2016-7425CVE-2016-8658Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to receive various critical security fixes.
The following security bugs were fixed:
- CVE-2016-8655: A race condition in the af_packet packet_set_ring
function could be used by local attackers to crash the kernel or gain
privileges (bsc#1012754).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in
the Linux kernel did not validate the relationship between the minimum
fragment length and the maximum packet size, which allowed local users to
gain privileges or cause a denial of service (heap-based buffer overflow)
by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
the Linux kernel lacks chunk-length checking for the first chunk, which
allowed remote attackers to cause a denial of service (out-of-bounds slab
access) or possibly have unspecified other impact via crafted SCTP data
(bnc#1011685).
(Important)SUSE bug 1008831SUSE bug 1011685SUSE bug 1012754CVE-2016-8632CVE-2016-8655CVE-2016-9555Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to fix two security issues.
The following security bugs were fixed:
- CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).
- CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).
(Important)SUSE bug 1013533SUSE bug 1013604CVE-2016-9576CVE-2016-9794Security update for python-rsa (Moderate)openSUSE 13.1
This update for python-rsa fixes the following security issues:
* CVE-2016-1494: Possible signature forgery via Bleichenbacher attack (bsc#960680)
The following bugs fixes are included:
* FATE#319904, boo#954690: Support VPN feature in google-cloud-sdk
* boo#935595: missing coreutils requirement
(Moderate)SUSE bug 935595SUSE bug 954690SUSE bug 960680CVE-2016-1494Security update for xen (Important)openSUSE 13.1
This update for xen fixes the following security issues:
- CVE-2015-8550: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988)
- CVE-2015-8558: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006)
- CVE-2015-7549: qemu pci: null pointer dereference issue (boo#958918)
- CVE-2015-8504: qemu: ui: vnc: avoid floating point exception (boo#958493)
- CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007)
- CVE-2015-8555: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009)
- boo#958523 xen: ioreq handling possibly susceptible to multiple read issue (XSA-166)
- CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832)
- boo#956592: xen: virtual PMU is unsupported (XSA-163)
- CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408)
- CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409)
- CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411)
- CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142, boo#947165)
- CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception (boo#954405)
- CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018)
- CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150, boo#950704)
(Important)SUSE bug 947165SUSE bug 950704SUSE bug 954018SUSE bug 954405SUSE bug 956408SUSE bug 956409SUSE bug 956411SUSE bug 956592SUSE bug 956832SUSE bug 957988SUSE bug 958007SUSE bug 958009SUSE bug 958493SUSE bug 958523SUSE bug 958918SUSE bug 959006CVE-2015-5307CVE-2015-7311CVE-2015-7504CVE-2015-7549CVE-2015-7970CVE-2015-8104CVE-2015-8339CVE-2015-8340CVE-2015-8341CVE-2015-8345CVE-2015-8504CVE-2015-8550CVE-2015-8554CVE-2015-8555CVE-2015-8558Security update for libebml, libmatroska (Moderate)openSUSE 13.1
This update for libebml, libmatroska fixes the following security issues:
Vulnerabilities fixed in libebml:
* Cisco TALOS-CAN-0036: Invalid memory access when reading from a UTF-8 string resulted in a heap information leak (bsc#961031).
* Cisco TALOS-CAN-0037: Deeply nested elements with infinite size use-after-free and multiple free (bsc#961031).
* Invalid mempry access resulted in heap information leak
Vulnerabilities fixed in libmatroska:
* invalid memory access when reading specially crafted data lead to a heap information leak.
(Moderate)SUSE bug 961031Security update for dropbear (Moderate)openSUSE 13.1
This update for dropbear fixes the following issues:
- dropbear was updated to upstream version 2016.72
* Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
found by github.com/tintinweb. Thanks for Damien Miller for a patch.
- used as bug fix release for boo#970633 - CVE-2016-3116
- dropbear was updated to upstream version 2015.71
* Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
* Fix crash on exit when -p address:port is used, broke in 2015.68
* Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
* Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
broke in 2015.70
* Fix server race condition that could cause sessions to hang on exit,
https://github.com/robotframework/SSHLibrary/issues/128
- dropbear was updated to upstream version 2015.70
* Fix server password authentication on Linux, broke in 2015.69
* Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
* Avoid hang on session close when multiple sessions are started, affects Qt Creator
Patch from Andrzej Szombierski
* Reduce per-channel memory consumption in common case, increase default
channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
webpages
* Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin
* Manpage improvements from Guilhem Moulin
* Build fixes for Android from Mike Frysinger
* Don't display the MOTD when an explicit command is run from Guilhem Moulin
* Check curve25519 shared secret isn't zero
- dropbear was updated to upstream version 2015.68
* Reduce local data copying for improved efficiency. Measured 30%
increase in throughput for connections to localhost
* Forwarded TCP ports connect asynchronously and try all available addresses
(IPv4, IPv6, round robin DNS)
* Fix all compile warnings, many patches from Ga?l Portay
Note that configure with -Werror may not be successful on some platforms (OS X)
and some configuration options may still result in unused variable
warnings.
* Use TCP Fast Open on Linux if available. Saves a round trip at connection
to hosts that have previously been connected.
Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
Client side is disabled by default pending further compatibility testing
with networks and systems.
* Increase maximum command length to 9000 bytes
* Free memory before exiting, patch from Thorsten Horstmann. Useful for
Dropbear ports to embedded systems and for checking memory leaks
with valgrind. Only partially implemented for dbclient.
This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
* DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
there is a leading slash (~ isn't treated specially)
* Fix small ECC memory leaks
* Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
* Twofish-ctr cipher is supported though disabled by default
* Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
to CL Ouyang
* Fix null pointer crash with restrictions in authorized_keys without a command, patch from
Guilhem Moulin
* Ensure authentication timeout is handled while reading the initial banner,
thanks to CL Ouyang for finding it.
* Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
- dropbear was updated to upstream version 2015.67
* Call fsync() after generating private keys to ensure they aren't lost if a
reboot occurs. Thanks to Peter Korsgaard
* Disable non-delayed zlib compression by default on the server. Can be
enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
* Default client key path ~/.ssh/id_dropbear
* Prefer stronger algorithms by default, from Fedor Brunner.
AES256 over 3DES
Diffie-hellman group14 over group1
* Add option to disable CBC ciphers.
* Disable twofish in default options.h
* Enable sha2 HMAC algorithms by default, the code was already required
for ECC key exchange. sha1 is the first preference still for performance.
* Fix installing dropbear.8 in a separate build directory, from Like Ma
* Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusam?e
* Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
* Minor bug fixes, a few issues found by Coverity scan
- dropbear was updated to upstream version 2014.66
* Use the same keepalive handling behaviour as OpenSSH. This will work better
with some SSH implementations that have different behaviour with unknown
message types.
* Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
keepalive message
* Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
* Fix wtmp which broke since 2013.62, patch from Whoopie
- dropbear was updated to upstream version 2014.65
* Fix 2014.64 regression, server session hang on exit with scp (and probably
others), thanks to NiLuJe for tracking it down
* Fix 2014.64 regression, clock_gettime() error handling which broke on older
Linux kernels, reported by NiLuJe
* Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
wasn't caught
* Avoid error message when trying to set QoS on proxycommand or multihop pipes
* Use /usr/bin/xauth, thanks to Mike Frysinger
* Don't exit the client if the local user entry can't be found, thanks to iquaba
- added missing systemd entries for dropbear-keygen.service
- dropbear was updated to upstream version 2014.64
* Fix compiling with ECDSA and DSS disabled
* Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
thanks to Ronny Meeus
* The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval".
If no response is received after 3 keepalives then the session is terminated. This
will close connections faster than waiting for a TCP timeout.
* Rework TCP priority setting. New settings are
if (connecting || ptys || x11) tos = LOWDELAY
else if (tcp_forwards) tos = 0
else tos = BULK
Thanks to Catalin Patulea for the suggestion.
* Improve handling of many concurrent new TCP forwarded connections, should now
be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
and investigating it.
* Make sure that exit messages from the client are printed, regression in 2013.57
* Use monotonic clock where available, timeouts won't be affected by system time
changes
* Add -V for version
- dropbear was updated regular init script to also create ECDSA keys
- update to upstream version 2014.63
* Fix ~. to terminate a client interactive session after waking a laptop
from sleep.
* Changed port separator syntax again, now using host^port. This is because
IPv6 link-local addresses use %. Reported by Gui Iribarren
* Avoid constantly relinking dropbearmulti target, fix "make install"
for multi target, thanks to Mike Frysinger
* Avoid getting stuck in a loop writing huge key files, reported by Bruno
Thomsen
* Don't link dropbearkey or dropbearconvert to libz or libutil,
thanks to Nicolas Boos
* Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
* Avoid crash on exit due to cleaned up keys before last packets are sent,
debugged by Ronald Wahl
* Fix a race condition in rekeying where Dropbear would exit if it received a
still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
This is a longstanding bug but is triggered more easily since 2013.57
* [...]
- dropbear was updated service files and activated building of ecdsa keys
- only package the old init service in distributions without systemd
- imported upstream version 2013.62
* Disable "interactive" QoS connection options when a connection doesn't
have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
* Log when a hostkey is generated with -R, fix some bugs in handling server
hostkey commandline options
* Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
* Update config.guess and config.sub again
* ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
be generated) and ECDH for setting up encryption keys (no intervention
required). This is significantly faster.
* curve25519-sha256@libssh.org support for setting up encryption keys. This is
another elliptic curve mode with less potential of NSA interference in
algorithm parameters. curve25519-donna code thanks to Adam Langley
* -R option to automatically generate hostkeys. This is recommended for
embedded platforms since it allows the system random number device
/dev/urandom a longer startup time to generate a secure seed before the
hostkey is required.
* Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
* Make authorized_keys handling more robust, don't exit encountering
malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
(Moderate)SUSE bug 970633CVE-2016-3116Security update for nodejs (Moderate)openSUSE 13.1
This update contains nodejs 4.2.4 and fixes the following issues:
- CVE-2015-6764: unspecified out-of-bounds access vulnerability (boo#956902)
- CVE-2015-8027: unspecified denial of service vulnerability (boo#956901)
The following non-security bugs were fixed:
- boo#948045: Nodejs 4.0 rpm does not install addon-rpm.gypi
- boo#961254: common.gypi should install at /usr/share/node and npm requires nodejs-devel
Also contains all upstream bug fixes and improvements in the 4.2.2, 4.2.3 and 4.2.4 releases.
(Moderate)SUSE bug 948045SUSE bug 956901SUSE bug 956902SUSE bug 961254CVE-2015-6764CVE-2015-8027Security update for the Linux Kernel (Important)openSUSE 13.1
The openSUSE 13.1 kernel was updated to 3.12.57 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c
in the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length
for the first segment of an iov. (bsc#963765)
- CVE-2015-8551: The PCI backend driver in Xen, when running on an
x86 system and using Linux as the driver domain, allowed local guest
administrators to hit BUG conditions and cause a denial of service
(NULL pointer dereference and host OS crash) by leveraging a system with
access to a passed-through MSI or MSI-X capable physical PCI device
and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback
missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an
x86 system and using Linux as the driver domain, allowed local guest
administrators to generate a continuous stream of WARN messages and
cause a denial of service (disk consumption) by leveraging a system with
access to a passed-through MSI or MSI-X capable physical PCI device and
XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks
(bnc#957990).
- CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when
the network was considered congested. The kernel would incorrectly
misinterpret the congestion as an error condition and incorrectly
free/clean up the skb. When the device would then send the skb's queued,
these structures would be referenced and may panic the system or allow an
attacker to escalate privileges in a use-after-free scenario.(bsc#966437).
- CVE-2015-8816: A malicious USB device could cause kernel crashes in
the in hub_activate() function (bnc#968010).
- CVE-2016-0723: Race condition in the tty_ioctl function in
drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
sensitive information from kernel memory or cause a denial of service
(use-after-free and system crash) by making a TIOCGETD ioctl call during
processing of a TIOCSETD ioctl call. (bsc#961500)
- CVE-2016-2184: A malicious USB device could cause kernel crashes in
the alsa usb-audio device driver (bsc#971125).
- CVE-2016-2384: A double free on the ALSA umidi object was
fixed. (bsc#966693).
- CVE-2016-2782: A malicious USB device could cause kernel crashes in
the visor device driver (bnc#968670).
- CVE-2016-3139: A malicious USB device could cause kernel crashes in
the wacom device driver (bnc#970909).
- CVE-2016-3156: A quadratic algorithm could lead to long
kernel ipv4 hangs when removing a device with a large number of
addresses. (bsc#971360).
The following non-security bugs were fixed:
- acl: Fix problem with setting ACL on directories (bsc#867251).
- acpi / processor: Introduce apic_id in struct processor to save parsed APIC id (bsc#959463).
- alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).
- alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).
- arm: cubox: Add separate cubox configuration.
- arm: xen: implement multicall hypercall support.
- block: xen-blkfront: Fix possible NULL ptr dereference (bsc#957986 fate#320625).
- btrfs-8394-qgroup-Account-data-space-in-more-proper-timin.patch: (bsc#963193).
- btrfs: Add handler for invalidate page (bsc#963193).
- btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).
- btrfs: delayed_ref: Add new function to record reserved space into delayed ref (bsc#963193).
- btrfs: delayed_ref: release and free qgroup reserved at proper timing (bsc#963193).
- btrfs: extent_io: Introduce needed structure for recoding set/clear bits (bsc#963193).
- btrfs: extent_io: Introduce new function clear_record_extent_bits() (bsc#963193).
- btrfs: extent_io: Introduce new function set_record_extent_bits (bsc#963193).
- btrfs: extent-tree: Add new version of btrfs_check_data_free_space and btrfs_free_reserved_data_space (bsc#963193).
- btrfs: extent-tree: Add new version of btrfs_delalloc_reserve/release_space (bsc#963193).
- btrfs: extent-tree: Switch to new check_data_free_space and free_reserved_data_space (bsc#963193).
- btrfs: extent-tree: Switch to new delalloc space reserve and release (bsc#963193).
- btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).
- btrfs: fix invalid page accesses in extent_same (dedup) ioctl (bnc#968230).
- btrfs: fix page reading in extent_same ioctl leading to csum errors (bnc#968230).
- btrfs: fix warning in backref walking (bnc#966278).
- btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).
- btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).
- btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in clear_bit_hook (bsc#963193).
- btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).
- btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).
- btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans (bsc#963193).
- btrfs: qgroup: Fix a rebase bug which will cause qgroup double free (bsc#963193).
- btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#969439).
- btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).
- btrfs: qgroup: Introduce functions to release/free qgroup reserve data space (bsc#963193).
- btrfs: qgroup: Introduce new functions to reserve/free metadata (bsc#963193).
- btrfs: qgroup: Use new metadata reservation (bsc#963193).
- cpu: Provide smpboot_thread_init() on !CONFIG_SMP kernels as well.
- dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752).
- dmapi: fix dm_open_by_handle_rvp taking an extra ref to mnt (bsc#967292).
- drivers/base/memory.c: fix kernel warning during memory hotplug on ppc64 (bsc#963827).
- drivers:hv: Allow for MMIO claims that span ACPI _CRS records (bnc#965924).
- drivers:hv: Define the channel type for Hyper-V PCI Express pass-through (bnc#965924).
- drivers:hv: Export a function that maps Linux CPU num onto Hyper-V proc num (bnc#965924).
- drivers:hv: Export the API to invoke a hypercall on Hyper-V (bnc#965924).
- drivers: hv: kvp: fix IP Failover.
- drivers:pci:hv: New paravirtual PCI front-end for Hyper-V VMs (bnc#965924).
- drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (bsc#957986 fate#320625).
- driver: xen-blkfront: move talk_to_blkback to a more suitable place (bsc#957986 fate#320625).
- drm/i915: do not warn if backlight unexpectedly enabled (boo#972068).
- drm/i915: set backlight duty cycle after backlight enable for gen4 (boo#972780).
- e1000e: Avoid divide by zero error (bsc#968643).
- e1000e: fix division by zero on jumbo MTUs (bsc#968643).
- e1000e: Fix tight loop implementation of systime read algorithm (bsc#968643).
- fix: print ext4 mountopt data_err=abort correctly (bsc#969735).
- fs/proc_namespace.c: simplify testing nsp and nsp->mnt_ns (bug#963960).
- futex: Drop refcount if requeue_pi() acquired the rtmutex (bug#960174).
- hv: Lock access to hyperv_mmio resource tree (bnc#965924).
- hv: Make a function to free mmio regions through vmbus (bnc#965924).
- hv: Reverse order of resources in hyperv_mmio (bnc#965924).
- hv: Track allocations of children of hv_vmbus in private resource tree (bnc#965924).
- hv: Use new vmbus_mmio_free() from client drivers (bnc#965924).
- hwmon: (coretemp) Increase maximum core to 128 (bsc#970160)
- ibmvnic: Fix ibmvnic_capability struct (fate#320253).
- intel_pstate: Use del_timer_sync in intel_pstate_cpu_stop (bsc#967650).
- ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852).
- kabi: Preserve checksum of kvm_x86_ops (bsc#969112).
- kABI: protect enum enclosure_component_type.
- kabi: protect struct acpi_processor signature (bsc#959463).
- kABI: protect struct af_alg_type.
- kABI: protect struct crypto_ahash.
- kABI: protect struct dm_exception_store_type.
- kABI: protect struct fib_nh_exception.
- kABI: protect struct module.
- kABI: protect struct rq.
- kABI: protect struct sched_class.
- kABI: protect struct scm_creds.
- kABI: protect struct user_struct.
- kabi/severities:
- kabi/severities: Fail on changes in kvm_x86_ops, needed by lttng-modules
- kgr: fix reversion of a patch already reverted by a replace_all patch (fate#313296).
- kvm: SVM: add rdmsr support for AMD event registers (bsc#968448).
- kvm: x86: Check dest_map->vector to match eoi signals for rtc (bsc#966471).
- kvm: x86: Convert ioapic->rtc_status.dest_map to a struct (bsc#966471).
- kvm: x86: store IOAPIC-handled vectors in each VCPU (bsc#966471).
- kvm: x86: Track irq vectors in ioapic->rtc_status.dest_map (bsc#966471).
- libceph: fix scatterlist last_piece calculation (bsc#963746).
- lpfc: Fix kmalloc overflow in LPFC driver at large core count (bsc#969690).
- memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571).
- mld, igmp: Fix reserved tailroom calculation (bsc#956852).
- mmc: Exynos: Add module alias for dw mmc.
- mvneta: fix per-cpu stats initialization.
- namespaces: Re-introduce task_nsproxy() helper (bug#963960).
- namespaces: Use task_lock and not rcu to protect nsproxy (bug#963960).
- net: core: Correct an over-stringent device loop detection (bsc#945219).
- net: irda: Fix use-after-free in irtty_open() (bnc#967903).
- nfs4: treat lock owners as opaque values (bnc#968141).
- nfs: Background flush should not be low priority (bsc#955308).
- nfsd: fix nfsd_setattr return code for HSM (bsc#969992).
- nfs: do not use STABLE writes during writeback (bnc#816099).
- nfs: Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201).
- nvme: default to 4k device page size (bsc#967047).
- nvme: special case AEN requests (bsc#965087).
- omap3isp: fix miscompile.
- omap: Fix missing cm3xxx.h include.
- omap: Fix missing usb.h include.
- pci: Add global pci_lock_rescan_remove() (bnc#965924).
- pci: allow access to VPD attributes with size 0 (bsc#959146).
- pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.
- pciback: Save the number of MSI-X entries to be copied later.
- pci: Blacklist vpd access for buggy devices (bsc#959146).
- pci: Determine actual VPD size on first access (bsc#959146).
- pci: Export symbols required for loadable host driver modules (bnc#965924).
- pci: pciehp: Disable link notification across slot reset (bsc#967651).
- pci: pciehp: Do not check adapter or latch status while disabling (bsc#967651).
- pci: pciehp: Do not disable the link permanently during removal (bsc#967651).
- pci: pciehp: Ensure very fast hotplug events are also processed (bsc#967651).
- pci: Update VPD definitions (bsc#959146).
- perf, nmi: Fix unknown NMI warning (bsc#968512).
- power: Add _GLOBAL_TOC for 32bit.
- proc: Fix ptrace-based permission checks for accessing task maps.
- qla2xxx: Remove unavailable firmware files (bsc#943645).
- rbd: do not log miscompare as an error (bsc#970062).
- Refresh patches.drivers/0005-aacraid-MSI-x-support.patch. (boo#970249)
- resources: Set type in __request_region() (bnc#965924).
- Revert "ipv6: tcp: add rcu locking in tcp_v6_send_synack()" (bnc#961257).
- rpm/kernel-binary.spec.in: Sync the main and -base package dependencies (bsc#965830#c51).
- rpm/kernel-module-subpackage: Fix obsoleting dropped flavors (bsc#968253)
- sched: unbreak non-SMP build.
- scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458).
- scsi: fix soft lockup in scsi_remove_target() on module removal (bsc#965199).
- scsi: proper state checking and module refcount handling in scsi_device_get (boo#966831).
- series.conf: add section comments
- supported.conf: Add e1000e (emulated by VMware) to -base (bsc#968074)
- supported.conf: Add Hyper-V modules to -base (bsc#965830)
- supported.conf: Add isofs to -base (bsc#969655).
- supported.conf: Add more qemu device driver (bsc#968234)
- supported.conf: Add mptspi and mptsas to -base (bsc#968206)
- supported.conf: Add the qemu scsi driver (sym53c8xx) to -base (bsc#967802)
- supported.conf: Add tulip to -base for Hyper-V (bsc#968234)
- supported.conf: Add virtio-rng (bsc#966026)
- supported.conf: Add xen-blkfront.
- supported.conf: Add xfs to -base (bsc#965891)
- supported.conf: Fix usb-common path usb-common moved to its own subdirectory in kernel v3.16, and we backported that change to SLE12.
- sysctl: do not add hardlockup_all_cpu_backtrace sysctl on UP.
- tcp: Restore RFC5961-compliant behavior for SYN packets (bsc#966864).
- Update config files. Add new option CONFIG_PARAVIRT_XEN_BLKDEV_FRONTEND to i386 xen and ec2.
- Update config files. Enable CONFIG_DEBUG_INFO for ec2 flavor. It's overriden on build anyway and having it disabled causes "make silentoldconfig" checks fail because of new symbol CONFIG_DEBUG_INFO_REDUCED.
- Update config files: enable CONFIG_PCI_HYPERV in non-SLE configs These are i386/* except xen, ec2 and vanilla and x86_64 desktop and trace.
- Update config files: enable MACH_CUBOX in armv7hl/cubox
- Update config files: ppc and ppc64 are big endian New config options (not existing in 13.1) need to be set accordingly.
- Update patches.drivers/drm-ast-Initialize-data-needed-to-map-fbdev-memory.patch (bnc#880007). Fix refs and upstream status.
- Update Xen config files (enable upstream block frontend).
- Update Xen patches to 3.12.55.
- USB: ehci-s5p: Fix phy reset.
- usb: phy: Fix phy-samsung-usb when built as module.
- usb: Quiet down false peer failure messages (bnc#960629).
- x86: export x86_msi (bnc#965924).
- xen: Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver implementation (bsc#957986, bsc#956084, bsc#961658).
- xen-blkfront: allow building in our Xen environment (bsc#957986 fate#320625).
- xen, blkfront: factor out flush-related checks from do_blkif_request() (bsc#957986 fate#320625).
- xen-blkfront: fix accounting of reqs when migrating (bsc#957986 fate#320625).
- xen/blkfront: Fix crash if backend does not follow the right states (bsc#957986 fate#320625).
- xen-blkfront: improve aproximation of required grants per request (bsc#957986 fate#320625).
- xen/blkfront: improve protection against issuing unsupported REQ_FUA (bsc#957986 fate#320625).
- xen/blkfront: remove redundant flush_op (bsc#957986 fate#320625).
- xen-blkfront: remove type check from blkfront_setup_discard (bsc#957986 fate#320625).
- xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#957986 fate#320625).
- xen: fix blkfront and blkback build with normal xen.
- xen-vscsi-large-requests: Fix resource collision for racing request maps and unmaps (bsc#966094).
- xfs/dmapi: drop lock over synchronous XFS_SEND_DATA events (bsc#969993).
- xfs/dmapi: propertly send postcreate event (bsc#967299).
(Important)SUSE bug 816099SUSE bug 867251SUSE bug 880007SUSE bug 943645SUSE bug 945219SUSE bug 949752SUSE bug 955308SUSE bug 956084SUSE bug 956852SUSE bug 957986SUSE bug 957990SUSE bug 959146SUSE bug 959463SUSE bug 959709SUSE bug 960174SUSE bug 960458SUSE bug 960561SUSE bug 960563SUSE bug 960629SUSE bug 961257SUSE bug 961500SUSE bug 961658SUSE bug 963193SUSE bug 963746SUSE bug 963765SUSE bug 963827SUSE bug 963960SUSE bug 964201SUSE bug 965087SUSE bug 965199SUSE bug 965830SUSE bug 965891SUSE bug 965924SUSE bug 966026SUSE bug 966094SUSE bug 966278SUSE bug 966437SUSE bug 966471SUSE bug 966693SUSE bug 966831SUSE bug 966864SUSE bug 966910SUSE bug 967047SUSE bug 967292SUSE bug 967299SUSE bug 967650SUSE bug 967651SUSE bug 967802SUSE bug 967903SUSE bug 968010SUSE bug 968018SUSE bug 968074SUSE bug 968141SUSE bug 968206SUSE bug 968230SUSE bug 968234SUSE bug 968253SUSE bug 968448SUSE bug 968512SUSE bug 968643SUSE bug 968670SUSE bug 969112SUSE bug 969439SUSE bug 969571SUSE bug 969655SUSE bug 969690SUSE bug 969735SUSE bug 969992SUSE bug 969993SUSE bug 970062SUSE bug 970160SUSE bug 970249SUSE bug 970909SUSE bug 971125SUSE bug 971360SUSE bug 972068SUSE bug 972780CVE-2015-8551CVE-2015-8552CVE-2015-8709CVE-2015-8785CVE-2015-8812CVE-2015-8816CVE-2016-0723CVE-2016-2143CVE-2016-2184CVE-2016-2384CVE-2016-2782CVE-2016-3139CVE-2016-3156Security update for MozillaFirefox (Moderate)openSUSE 13.1
This update to MozillaFirefox 43.0.3 fixes the following issues:
* CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature, in combination wit NSS 3.20.2 [boo#959888]
Further fixes:
* workaround Youtube user agent detection issue (bmo#1233970)
* fix file download regression for multi user systems
(Moderate)SUSE bug 959888CVE-2015-7575Security update for perl-Module-Signature (Moderate)openSUSE 13.1
This update to perl-Module-Signature 0.79 fixes the following security issues:
* More protection of @INC from relative paths. (CVE-2015-3409)
* Fix GPG signature parsing logic. (CVE-2015-3406)
* MANIFEST.SKIP is no longer consulted unless --skip is given. (CVE-2015-3407)
* Properly use open() modes to avoid injection attacks. (CVE-2015-3408)
(Moderate)SUSE bug 928382CVE-2015-3406CVE-2015-3407CVE-2015-3408CVE-2015-3409Security update for the Linux Kernel (Important)openSUSE 13.1
======================================================================
The openSUSE 13.1 kernel was updated to 3.12.59 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. (bsc#986362)
- CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547).
- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010 979064).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143).
- CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504).
- CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).
- CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).
- CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).
- CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).
- CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#961512 968670).
- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 bnc#974646).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
- CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).
- CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).
- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).
- CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911 970970).
- CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).
- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).
- CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628).
- CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418).
- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445).
- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).
- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).
The following non-security bugs were fixed:
- ALSA: timer: Call notifier in the same spinlock (bsc#973378).
- ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).
- ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).
- ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).
- Add fs/ceph as a supported module.
- Add mainline tags to some hyperv patches
- Btrfs: do not collect ordered extents when logging that inode exists (bsc#977685).
- Btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855).
- Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685).
- Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685).
- Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#977685).
- Btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685).
- Btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).
- Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685).
- Btrfs: teach backref walking about backrefs with underflowed offset values (bsc#975371).
- CacheFiles: Fix incorrect test for in-memory object collision (bsc#971049).
- CacheFiles: Handle object being killed before being set up (bsc#971049).
- Ceph: Remove racey watch/notify event infrastructure (bsc#964727)
- Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739).
- Drivers: hv: util: Pass the channel information during the init call (bnc#978527).
- Drivers: hv: utils: Invoke the poll function after handshake (bnc#978527).
- Drivers: hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read().
- Export helper function to set irq affinity in pci-hyperv.
- FS-Cache: Add missing initialization of ret in cachefiles_write_page() (bsc#971049).
- FS-Cache: Count culled objects and objects rejected due to lack of space (bsc#971049).
- FS-Cache: Fix cancellation of in-progress operation (bsc#971049).
- FS-Cache: Handle a new operation submitted against a killed object (bsc#971049).
- FS-Cache: Move fscache_report_unexpected_submission() to make it more available (bsc#971049).
- FS-Cache: Out of line fscache_operation_init() (bsc#971049).
- FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations too (bsc#971049).
- FS-Cache: Put an aborted initialised op so that it is accounted correctly (bsc#971049).
- FS-Cache: Reduce cookie ref count if submit fails (bsc#971049).
- FS-Cache: Synchronise object death state change vs operation submission (bsc#971049).
- FS-Cache: The operation cancellation method needs calling in more places (bsc#971049).
- FS-Cache: Timeout for releasepage() (bsc#971049).
- FS-Cache: When submitting an op, cancel it if the target object is dying (bsc#971049).
- FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049).
- Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309)
- Fix kabi issue (bsc#971049).
- Import kabi files from kernel 3.12.55-52.42
- Import kabi files from kernel 3.12.57-60.35
- Input: i8042 - lower log level for "no controller" message (bsc#945345).
- KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770).
- NFSv4.1: do not use machine credentials for CLOSE when using 'sec=sys' (bsc#972003).
- NVMe: Unify controller probe and resume (bsc#979347).
- NVMe: init nvme queue before enabling irq (unknown bsc).
- PCI/AER: Fix aer_inject error codes (bsc#931448).
- PCI/AER: Log actual error causes in aer_inject (bsc#931448).
- PCI/AER: Log aer_inject error injections (bsc#931448).
- PCI/AER: Use dev_warn() in aer_inject (bsc#931448).
- RDMA/ocrdma: Avoid reporting wrong completions in case of error CQEs (bsc#908151).
- Remove VIOSRP_HOST_CONFIG_TYPE from ibmvstgt.c in patches.fixes/0001-ibmvscsi-remove-unsupported-host-config-mad.patch. as well.
- Revert "scsi: fix soft lockup in scsi_remove_target() on module removal" (bsc#970609).
- SUNRPC: Fix large reads on NFS/RDMA (bsc#908151).
- SUNRPC: remove KERN_INFO from dprintk() call sites (bsc#908151).
- USB: usbip: fix potential out-of-bounds write (bnc#975945).
- Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570).
- Update patches.suse/kgr-0102-add-TAINT_KGRAFT.patch (fate#313296 bsc#974406).
- Use mainline variant of hyperv KVP IP failover patch (bnc#978527)
- acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604).
- acpi: Disable APEI error injection if securelevel is set (bsc#972891).
- apparmor: Skip proc ns files (bsc#959514).
- block: do not check request size in blk_cloned_rq_check_limits() (bsc#972124).
- bnx2fc-Do-not-log-for-netevents-that-need-no-action.patch
- btrfs: do not return EBUSY on concurrent subvolume mounts (bsc#951844).
- btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).
- btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#972951).
- cachefiles: perform test on s_blocksize when opening cache file (bsc#971049).
- ceph fscache: Introduce a routine for uncaching single no data page from fscache (Fate#318586).
- ceph fscache: Uncaching no data page from fscache in readpage() (Fate#318586).
- ceph: Asynchronous IO support (Fate#318586).
- ceph: Avoid to propagate the invalid page point (Fate#318586).
- ceph: Clean up if error occurred in finish_read() (Fate#318586).
- ceph: EIO all operations after forced umount (Fate#318586).
- ceph: Implement writev/pwritev for sync operation (Fate#318586).
- ceph: add acl for cephfs (Fate#318586).
- ceph: add acl, noacl options for cephfs mount (Fate#318586).
- ceph: add get_name() NFS export callback (Fate#318586).
- ceph: add get_parent() NFS export callback (Fate#318586).
- ceph: add imported caps when handling cap export message (Fate#318586).
- ceph: add inline data to pagecache (Fate#318586).
- ceph: add missing init_acl() for mkdir() and atomic_open() (Fate#318586).
- ceph: add open export target session helper (Fate#318586).
- ceph: add request to i_unsafe_dirops when getting unsafe reply (Fate#318586).
- ceph: additional debugfs output (Fate#318586).
- ceph: always re-send cap flushes when MDS recovers (Fate#318586).
- ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_close_sessions) (Fate#318586).
- ceph: avoid block operation when !TASK_RUNNING (ceph_get_caps) (Fate#318586).
- ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_sync) (Fate#318586).
- ceph: avoid releasing caps that are being used (Fate#318586).
- ceph: avoid sending unnessesary FLUSHSNAP message (Fate#318586).
- ceph: avoid useless ceph_get_dentry_parent_inode() in ceph_rename() (Fate#318586).
- ceph: cast PAGE_SIZE to size_t in ceph_sync_write() (Fate#318586).
- ceph: ceph_frag_contains_value can be boolean (Fate#318586).
- ceph: ceph_get_parent() can be static (Fate#318586).
- ceph: check OSD caps before read/write (Fate#318586).
- ceph: check buffer size in ceph_vxattrcb_layout() (Fate#318586).
- ceph: check caps in filemap_fault and page_mkwrite (Fate#318586).
- ceph: check directory's completeness before emitting directory entry (Fate#318586).
- ceph: check inode caps in ceph_d_revalidate (Fate#318586).
- ceph: check unsupported fallocate mode (Fate#318586).
- ceph: check zero length in ceph_sync_read() (Fate#318586).
- ceph: checking for IS_ERR instead of NULL (Fate#318586).
- ceph: cleanup unsafe requests when reconnecting is denied (Fate#318586).
- ceph: cleanup use of ceph_msg_get (Fate#318586).
- ceph: clear directory's completeness when creating file (Fate#318586).
- ceph: convert inline data to normal data before data write (Fate#318586).
- ceph: do not assume r_old_dentry[_dir] always set together (Fate#318586).
- ceph: do not chain inode updates to parent fsync (Fate#318586).
- ceph: do not grabs open file reference for aborted request (Fate#318586).
- ceph: do not include ceph.{file,dir}.layout vxattr in listxattr() (Fate#318586).
- ceph: do not include used caps in cap_wanted (Fate#318586).
- ceph: do not invalidate page cache when inode is no longer used (Fate#318586).
- ceph: do not mark dirty caps when there is no auth cap (Fate#318586).
- ceph: do not pre-allocate space for cap release messages (Fate#318586).
- ceph: do not set r_old_dentry_dir on link() (Fate#318586).
- ceph: do not trim auth cap when there are cap snaps (Fate#318586).
- ceph: do not zero i_wrbuffer_ref when reconnecting is denied (Fate#318586).
- ceph: drop cap releases in requests composed before cap reconnect (Fate#318586).
- ceph: drop extra open file reference in ceph_atomic_open() (Fate#318586).
- ceph: drop unconnected inodes (Fate#318586).
- ceph: exclude setfilelock requests when calculating oldest tid (Fate#318586).
- ceph: export ceph_session_state_name function (Fate#318586).
- ceph: fetch inline data when getting Fcr cap refs (Fate#318586).
- ceph: fix __dcache_readdir() (Fate#318586).
- ceph: fix a comment typo (Fate#318586).
- ceph: fix append mode write (Fate#318586).
- ceph: fix atomic_open snapdir (Fate#318586).
- ceph: fix bool assignments (Fate#318586).
- ceph: fix cache revoke race (Fate#318586).
- ceph: fix ceph_dir_llseek() (Fate#318586).
- ceph: fix ceph_fh_to_parent() (Fate#318586).
- ceph: fix ceph_removexattr() (Fate#318586).
- ceph: fix ceph_set_acl() (Fate#318586).
- ceph: fix ceph_writepages_start() (Fate#318586).
- ceph: fix dcache/nocache mount option (Fate#318586).
- ceph: fix dentry leaks (Fate#318586).
- ceph: fix directory fsync (Fate#318586).
- ceph: fix divide-by-zero in __validate_layout() (Fate#318586).
- ceph: fix double page_unlock() in page_mkwrite() (Fate#318586).
- ceph: fix dout() compile warnings in ceph_filemap_fault() (Fate#318586).
- ceph: fix file lock interruption (Fate#318586).
- ceph: fix flush tid comparision (Fate#318586).
- ceph: fix flushing caps (Fate#318586).
- ceph: fix llistxattr on symlink (Fate#318586).
- ceph: fix message length computation (Fate#318586).
- ceph: fix mksnap crash (Fate#318586).
- ceph: fix null pointer dereference in send_mds_reconnect() (Fate#318586).
- ceph: fix pr_fmt() redefinition (Fate#318586).
- ceph: fix queuing inode to mdsdir's snaprealm (Fate#318586).
- ceph: fix reading inline data when i_size > PAGE_SIZE (Fate#318586).
- ceph: fix request time stamp encoding (Fate#318586).
- ceph: fix reset_readdir() (Fate#318586).
- ceph: fix setting empty extended attribute (Fate#318586).
- ceph: fix sizeof(struct tYpO *) typo (Fate#318586).
- ceph: fix snap context leak in error path (Fate#318586).
- ceph: fix trim caps (Fate#318586).
- ceph: fix uninline data function (Fate#318586).
- ceph: flush cap release queue when trimming session caps (Fate#318586).
- ceph: flush inline version (Fate#318586).
- ceph: forbid mandatory file lock (Fate#318586).
- ceph: fscache: Update object store limit after file writing (Fate#318586).
- ceph: fscache: Wait for completion of object initialization (Fate#318586).
- ceph: fscache: add an interface to synchronize object store limit (Fate#318586).
- ceph: get inode size for each append write (Fate#318586).
- ceph: handle -ESTALE reply (Fate#318586).
- ceph: handle SESSION_FORCE_RO message (Fate#318586).
- ceph: handle cap export race in try_flush_caps() (Fate#318586).
- ceph: handle cap import atomically (Fate#318586).
- ceph: handle frag mismatch between readdir request and reply (Fate#318586).
- ceph: handle race between cap reconnect and cap release (Fate#318586).
- ceph: handle session flush message (Fate#318586).
- ceph: hold on to exclusive caps on complete directories (Fate#318586).
- ceph: implement readv/preadv for sync operation (Fate#318586).
- ceph: improve readahead for file holes (Fate#318586).
- ceph: improve reference tracking for snaprealm (Fate#318586).
- ceph: include time stamp in every MDS request (Fate#318586).
- ceph: include time stamp in replayed MDS requests (Fate#318586).
- ceph: initial CEPH_FEATURE_FS_FILE_LAYOUT_V2 support (Fate#318586).
- ceph: initialize inode before instantiating dentry (Fate#318586).
- ceph: introduce a new inode flag indicating if cached dentries are ordered (Fate#318586).
- ceph: introduce ceph_fill_fragtree() (Fate#318586).
- ceph: introduce global empty snap context (Fate#318586).
- ceph: invalidate dirty pages after forced umount (Fate#318586).
- ceph: keep i_snap_realm while there are writers (Fate#318586).
- ceph: kstrdup() memory handling (Fate#318586).
- ceph: let MDS adjust readdir 'frag' (Fate#318586).
- ceph: make ceph_forget_all_cached_acls() static inline (Fate#318586).
- ceph: make fsync() wait unsafe requests that created/modified inode (Fate#318586).
- ceph: make sure syncfs flushes all cap snaps (Fate#318586).
- ceph: make sure write caps are registered with auth MDS (Fate#318586).
- ceph: match wait_for_completion_timeout return type (Fate#318586).
- ceph: message versioning fixes (Fate#318586).
- ceph: move ceph_find_inode() outside the s_mutex (Fate#318586).
- ceph: move spinlocking into ceph_encode_locks_to_buffer and ceph_count_locks (Fate#318586).
- ceph: no need to get parent inode in ceph_open (Fate#318586).
- ceph: parse inline data in MClientReply and MClientCaps (Fate#318586).
- ceph: pre-allocate ceph_cap struct for ceph_add_cap() (Fate#318586).
- ceph: pre-allocate data structure that tracks caps flushing (Fate#318586).
- ceph: preallocate buffer for readdir reply (Fate#318586).
- ceph: print inode number for LOOKUPINO request (Fate#318586).
- ceph: properly apply umask when ACL is enabled (Fate#318586).
- ceph: properly handle XATTR_CREATE and XATTR_REPLACE (Fate#318586).
- ceph: properly mark empty directory as complete (Fate#318586).
- ceph: properly release page upon error (Fate#318586).
- ceph: properly zero data pages for file holes (Fate#318586).
- ceph: provide seperate {inode,file}_operations for snapdir (Fate#318586).
- ceph: queue cap release in __ceph_remove_cap() (Fate#318586).
- ceph: queue vmtruncate if necessary when handing cap grant/revoke (Fate#318586).
- ceph: ratelimit warn messages for MDS closes session (Fate#318586).
- ceph: re-send AIO write request when getting -EOLDSNAP error (Fate#318586).
- ceph: re-send flushing caps (which are revoked) in reconnect stage (Fate#318586).
- ceph: re-send requests when MDS enters reconnecting stage (Fate#318586).
- ceph: refactor readpage_nounlock() to make the logic clearer (Fate#318586).
- ceph: remember subtree root dirfrag's auth MDS (Fate#318586).
- ceph: remove exported caps when handling cap import message (Fate#318586).
- ceph: remove outdated frag information (Fate#318586).
- ceph: remove redundant code for max file size verification (Fate#318586).
- ceph: remove redundant declaration (Fate#318586).
- ceph: remove redundant memset(0) (Fate#318586).
- ceph: remove redundant test of head->safe and silence static analysis warnings (Fate#318586).
- ceph: remove the useless judgement (Fate#318586).
- ceph: remove unused functions in ceph_frag.h (Fate#318586).
- ceph: remove unused stringification macros (Fate#318586).
- ceph: remove useless ACL check (Fate#318586).
- ceph: remove xattr when null value is given to setxattr() (Fate#318586).
- ceph: rename snapshot support (Fate#318586).
- ceph: replace comma with a semicolon (Fate#318586).
- ceph: request xattrs if xattr_version is zero (Fate#318586).
- ceph: reserve caps for file layout/lock MDS requests (Fate#318586).
- ceph: reset r_resend_mds after receiving -ESTALE (Fate#318586).
- ceph: return error for traceless reply race (Fate#318586).
- ceph: rework dcache readdir (Fate#318586).
- ceph: send TID of the oldest pending caps flush to MDS (Fate#318586).
- ceph: send client metadata to MDS (Fate#318586).
- ceph: set caps count after composing cap reconnect message (Fate#318586).
- ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference (Fate#318586).
- ceph: set mds_wanted when MDS reply changes a cap to auth cap (Fate#318586).
- ceph: show nocephx_require_signatures and notcp_nodelay options (Fate#318586).
- ceph: show non-default options only (Fate#318586).
- ceph: simplify ceph_fh_to_dentry() (Fate#318586).
- ceph: simplify two mount_timeout sites (Fate#318586).
- ceph: skip invalid dentry during dcache readdir (Fate#318586).
- ceph: support inline data feature (Fate#318586).
- ceph: switch some GFP_NOFS memory allocation to GFP_KERNEL (Fate#318586).
- ceph: sync read inline data (Fate#318586).
- ceph: take snap_rwsem when accessing snap realm's cached_context (Fate#318586).
- ceph: track pending caps flushing accurately (Fate#318586).
- ceph: track pending caps flushing globally (Fate#318586).
- ceph: trim unused inodes before reconnecting to recovering MDS (Fate#318586).
- ceph: trivial comment fix (Fate#318586).
- ceph: update i_max_size even if inode version does not change (Fate#318586).
- ceph: update inode fields according to issued caps (Fate#318586).
- ceph: use %zu for len in ceph_fill_inline_data() (Fate#318586).
- ceph: use ceph_seq_cmp() to compare migrate_seq (Fate#318586).
- ceph: use empty snap context for uninline_data and get_pool_perm (Fate#318586).
- ceph: use fl->fl_file as owner identifier of flock and posix lock (Fate#318586).
- ceph: use fl->fl_type to decide flock operation (Fate#318586).
- ceph: use fpos_cmp() to compare dentry positions (Fate#318586).
- ceph: use getattr request to fetch inline data (Fate#318586).
- ceph: use i_size_{read,write} to get/set i_size (Fate#318586).
- ceph: use msecs_to_jiffies for time conversion (Fate#318586).
- ceph: use pagelist to present MDS request data (Fate#318586).
- ceph: use truncate_pagecache() instead of truncate_inode_pages() (Fate#318586).
- ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure (Fate#318586).
- client: include kernel version in client metadata (Fate#318586).
- cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646).
- crush: add chooseleaf_stable tunable (Fate#318586).
- crush: decode and initialize chooseleaf_stable (Fate#318586).
- crush: ensure bucket id is valid before indexing buckets array (Fate#318586).
- crush: ensure take bucket value is valid (Fate#318586).
- crush: fix crash from invalid 'take' argument (Fate#318586).
- crush: sync up with userspace (Fate#318586).
- crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode (bsc#958390).
- crypto: testmgr - mark authenticated ctr(aes) also as FIPS able (bsc#958390).
- dasd: fix hanging system after LCU changes (bnc#968497, LTC#136671).
- drm/core: Preserve the framebuffer after removing it (bsc#968812).
- drm/i915: do not warn if backlight unexpectedly enabled (boo#972068).
- drm/i915: set backlight duty cycle after backlight enable for gen4 (boo#972780).
- drm/radeon: fix-up some float to fixed conversion thinkos (bsc#968813).
- drm/radeon: use HDP_MEM_COHERENCY_FLUSH_CNTL for sdma as well (bsc#968813).
- ext4: Fix softlockups in SEEK_HOLE and SEEK_DATA implementations (bsc#942262).
- ext4: fix races between page faults and hole punching (bsc#972174).
- ext4: fix races of writeback with punch hole and zero range (bsc#972174).
- fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687).
- fs, seqfile: always allow oom killer (bnc#968687).
- fs/ceph/debugfs.c: replace seq_printf by seq_puts (Fate#318586).
- fs/ceph: replace pr_warning by pr_warn (Fate#318586).
- fs/pipe.c: skip file_update_time on frozen fs (bsc#975488).
- ibmvscsi: Remove unsupported host config MAD (bsc#973556).
- iommu/vt-d: Improve fault handler error messages (bsc#975772).
- iommu/vt-d: Ratelimit fault handler (bsc#975772).
- ipv6: make fib6 serial number per namespace (bsc#965319).
- ipv6: per netns FIB garbage collection (bsc#965319).
- ipv6: per netns fib6 walkers (bsc#965319).
- ipv6: replace global gc_args with local variable (bsc#965319).
- kABI: kgr: fix subtle race with kgr_module_init(), going notifier and kgr_modify_kernel().
- kABI: protect function file_open_root.
- kABI: protect include in evm.
- kABI: protect struct user_struct.
- kabi fix for patches.fixes/reduce-m_start-cost (bsc#966573).
- kabi/severities: Allow changes in zpci_* symbols (bsc#974692)
- kabi/severities: Whitelist libceph and rbd (bsc#964727).
- kabi/severities: Whitelist libceph and rbd (fate#318586).
- kabi: kgr, add reserved fields (fate#313296).
- kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846).
- kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).
- kgr: add TAINT_KGRAFT (fate#313296).
- kgr: add kgraft annotation to hwrng kthread (fate#313296).
- kgr: add kgraft annotations to kthreads' wait_event_freezable() API calls (fate#313296).
- kgr: add objname to kgr_patch_fun struct (fate#313296).
- kgr: add sympos and objname to error and debug messages (fate#313296).
- kgr: add sympos as disambiguator field to kgr_patch_fun structure (fate#313296).
- kgr: add sympos to sysfs (fate#313296).
- kgr: call kgr_init_ftrace_ops() only for loaded objects (fate#313296).
- kgr: change to kallsyms_on_each_symbol iterator (fate#313296).
- kgr: define pr_fmt and modify all pr_* messages (fate#313296).
- kgr: do not print error for !abort_if_missing symbols (bnc#943989).
- kgr: do not return and print an error only if the object is not loaded (fate#313296).
- kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).
- kgr: fix an asymmetric dealing with delayed module loading (fate#313296).
- kgr: fix redirection on s390x arch (bsc#903279).
- kgr: fix reversion of a patch already reverted by a replace_all patch (fate#313296).
- kgr: fix subtle race with kgr_module_init(), going notifier and kgr_modify_kernel() (fate#313296).
- kgr: handle btrfs kthreads (fate#313296 bnc#889207).
- kgr: kmemleak, really mark the kthread safe after an interrupt (fate#313296).
- kgr: log when modifying kernel (fate#317827).
- kgr: mark kernel unsupported upon patch revert (fate#313296).
- kgr: mark some more missed kthreads (bnc#962336).
- kgr: remove abort_if_missing flag (fate#313296).
- kgr: usb/storage: do not emit thread awakened (bnc#899908).
- kgraft/gfs2: Do not block livepatching in the log daemon for too long (fate#313296).
- kgraft/xen: Do not block livepatching in the XEN blkif kthread (fate#313296).
- libceph: Avoid holding the zero page on ceph_msgr_slab_init errors (Fate#318586).
- libceph: Fix ceph_tcp_sendpage()'s more boolean usage (Fate#318586).
- libceph: MOSDOpReply v7 encoding (Fate#318586).
- libceph: Remove spurious kunmap() of the zero page (Fate#318586).
- libceph: a couple tweaks for wait loops (Fate#318586).
- libceph: add nocephx_sign_messages option (Fate#318586).
- libceph: advertise support for TUNABLES5 (Fate#318586).
- libceph: advertise support for keepalive2 (Fate#318586).
- libceph: allow setting osd_req_op's flags (Fate#318586).
- libceph: check data_len in ->alloc_msg() (Fate#318586).
- libceph: clear messenger auth_retry flag if we fault (Fate#318586).
- libceph: clear msg->con in ceph_msg_release() only (Fate#318586).
- libceph: do not access invalid memory in keepalive2 path (Fate#318586).
- libceph: do not spam dmesg with stray reply warnings (Fate#318586).
- libceph: drop authorizer check from cephx msg signing routines (Fate#318586).
- libceph: evaluate osd_req_op_data() arguments only once (Fate#318586).
- libceph: fix authorizer invalidation, take 2 (Fate#318586).
- libceph: fix ceph_msg_revoke() (Fate#318586).
- libceph: fix wrong name "Ceph filesystem for Linux" (Fate#318586).
- libceph: handle writefull for OSD op extent init (bsc#980706).
- libceph: introduce ceph_x_authorizer_cleanup() (Fate#318586).
- libceph: invalidate AUTH in addition to a service ticket (Fate#318586).
- libceph: kill off ceph_x_ticket_handler::validity (Fate#318586).
- libceph: move ceph_file_layout helpers to ceph_fs.h (Fate#318586).
- libceph: msg signing callouts do not need con argument (Fate#318586).
- libceph: nuke time_sub() (Fate#318586).
- libceph: properly release STAT request's raw_data_in (Fate#318586).
- libceph: remove con argument in handle_reply() (Fate#318586).
- libceph: remove outdated comment (Fate#318586).
- libceph: remove the unused macro AES_KEY_SIZE (Fate#318586).
- libceph: rename con_work() to ceph_con_workfn() (Fate#318586).
- libceph: set 'exists' flag for newly up osd (Fate#318586).
- libceph: stop duplicating client fields in messenger (Fate#318586).
- libceph: store timeouts in jiffies, verify user input (Fate#318586).
- libceph: treat sockaddr_storage with uninitialized family as blank (Fate#318586).
- libceph: use keepalive2 to verify the mon session is alive (Fate#318586).
- libceph: use list_for_each_entry_safe (Fate#318586).
- libceph: use list_next_entry instead of list_entry_next (Fate#318586).
- libceph: use local variable cursor instead of msg->cursor (Fate#318586).
- libceph: use the right footer size when skipping a message (Fate#318586).
- libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846).
- mds: check cap ID when handling cap export message (Fate#318586).
- mmc: Allow forward compatibility for eMMC (bnc#966054).
- mmc: sdhci: Allow for irq being shared (bnc#977582).
- mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (bsc#967640).
- nfs-rdma: Fix for FMR leaks (bsc#908151).
- nfs: fix high load average due to callback thread sleeping (bsc#971170).
- nvme: fix max_segments integer truncation (bsc#976471).
- ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947).
- ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947).
- ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947).
- pipe: limit the per-user amount of pages allocated in pipes (bsc#970948).
- powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel (bsc@976821).
- powerpc/book3s64: Remove __end_handlers marker (bsc#976821).
- rbd: bump queue_max_segments (Fate#318586).
- rbd: delete an unnecessary check before rbd_dev_destroy() (Fate#318586).
- rbd: do not free rbd_dev outside of the release callback (Fate#318586).
- rbd: do not put snap_context twice in rbd_queue_workfn() (Fate#318586).
- rbd: drop null test before destroy functions (Fate#318586).
- rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394).
- rbd: plug rbd_dev->header.object_prefix memory leak (Fate#318586).
- rbd: rbd_wq comment is obsolete (Fate#318586).
- rbd: remove duplicate calls to rbd_dev_mapping_clear() (Fate#318586).
- rbd: report unsupported features to syslog (bsc#979169).
- rbd: return -ENOMEM instead of pool id if rbd_dev_create() fails (Fate#318586).
- rbd: set device_type::release instead of device::release (Fate#318586).
- rbd: set max_sectors explicitly (Fate#318586).
- rbd: store rbd_options in rbd_device (Fate#318586).
- rbd: terminate rbd_opts_tokens with Opt_err (Fate#318586).
- rbd: timeout watch teardown on unmap with mount_timeout (Fate#318586).
- rbd: use GFP_NOIO consistently for request allocations (bsc#971159).
- rbd: use writefull op for object size writes (Fate#318586).
- reduce m_start() cost.. (bsc#966573).
- rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c.
- s390/compat: correct restore of high gprs on signal return (bnc#968497, LTC#137571).
- s390/pageattr: do a single TLB flush for change_page_attr (bsc#940413).
- s390/pci: add extra padding to function measurement block (bnc#974692, LTC#139445).
- s390/pci: enforce fmb page boundary rule (bnc#974692, LTC#139445).
- s390/pci: extract software counters from fmb (bnc#974692, LTC#139445).
- s390/pci: remove pdev pointer from arch data (bnc#974692, LTC#139444).
- s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#974692, LTC#139401).
- s390/pci_dma: handle dma table failures (bnc#974692, LTC#139442).
- s390/pci_dma: improve debugging of errors during dma map (bnc#974692, LTC#139442).
- s390/pci_dma: unify label of invalid translation table entries (bnc#974692, LTC#139442).
- s390/zcrypt: HWRNG registration cause kernel panic on CEX hotplug (bnc#968497, LTC#138409).
- scsi-bnx2fc-handle_scsi_retry_delay
- scsi-bnx2fc-soft_lockup_when_rmmod
- scsi: Add intermediate STARGET_REMOVE state to scsi_target_state (bsc#970609).
- scsi: Avoid crashing if device uses DIX but adapter does not support it (bsc#969016).
- sd: get disk reference in sd_check_events() (bnc#897662).
- supported.conf:
- supported.conf: Add bridge.ko for OpenStack (bsc#971600)
- supported.conf: add pci-hyperv
- supported.conf:Add drivers/infiniband/hw/ocrdma/ocrdma.ko to supported.conf (bsc#964461)
- svcrdma: Fence LOCAL_INV work requests (bsc#908151).
- svcrdma: advertise the correct max payload (bsc#908151).
- svcrdma: fix offset calculation for non-page aligned sge entries (bsc#908151).
- svcrdma: fix printk when memory allocation fails (bsc#908151).
- svcrdma: refactor marshalling logic (bsc#908151).
- svcrdma: send_write() must not overflow the device's max sge (bsc#908151).
- target/rbd: do not put snap_context twice (bsc#981143).
- target/rbd: remove caw_mutex usage (bsc#981143).
- target: Drop incorrect ABORT_TASK put for completed commands (bsc#962872).
- target: Fix LUN_RESET active I/O handling for ACK_KREF (bsc#962872).
- target: Fix LUN_RESET active TMR descriptor handling (bsc#962872).
- target: Fix TAS handling for multi-session se_node_acls (bsc#962872).
- target: Fix race with SCF_SEND_DELAYED_TAS handling (bsc#962872).
- target: Fix remote-port TMR ABORT + se_cmd fabric stop (bsc#962872).
- tcp: convert cached rtt from usec to jiffies when feeding initial rto (bsc#937086).
- vgaarb: Add more context to error messages (bsc#976868).
- xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604).
- xen: Linux 3.12.58.
- xprtrdma: Allocate missing pagelist (bsc#908151).
- xprtrdma: Avoid deadlock when credit window is reset (bsc#908151).
- xprtrdma: Disconnect on registration failure (bsc#908151).
- xprtrdma: Ensure ia->ri_id->qp is not NULL when reconnecting (bsc#908151).
- xprtrdma: Fall back to MTHCAFMR when FRMR is not supported (bsc#908151).
- xprtrdma: Limit work done by completion handler (bsc#908151).
- xprtrdma: Make rpcrdma_ep_destroy() return void (bsc#908151).
- xprtrdma: RPC/RDMA must invoke xprt_wake_pending_tasks() in process context (bsc#908151).
- xprtrdma: Reduce the number of hardway buffer allocations (bsc#908151).
- xprtrdma: Remove BOUNCEBUFFERS memory registration mode (bsc#908151).
- xprtrdma: Remove BUG_ON() call sites (bsc#908151).
- xprtrdma: Remove MEMWINDOWS registration modes (bsc#908151).
- xprtrdma: Remove REGISTER memory registration mode (bsc#908151).
- xprtrdma: Remove Tavor MTU setting (bsc#908151).
- xprtrdma: Reset connection timeout after successful reconnect (bsc#908151).
- xprtrdma: Simplify rpcrdma_deregister_external() synopsis (bsc#908151).
- xprtrdma: Split the completion queue (bsc#908151).
- xprtrdma: Use macros for reconnection timeout constants (bsc#908151).
- xprtrdma: mind the device's max fast register page list depth (bsc#908151).
- xprtrdma: mount reports "Invalid mount option" if memreg mode not supported (bsc#908151).
- xprtrmda: Reduce calls to ib_poll_cq() in completion handlers (bsc#908151).
- xprtrmda: Reduce lock contention in completion handlers (bsc#908151).
(Important)SUSE bug 889207SUSE bug 897662SUSE bug 899908SUSE bug 903279SUSE bug 908151SUSE bug 928547SUSE bug 931448SUSE bug 937086SUSE bug 940413SUSE bug 942262SUSE bug 943989SUSE bug 944309SUSE bug 945345SUSE bug 951844SUSE bug 953233SUSE bug 957805SUSE bug 957986SUSE bug 958390SUSE bug 958463SUSE bug 959514SUSE bug 960857SUSE bug 961512SUSE bug 962336SUSE bug 962846SUSE bug 962872SUSE bug 963572SUSE bug 964461SUSE bug 964727SUSE bug 965319SUSE bug 966054SUSE bug 966573SUSE bug 967640SUSE bug 968010SUSE bug 968497SUSE bug 968687SUSE bug 968812SUSE bug 968813SUSE bug 969016SUSE bug 970504SUSE bug 970604SUSE bug 970609SUSE bug 970892SUSE bug 970911SUSE bug 970948SUSE bug 970955SUSE bug 970956SUSE bug 970958SUSE bug 970970SUSE bug 971049SUSE bug 971124SUSE bug 971125SUSE bug 971126SUSE bug 971159SUSE bug 971170SUSE bug 971360SUSE bug 971600SUSE bug 971628SUSE bug 971770SUSE bug 971947SUSE bug 972003SUSE bug 972068SUSE bug 972124SUSE bug 972174SUSE bug 972780SUSE bug 972844SUSE bug 972891SUSE bug 972951SUSE bug 973378SUSE bug 973556SUSE bug 973570SUSE bug 973855SUSE bug 974406SUSE bug 974418SUSE bug 974646SUSE bug 974692SUSE bug 975371SUSE bug 975488SUSE bug 975772SUSE bug 975945SUSE bug 976471SUSE bug 976739SUSE bug 976821SUSE bug 976868SUSE bug 977582SUSE bug 977685SUSE bug 978401SUSE bug 978445SUSE bug 978527SUSE bug 978822SUSE bug 979169SUSE bug 979213SUSE bug 979347SUSE bug 979879SUSE bug 980706SUSE bug 981143SUSE bug 983143SUSE bug 983394SUSE bug 986362SUSE bug 986365CVE-2014-9717CVE-2015-8539CVE-2015-8816CVE-2016-1583CVE-2016-2143CVE-2016-2184CVE-2016-2185CVE-2016-2186CVE-2016-2188CVE-2016-2782CVE-2016-2847CVE-2016-3134CVE-2016-3136CVE-2016-3137CVE-2016-3138CVE-2016-3140CVE-2016-3156CVE-2016-3689CVE-2016-3951CVE-2016-4482CVE-2016-4486CVE-2016-4569CVE-2016-4997haproxysuse-sle12-cloud-compute-releaseopenstack-cinderopenstack-cinder-volumepython-cinderopenstack-neutronopenstack-neutron-dhcp-agentopenstack-neutron-ha-toolopenstack-neutron-l3-agentopenstack-neutron-lbaas-agentopenstack-neutron-linuxbridge-agentopenstack-neutron-metadata-agentopenstack-neutron-metering-agentopenstack-neutron-openvswitch-agentopenstack-neutron-vpn-agentpython-neutronpython-Beakerpython-keystoneclientpython-keystoneclient-docpython-pycryptopython-pymongopython-requestsruby2.1-rubygem-chefrubygem-chefImageMagicklibMagick++-6_Q16-3libMagickCore-6_Q16-1libMagickCore-6_Q16-1-32bitlibMagickWand-6_Q16-1sled-releaseMozillaFirefoxMozillaFirefox-translationsaaa_baseaaa_base-extrasaccountsserviceaccountsservice-langlibaccountsservice0typelib-1_0-AccountsService-1_0alsalibasound2libasound2-32bitargyllcmsavahiavahi-langlibavahi-client3libavahi-client3-32bitlibavahi-common3libavahi-common3-32bitlibavahi-core7libdns_sdlibdns_sd-32bitbashbash-docbash-langlibreadline6libreadline6-32bitreadline-docbind-libsbind-libs-32bitbind-utilsbogofilterbzip2libbz2-1libbz2-1-32bitcifs-utilsclamavcolordcolord-gtk-langcolord-langlibcolord-gtk1libcolord2libcolord2-32bitlibcolorhug2coolkeycoreutilscoreutils-langcpiocpio-langtartar-langcpp48gcc48gcc48-32bitgcc48-c++gcc48-gijgcc48-gij-32bitgcc48-infolibasan0libasan0-32bitlibatomic1libatomic1-32bitlibffi4libffi4-32bitlibgcc_s1libgcc_s1-32bitlibgcj48libgcj48-32bitlibgcj48-jarlibgcj_bc1libgfortran3libgomp1libgomp1-32bitlibitm1libitm1-32bitlibquadmath0libstdc++48-devellibstdc++48-devel-32bitlibstdc++6libstdc++6-32bitlibtsan0croncroniecupscups-clientcups-libscups-libs-32bitcups-filterscups-filters-cups-browsedcups-filters-foomatic-ripcups-filters-ghostscriptcups-pk-helpercups-pk-helper-langcurllibcurl4libcurl4-32bitcvscyrus-saslcyrus-sasl-32bitcyrus-sasl-crammd5cyrus-sasl-crammd5-32bitcyrus-sasl-digestmd5cyrus-sasl-digestmd5-32bitcyrus-sasl-gssapicyrus-sasl-gssapi-32bitcyrus-sasl-plaincyrus-sasl-plain-32bitcyrus-sasl-saslauthdlibsasl2-3libsasl2-3-32bitdbus-1dbus-1-x11libdbus-1-3libdbus-1-3-32bitdbus-1-glibdbus-1-glib-32bitdhcpdhcp-clientdiadia-langdracutecryptfs-utilsecryptfs-utils-32bitelfutilslibasm1libdw1libdw1-32bitlibebl1libebl1-32bitlibelf1libelf1-32bitemacsemacs-infoemacs-x11etagsempathyempathy-langtelepathy-mission-control-plugin-goaevinceevince-langlibevdocument3-4libevview3-3typelib-1_0-EvinceDocument-3_0typelib-1_0-EvinceView-3_0expatlibexpat1libexpat1-32bitfacterfetchmailfilefile-magiclibmagic1libmagic1-32bitfinchlibpurplelibpurple-langlibpurple-meanwhilelibpurple-tclpidginflash-playerflash-player-gnomefreerdplibfreerdp-1_0libfreerdp-1_0-pluginsft2demosfuselibfuse2g3utilsmgettygdgd-32bitgdk-pixbuf-langgdk-pixbuf-query-loadersgdk-pixbuf-query-loaders-32bitlibgdk_pixbuf-2_0-0libgdk_pixbuf-2_0-0-32bittypelib-1_0-GdkPixbuf-2_0gdk-pixbuf-loader-rsvglibrsvg-2-2librsvg-2-2-32bitrsvg-viewgdmgdm-branding-upstreamgdm-langgdmflexiserverlibgdm1typelib-1_0-Gdm-1_0gimpgimp-langgimp-plugins-pythonlibgimp-2_0-0libgimpui-2_0-0glib2-langglib2-toolslibgio-2_0-0libgio-2_0-0-32bitlibgio-famlibglib-2_0-0libglib-2_0-0-32bitlibgmodule-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgthread-2_0-0libgthread-2_0-0-32bitglibcglibc-32bitglibc-develglibc-devel-32bitglibc-i18ndataglibc-localeglibc-locale-32bitnscdgnome-keyringgnome-keyring-32bitgnome-keyring-langgnome-keyring-pamgnome-keyring-pam-32bitlibgck-modules-gnome-keyringgnome-online-accountsgnome-online-accounts-langlibgoa-1_0-0libgoa-backend-1_0-1typelib-1_0-Goa-1_0gnome-shellgnome-shell-browser-plugingnome-shell-calendargnome-shell-langgnutlslibgnutls28libgnutls28-32bitgpg2gpg2-langgpgmelibgpgme11groffgvimvimvim-datagziphardlinkhpliphplip-hpijshplip-saneibus-chewingibus-pinyiniputilsjava-1_7_0-openjdkjava-1_7_0-openjdk-headlessjava-1_7_0-openjdk-pluginkbdkernel-defaultkernel-default-develkernel-default-extrakernel-develkernel-macroskernel-sourcekernel-symskernel-xenkernel-xen-develkrb5krb5-32bitkrb5-clientkrb5-appl-clientslcmsliblcms1liblcms1-32bitlibHX28libHX28-32bitlibIlmImf-Imf_2_1-21libIlmImf-Imf_2_1-21-32bitopenexrlibX11-6libX11-6-32bitlibX11-datalibX11-xcb1libX11-xcb1-32bitlibXRes1libXRes1-32bitlibXcursor1libXcursor1-32bitlibXext6libXext6-32bitlibXfixes3libXfixes3-32bitlibXfont1libXi6libXi6-32bitlibXinerama1libXinerama1-32bitlibXp6libXp6-32bitlibXrandr2libXrandr2-32bitlibXrender1libXrender1-32bitlibXt6libXt6-32bitlibXtst6libXtst6-32bitlibXv1libXv1-32bitlibXvMC1libXxf86dga1libXxf86vm1libXxf86vm1-32bitlibaugeas0libblkid1libblkid1-32bitlibmount1libmount1-32bitlibsmartcols1libuuid-devellibuuid1libuuid1-32bitpython-libmountutil-linuxutil-linux-langutil-linux-systemduuiddlibcgroup1libdcerpc-binding0libdcerpc-binding0-32bitlibdcerpc0libdcerpc0-32bitlibgensec0libgensec0-32bitlibndr-krb5pac0libndr-krb5pac0-32bitlibndr-nbt0libndr-nbt0-32bitlibndr-standard0libndr-standard0-32bitlibndr0libndr0-32bitlibnetapi0libnetapi0-32bitlibpdb0libpdb0-32bitlibregistry0libsamba-credentials0libsamba-credentials0-32bitlibsamba-hostconfig0libsamba-hostconfig0-32bitlibsamba-util0libsamba-util0-32bitlibsamdb0libsamdb0-32bitlibsmbclient-raw0libsmbclient-raw0-32bitlibsmbclient0libsmbclient0-32bitlibsmbconf0libsmbconf0-32bitlibsmbldap0libsmbldap0-32bitlibtevent-util0libtevent-util0-32bitlibwbclient0libwbclient0-32bitsambasamba-32bitsamba-clientsamba-client-32bitsamba-docsamba-libssamba-libs-32bitsamba-winbindsamba-winbind-32bitlibdmx1libecpg6libpq5libpq5-32bitpostgresql93libevent-2_0-5libexif12libexif12-32bitlibfbembed2_5libfreebl3libfreebl3-32bitlibsoftokn3libsoftokn3-32bitmozilla-nssmozilla-nss-32bitmozilla-nss-certsmozilla-nss-certs-32bitmozilla-nss-toolslibfreetype6libfreetype6-32bitlibgadu3libgc1libgcrypt20libgcrypt20-32bitlibgnomesulibgnomesu-langlibgnomesu0libgssglue1libgssglue1-32bitlibgudev-1_0-0libgudev-1_0-0-32bitlibudev1libudev1-32bitsystemdsystemd-32bitsystemd-bash-completionsystemd-sysvinitudevlibid3tag0libipa_hbac0libsss_idmap0python-sssd-configsssdsssd-32bitsssd-adsssd-ipasssd-krb5sssd-krb5-commonsssd-ldapsssd-proxysssd-toolslibjavascriptcoregtk-1_0-0libjavascriptcoregtk-1_0-0-32bitlibjavascriptcoregtk-3_0-0libwebkit2gtk-3_0-25libwebkitgtk-1_0-0libwebkitgtk-1_0-0-32bitlibwebkitgtk-3_0-0libwebkitgtk2-langlibwebkitgtk3-langtypelib-1_0-JavaScriptCore-3_0typelib-1_0-WebKit-3_0libjbig2libjbig2-32bitlibjson-c2libjson-c2-32bitlibltdl7libltdl7-32bitliblua5_2lualiblzo2-2liblzo2-2-32bitlibmikmod3libmikmod3-32bitlibmms0libmodplug1libmspack0libmusicbrainz4libmysqlclient18libmysqlclient18-32bitlibmysqlclient_r18libmysqlclient_r18-32bitmariadbmariadb-clientmariadb-errormessageslibneon27libopenssl0_9_8libopenssl0_9_8-32bitlibopenssl1_0_0libopenssl1_0_0-32bitopenssllibpango-1_0-0libpango-1_0-0-32bitpango-modulespango-modules-32bittypelib-1_0-Pango-1_0libpcsclite1libpcsclite1-32bitpcsc-litelibpng12-0libpng12-0-32bitlibpng16-16libpng16-16-32bitlibpolkit0libpolkit0-32bitpolkittypelib-1_0-Polkit-1_0libpoppler-glib8libpoppler-qt4-4libpoppler44poppler-toolslibproxy1libproxy1-32bitlibproxy1-config-gnome3libproxy1-config-gnome3-32bitlibproxy1-networkmanagerlibproxy1-networkmanager-32bitlibpulse-mainloop-glib0libpulse-mainloop-glib0-32bitlibpulse0libpulse0-32bitpulseaudiopulseaudio-esound-compatpulseaudio-gdm-hookspulseaudio-langpulseaudio-module-bluetoothpulseaudio-module-gconfpulseaudio-module-jackpulseaudio-module-lircpulseaudio-module-x11pulseaudio-module-zeroconfpulseaudio-utilslibpython2_7-1_0libpython2_7-1_0-32bitpython-basepython-develpython-xmllibpython3_4m1_0python3-baselibqt4libqt4-32bitlibqt4-qt3supportlibqt4-qt3support-32bitlibqt4-sqllibqt4-sql-32bitlibqt4-sql-mysqllibqt4-sql-mysql-32bitlibqt4-sql-postgresqllibqt4-sql-postgresql-32bitlibqt4-sql-sqlitelibqt4-sql-sqlite-32bitlibqt4-sql-unixODBClibqt4-sql-unixODBC-32bitlibqt4-x11libqt4-x11-32bitlibraptor2-0raptorlibraw9libreofficelibreoffice-baselibreoffice-base-drivers-mysqllibreoffice-base-drivers-postgresqllibreoffice-calclibreoffice-calc-extensionslibreoffice-drawlibreoffice-filters-optionallibreoffice-gnomelibreoffice-icon-theme-tangolibreoffice-impresslibreoffice-l10n-aflibreoffice-l10n-arlibreoffice-l10n-calibreoffice-l10n-cslibreoffice-l10n-dalibreoffice-l10n-delibreoffice-l10n-enlibreoffice-l10n-eslibreoffice-l10n-filibreoffice-l10n-frlibreoffice-l10n-gulibreoffice-l10n-hilibreoffice-l10n-hulibreoffice-l10n-itlibreoffice-l10n-jalibreoffice-l10n-kolibreoffice-l10n-nblibreoffice-l10n-nllibreoffice-l10n-nnlibreoffice-l10n-pllibreoffice-l10n-pt-BRlibreoffice-l10n-pt-PTlibreoffice-l10n-rulibreoffice-l10n-sklibreoffice-l10n-svlibreoffice-l10n-xhlibreoffice-l10n-zh-Hanslibreoffice-l10n-zh-Hantlibreoffice-l10n-zulibreoffice-mailmergelibreoffice-mathlibreoffice-officebeanlibreoffice-pyunolibreoffice-writerlibreoffice-writer-extensionslibrpcsecgss3libsilc-1_1-2libsilcclient-1_1-3silc-toolkitlibsmilibsmi2libsndfile1libsndfile1-32bitlibsnmp30libsnmp30-32bitnet-snmpperl-SNMPsnmp-mibslibsoup-2_4-1libsoup-2_4-1-32bitlibsoup-langtypelib-1_0-Soup-2_4libspice-client-glib-2_0-8libspice-client-gtk-2_0-4libspice-client-gtk-3_0-4libspice-controller0typelib-1_0-SpiceClientGlib-2_0typelib-1_0-SpiceClientGtk-3_0libssh4libtag1libtag1-32bitlibtag_c0libtag_c0-32bittagliblibtasn1libtasn1-6libtasn1-6-32bitlibtiff5libtiff5-32bitlibudisks2-0udisks2udisks2-langlibvirtlibvirt-clientlibvirt-client-32bitlibvirt-daemonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-interfacelibvirt-daemon-driver-libxllibvirt-daemon-driver-lxclibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-lxclibvirt-daemon-qemulibvirt-daemon-xenlibvirt-doclibvorbis0libvorbis0-32bitlibvorbisenc2libvorbisenc2-32bitlibvorbisfile3libvorbisfile3-32bitlibvte9libxcb-dri2-0libxcb-dri2-0-32bitlibxcb-glx0libxcb-glx0-32bitlibxcb-randr0libxcb-render0libxcb-render0-32bitlibxcb-shape0libxcb-shm0libxcb-shm0-32bitlibxcb-sync1libxcb-xf86dri0libxcb-xfixes0libxcb-xfixes0-32bitlibxcb-xkb1libxcb-xkb1-32bitlibxcb-xv0libxcb1libxcb1-32bitlibxerces-c-3_1libxerces-c-3_1-32bitlibxml2-2libxml2-2-32bitlibxml2-toolslibyaml-0-2libzip2libzmq3logrotatem4mipv6dmozilla-nsprmozilla-nspr-32bitmuttntpntp-docopenscopenslpopenslp-32bitopensshopenssh-helperspampam-32bitpam-docpam-modulespam-modules-32bitpam_krb5pam_krb5-32bitpam_sshpam_ssh-32bitpatchpcsc-ccidperlperl-32bitperl-baseperl-docperl-Config-IniFilesperl-HTML-Parserperl-LWP-Protocol-httpsperl-Tkperl-YAML-LibYAMLpidgin-otrpppprocmailpuppetpythonpython-cursespython-tkpython3python-cupshelperssystem-config-printersystem-config-printer-commonsystem-config-printer-common-langsystem-config-printer-dbus-serviceudev-configure-printerpython-imagingpython-libxml2python-pyOpenSSLpython-pywbemqemuqemu-block-curlqemu-ipxeqemu-kvmqemu-seabiosqemu-sgabiosqemu-toolsqemu-vgabiosqemu-x86radvdrhythmboxrhythmbox-langrsyncrsyslogrtkitrubyshimsocatsquashfsstrongswanstrongswan-docstrongswan-ipsecstrongswan-libs0sudosysconfigsysconfig-netconfigsyslog-servicesysvinit-toolswhoistelepathy-gabbletelepathy-idletftptigervncxorg-x11-XvncunixODBCunixODBC-32bitvinovino-langvorbis-toolsvorbis-tools-langw3mwdiffwgetwiresharkxalan-j2xenxen-kmp-defaultxen-libsxen-libs-32bitxf86-video-intelxinetdxlockmorexorg-x11xorg-x11-essentialsxrdbxorg-x11-libsxorg-x11-serverxorg-x11-server-extrayast2yast2-corezooDirectFBlib++dfb-1_7-1libdirectfb-1_7-1libdirectfb-1_7-1-32bitautofsbinutilsbusyboxdnsmasqe2fsprogslibcom_err2libcom_err2-32bitlibext2fs2gnome-settings-daemongnome-settings-daemon-langgstreamer-0_10-plugins-badgstreamer-0_10-plugins-bad-langlibgstbasecamerabinsrc-0_10-23libgstbasecamerabinsrc-0_10-23-32bitlibgstbasevideo-0_10-23libgstbasevideo-0_10-23-32bitlibgstcodecparsers-0_10-23libgstphotography-0_10-23libgstphotography-0_10-23-32bitlibgstsignalprocessor-0_10-23libgstsignalprocessor-0_10-23-32bitlibgstvdp-0_10-23libgstvdp-0_10-23-32bithyper-viculibicu52_1libicu52_1-32bitlibicu52_1-datajava-1_8_0-openjdk-pluginjava-1_8_0-openjdkjava-1_8_0-openjdk-headlesslibFLAC8libFLAC8-32bitlibQt5Core5libQt5DBus5libQt5Gui5libQt5Widgets5libarchive13libsamba-passdb0libsamba-passdb0-32bitpostgresql94mozilla-nss-sysinitmozilla-nss-sysinit-32bitlibsss_sudolibjasper1libjasper1-32bitlibjpeg-turbolibjpeg62libjpeg62-32bitlibjpeg62-turbolibjpeg8libjpeg8-32bitlibturbojpeg0libksba8libmpfr4libpng15-15libruby2_1-2_1ruby2.1ruby2.1-stdliblibspice-server1libssh2-1libssh2-1-32bitlibvdpau1libvdpau1-32bitlibwmf-0_2-7mailxopenvpnp7zipperl-XML-LibXMLpigzrpcbindrpmrpm-32bitrpm-buildsblim-sfcbtcpdumpunzipwpa_supplicantxdg-utilsNetworkManagerNetworkManager-langlibnm-glib-vpn1libnm-glib4libnm-util2libnm0typelib-1_0-NM-1_0typelib-1_0-NMClient-1_0typelib-1_0-NetworkManager-1_0atlibQtWebKit4libQtWebKit4-32bitlibbonobolibbonobo-32bitlibbonobo-langlibkde4libkde4-32bitlibkdecore4libkdecore4-32bitlibksuseinstall1libksuseinstall1-32bitlibnetpbm11libnetpbm11-32bitnetpbmaugeasaugeas-lensescrackliblibcrack2libcrack2-32bitctagsdosfstoolseogeog-langevince-browser-pluginevince-plugin-djvudocumentevince-plugin-dvidocumentevince-plugin-pdfdocumentevince-plugin-psdocumentevince-plugin-tiffdocumentevince-plugin-xpsdocumentnautilus-evincefontconfigfontconfig-32bitlibfreerdp2ghostscriptghostscript-x11libgoa-1_0-0-32bitgrub2grub2-i386-pcgrub2-snapper-plugingrub2-systemd-sleep-plugingrub2-x86_64-efigrub2-x86_64-xengtk2-datagtk2-langgtk2-toolsgtk2-tools-32bitlibgtk-2_0-0libgtk-2_0-0-32bittypelib-1_0-Gtk-2_0imobiledevice-toolslibimobiledevice6kdumplhasaliblhasa0libFLAC++6libFLAC++6-32bitlibQt5Concurrent5libQt5Network5libQt5OpenGL5libQt5PrintSupport5libQt5Sql5libQt5Sql5-mysqllibQt5Sql5-postgresqllibQt5Sql5-sqlitelibQt5Sql5-unixODBClibQt5Test5libQt5Xml5libQt5WebKit5libQt5WebKit5-importslibQt5WebKitWidgets5libXvnc1libasan2libasan2-32bitlibmpx0libmpx0-32bitlibmpxwrappers0libmpxwrappers0-32bitlibfdisk1libdcerpc-atsvc0libsamba-errors0libsamba-errors0-32bitlibgif6libgif6-32bitlibgraphite2-3libgraphite2-3-32bitlibgypsy0libhogweed2libhogweed2-32bitlibnettle4libnettle4-32bitlibidn11libidn11-32bitlibjavascriptcoregtk-4_0-18libwebkit2gtk-4_0-37libwebkit2gtk3-langtypelib-1_0-JavaScriptCore-4_0typelib-1_0-WebKit2-4_0webkit2gtk-4_0-injected-bundleslibldap-2_4-2libldap-2_4-2-32bitopenldap2-clientlibldb1libldb1-32bitlibndp0libnewt0_52libopenssl-devellibotr5libpoppler60libproxy1-pacrunner-webkitlibreoffice-icon-theme-galaxylibreoffice-l10n-rolibreofficekitlibspice-client-glib-helperlibsqlite3-0libsqlite3-0-32bitsqlite3libsrtp1libsystemd0libsystemd0-32bitlibthai-datalibthai0libthai0-32bitlibusbmuxd4libxcb-dri3-0libxcb-dri3-0-32bitlibxcb-present0libxcb-present0-32bitlibxcb-sync1-32bitlibxcb-xinerama0python3-cursessupportutilsupdate-alternativesxfsprogsxscreensaverxscreensaver-datayast2-userssle-module-adv-systems-management-releasepuppet-serverdockersle-module-containers-releasepython-PyYAMLcups154cups154-clientcups154-filterscups154-libssle-module-legacy-releasejava-1_6_0-ibmjava-1_6_0-ibm-fontsjava-1_6_0-ibm-jdbcjava-1_6_0-ibm-pluginsyslog-ngsle-module-public-cloudcpp5gcc5gcc5-c++gcc5-fortrangcc5-infogcc5-localelibffi-devel-gcc5libstdc++6-devel-gcc5sle-module-toolchain-releasesles-releasealsa-docsantapache-commons-beanutilsapache-commons-beanutils-javadocapache-commons-daemonapache-commons-daemon-javadocapache-commons-httpclientapache2apache2-docapache2-example-pagesapache2-preforkapache2-utilsapache2-workerapache2-mod_jkapache2-mod_nssapache2-mod_perlautomakeavahi-utilsbindbind-chrootenvbind-docbzip2-docgcc48-localecvs-doccyrus-sasl-otpcyrus-sasl-otp-32bitcyrus-sasl-sqlauxpropcyrus-sasl-sqlauxprop-32bitdhcp-relaydhcp-serverdovecot22dovecot22-backend-mysqldovecot22-backend-pgsqldovecot22-backend-sqlitedracut-fipslibasm1-32bitemacs-elemacs-noxfetchmailconffreeradius-serverfreeradius-server-docfreeradius-server-libsfreeradius-server-utilsgit-coreglibc-htmlglibc-infoglibc-profileglibc-profile-32bitlibgnutls-openssl27groff-fullgxditviewguestfs-dataguestfs-toolsguestfsdlibguestfs0perl-Sys-Guestfsgvjakarta-commons-fileuploadjakarta-commons-fileupload-javadocjava-1_7_0-openjdk-demojava-1_7_0-openjdk-develkernel-default-basekernel-default-mankernel-xen-basekrb5-dockrb5-plugin-kdb-ldapkrb5-plugin-preauth-otpkrb5-plugin-preauth-pkinitkrb5-serverkrb5-appl-serverslibapr-util1libapr-util1-dbd-sqlite3libapr1libcgroup-toolspostgresql93-contribpostgresql93-docspostgresql93-serverlibfreebl3-hmaclibfreebl3-hmac-32bitlibsoftokn3-hmaclibsoftokn3-hmac-32bitlibgcrypt20-hmaclibgcrypt20-hmac-32bitlibtoollibtool-32bitliblua5_2-32bitmariadb-toolslibneon27-32bitlibopenssl1_0_0-hmaclibopenssl1_0_0-hmac-32bitopenssl-docpython-base-32bitqt4-x11-toolstifflibupsclient1nutnut-drivers-netlibvirt-lock-sanlocklibvorbis-docpython-vtevte2-langlibxml2-doclogwatchmailmanopenslp-serveropenssh-fipsopenvswitchopenvswitch-kmp-defaultopenvswitch-kmp-xenopenvswitch-switchopieopie-32bitperl-Cyrus-IMAPperl-Cyrus-SIEVE-managesieveppc64-diagpython-32bitpython-demopython-gdbmpython-idleqemu-guest-agentqemu-langqemu-ppcqemu-s390quaggarsyslog-diag-toolsrsyslog-docrsyslog-module-gssapirsyslog-module-gtlsrsyslog-module-mysqlrsyslog-module-pgsqlrsyslog-module-relprsyslog-module-snmprsyslog-module-udpspoofsquidsquidGuardsquidGuard-docstunnelsystemtapsystemtap-runtimesystemtap-servertomcattomcat-admin-webappstomcat-docs-webapptomcat-el-2_2-apitomcat-javadoctomcat-jsp-2_2-apitomcat-libtomcat-servlet-3_0-apitomcat-webappsxen-doc-htmlxen-toolsxen-tools-domUdavfs2freeradius-server-krb5freeradius-server-ldapfreeradius-server-mysqlfreeradius-server-perlfreeradius-server-postgresqlfreeradius-server-pythonfreeradius-server-sqlitepython-libguestfsipsec-toolsjava-1_7_1-ibmjava-1_7_1-ibm-alsajava-1_7_1-ibm-jdbcjava-1_7_1-ibm-pluginjava-1_8_0-ibmjava-1_8_0-ibm-alsajava-1_8_0-ibm-pluginjava-1_8_0-openjdk-demojava-1_8_0-openjdk-develpostgresql94-contribpostgresql94-docspostgresql94-serverlibhivex0perl-Win-Hivexlibicu-doclibjansson4libmpfr4-32bitopenldap2openldap2-back-metaopenvpn-auth-pam-pluginpowerpc-utilsqemu-block-rbdsmtsmt-supportstrongswan-hmactomcat-el-3_0-apitomcat-jsp-2_3-apitomcat-servlet-3_1-apivsftpdflexflex-32bitlibbonobo-docchronydstatgiflib-progsgrub2-arm64-efigrub2-powerpc-ieee1275grub2-s390x-emuvirt-p2vvirt-v2vlibidn-toolslibnghttp2-14libtcnative-1-0libvirt-nsslibvncclient0libvncserver0openvswitch-dpdkopenvswitch-dpdk-switchqemu-armqemu-block-sshres-signingkeysFastCGIperl-FastCGIsle-sdk-releaseImageMagick-devellibMagick++-develperl-PerlMagickMozillaFirefox-develaaa_base-malloccheckaccountsservice-develalsa-develant-jmfant-scriptsant-swingapache2-develaugeas-develavahi-compat-howl-develavahi-compat-mDNSResponder-devellibavahi-devellibhowl0bash-develreadline-develbind-develcheckbashismscifs-utils-develcoolkey-develctdb-develcups-develcyrus-sasl-develdbus-1-develdbus-1-devel-docdbus-1-glib-develdhcp-develdovecot22-develevince-develfile-develfinch-devellibpurple-develpidgin-develfirebird-devellibfbembed-develfreeradius-server-develfreerdp-develfreetype2-develfuse-develfuse-devel-staticlibulockmgr1gc-develgcc48-adagcc48-fortrangcc48-javagcc48-obj-c++gcc48-objcgcc48-objc-32bitlibada48libffi48-devellibgcj48-devellibgfortran3-32bitlibobjc4libobjc4-32bitlibquadmath0-32bitgd-develgdk-pixbuf-develgdm-develgimp-develgitgit-archgit-cvsgit-daemongit-emailgit-guigit-svngit-webgitkglib2-develglib2-devel-staticglibc-devel-staticgnome-online-accounts-develgnome-shell-develhplip-develicecreamlzo-develid3libkernel-docskernel-obs-buildkernel-zfcpdumpkrb5-devellib3ds-1-3libHX-devellibX11-devellibXcursor-devellibXext-devellibXfixes-devellibXfont-devellibXi-devellibXinerama-devellibXp-devellibXrandr-devellibXrender-devellibXres-devellibXt-devellibXtst-devellibXv-devellibXvMC-devellibXxf86dga-devellibXxf86vm-devellibapr-util1-devellibapr1-devellibasm-devellibdw-devellibebl-devellibelf-devellibblkid-devellibmount-devellibsmartcols-devellibbz2-devellibcgroup-devellibcolord-devellibcolord-gtk-develtypelib-1_0-ColorHug-1_0typelib-1_0-Colord-1_0typelib-1_0-ColordGtk-1_0libcurl-devellibdcerpc-atsvc-devellibdcerpc-devellibdcerpc-samr-devellibdcerpc-samr0libgensec-devellibndr-devellibndr-krb5pac-devellibndr-nbt-devellibndr-standard-devellibnetapi-devellibpdb-devellibregistry-devellibsamba-credentials-devellibsamba-hostconfig-devellibsamba-policy-devellibsamba-policy0libsamba-util-devellibsamdb-devellibsmbclient-devellibsmbclient-raw-devellibsmbconf-devellibsmbldap-devellibsmbsharemodes-devellibsmbsharemodes0libtevent-util-devellibwbclient-develsamba-core-develsamba-test-devellibdmx-devellibevent-devellibexif-devellibexpat-devellibgadu-devellibgcrypt-devellibgnomesu-devellibgnutls-devellibgnutls-openssl-devellibgnutlsxx-devellibgnutlsxx28libgpgme-devellibgssglue-devellibgudev-1_0-devellibudev-develsystemd-develtypelib-1_0-GUdev-1_0libguestfs-develocaml-libguestfs-devellibid3tag-devellibipa_hbac-devellibsss_idmap-devellibsss_nss_idmap-devellibsss_nss_idmap0libwebkitgtk-devellibwebkitgtk3-develtypelib-1_0-JavaScriptCore-1_0typelib-1_0-WebKit-1_0libjbig-devellibjson-c-develliblcms-devellibmikmod-devellibmms-devellibmodplug-devellibmspack-devellibmusicbrainz-devellibmysqlclient-devellibmysqld-devellibmysqld18libneon-devellibpacemaker-develpacemaker-ctslibpcp3pcppcp-import-iostat2pcppcp-import-mrtg2pcppcp-import-sar2pcppcp-import-sheet2pcpperl-PCP-LogImportperl-PCP-LogSummaryperl-PCP-MMVperl-PCP-PMDAlibpcscspy0pcsc-lite-devellibpng12-compat-devellibpng12-devellibpng16-compat-devellibpng16-devellibpoppler-devellibpoppler-glib-devellibpoppler-qt4-develtypelib-1_0-Poppler-0_18libproxy-devellibpulse-devellibqt4-devellibqt4-devel-doclibqt4-devel-doc-datalibqt4-linguistlibqt4-private-headers-devellibraptor-devellibraw-devellibraw-devel-staticlibrpcsecgss-devellibrsvg-develtypelib-1_0-Rsvg-2_0libserf-1-1silc-toolkit-devellibsmi-devellibsndfile-devellibsoup-devellibssh-devellibssh-devel-doclibsvn_auth_gnome_keyring-1-0libsvn_auth_kwallet-1-0subversionsubversion-bash-completionsubversion-develsubversion-perlsubversion-pythonsubversion-serversubversion-toolslibtag-devellibtasn1-devellibtiff-devellibvirt-devellibvorbis-devellibxcb-composite0libxcb-damage0libxcb-devellibxcb-devel-doclibxcb-dpms0libxcb-record0libxcb-res0libxcb-screensaver0libxcb-xevie0libxcb-xprint0libxcb-xtest0libxcb-xvmc0libxml2-devellibyaml-devellibzip-develzeromq-devellua-develmozilla-nspr-develmozilla-nss-develnet-snmp-develnewt-develnewt-staticnut-cginut-developenexr-developenslp-develoscpam-develpango-develperl-Tk-develphp5-develpolkit-develpostgresql93-develppp-develpython3-develquagga-develrhythmbox-develruby-develruby2.1-rubygem-bundlerspice-gtk-develtypelib-1_0-SpiceClientGtk-2_0sudo-develsystemtap-sdt-develudisks2-develunixODBC-develvte2-develwireshark-develxalan-j2-demoxalan-j2-manualxen-develxfigxorg-x11-develxorg-x11-server-sdkyast2-core-develyast2-devel-docDirectFB-devellib++dfb-develbinutils-develbinutils-goldcross-ppc-binutilscross-spu-binutilse2fsprogs-devellibcom_err-devellibext2fs-develflac-develgnome-settings-daemon-develgstreamer-0_10-plugins-bad-develhivex-develjava-1_7_1-ibm-develjava-1_8_0-ibm-devellibQt5Bootstrap-devel-staticlibQt5Concurrent-devellibQt5Core-devellibQt5Core-private-headers-devellibQt5DBus-devellibQt5DBus-private-headers-devellibQt5Gui-devellibQt5Gui-private-headers-devellibQt5Network-devellibQt5Network-private-headers-devellibQt5OpenGL-devellibQt5OpenGL-private-headers-devellibQt5OpenGLExtensions-devel-staticlibQt5PlatformSupport-devel-staticlibQt5PlatformSupport-private-headers-devellibQt5PrintSupport-devellibQt5PrintSupport-private-headers-devellibQt5Sql-devellibQt5Sql-private-headers-devellibQt5Test-devellibQt5Test-private-headers-devellibQt5Widgets-devellibQt5Widgets-private-headers-devellibQt5Xml-devellibqt5-qtbase-common-devellibqt5-qtbase-devellibqt5-qtbase-doclibqt5-qtbase-private-headers-devellibarchive-devellibsamba-passdb-devellibgypsy-devellibicu-devellibjasper-devellibjpeg62-devellibjpeg8-devellibksba-devellibpcp-devellibspice-server-devellibssh2-devellibtidy-0_99-0libtidy-0_99-0-develtidylibvdpau-devellibwmf-devellibwmf-gnomelibxerces-c-develmercurialmpfr-developenldap2-back-perlpostgresql94-develrpm-develruby2.1-develLibVNCServer-develNetworkManager-develpython-avahibsh2bsh2-classgenbsh2-javadoccracklib-develcups-ddkeog-devellibQtWebKit-devellibbonobo-devellibnetpbm-develmdbtoolssgmltoolfontconfig-develghostscript-develgiflib-develgraphite2-develgtk2-devellhasa-devellibQt5PlatformHeaders-devellibQt5WebKit-private-headers-devellibQt5WebKit5-devellibQt5WebKitWidgets-devellibQt5WebKitWidgets-private-headers-devellibidn-devellibimobiledevice-devellibldb-develpyldbpyldb-devellibnettle-devellibotr-devellibpoppler-cpp0libreoffice-sdklibtcnative-1-0-devellibusbmuxd-devellibwmf-toolsmysql-connector-javaocamlocaml-compiler-libsocaml-rpm-macrosocaml-runtimeopenldap2-developenldap2-devel-staticphp7-develsqlite3-develwebkit2gtk3-develxfsprogs-develsle-we-releaselibreoffice-l10n-bglibreoffice-l10n-hrlibreoffice-l10n-ltlibreoffice-l10n-uksle-bsk-releasekrb5-minikrb5-mini-develpython-Jinja2libwmfflutelibbaselibfontslibformulaliblayoutlibloaderlibrepositorylibrevengelibrevenge-devellibrevenge-generators-0_0-0libserializermddsmdds-develpentaho-libxmlpentaho-reporting-flow-enginesacperl-Capture-Tinypython-tdbpython-teventtdbteventghostscript-minighostscript-mini-develgogo-docgcc5-golibgo7libudev-mini-devellibudev-mini1systemd-minisystemd-mini-develudev-minipopplercracklib-dict-smallocaml-ocamldockdelibs4kdelibs4-branding-upstreamkdelibs4-corekdelibs4-doclibkde4-devellibkdecore4-devellibmdbodbc1mdbtools-develvirtuosovirtuoso-driversvirtuoso-serverpython-TwistedflaclibsshMozillaFirefox-branding-SLEcompat-openssl098libxml2freetype2postgresql93-libslibmspackxerces-clibziplibarchivelibssh2_orglibksbawebkitgtkwebkitgtk3libXfontspicefltklibfltk1libgcryptlibpng16libqt4-sql-pluginsevolution-data-serverevolution-data-server-langlibcamel-1_2-45libcamel-1_2-45-32bitlibebackend-1_2-7libebackend-1_2-7-32bitlibebook-1_2-14libebook-1_2-14-32bitlibebook-contacts-1_2-0libebook-contacts-1_2-0-32bitlibecal-1_2-16libecal-1_2-16-32bitlibedata-book-1_2-20libedata-book-1_2-20-32bitlibedata-cal-1_2-23libedata-cal-1_2-23-32bitlibedataserver-1_2-18libedataserver-1_2-18-32bitlibqt5-qtbaselibyamlrpm-pythonlibsndfilezeromqjasperopenssh-askpass-gnomempfrlibvdpauapache-commons-loggingcmis-clientgraphite2hyphenlibabwlibabw-0_1-1libcdrlibcdr-0_1-1libcmis-0_5-5libe-booklibe-book-0_1-1libetonyeklibetonyek-0_1-1libfreehandlibfreehand-0_1-1libgltflibgltf-0_0-0libhyphen0libixionlibixion-0_10-0liblangtagliblangtag1libmspublibmspub-0_1-1libmwawlibmwaw-0_3-3libodfgenlibodfgen-0_1-1liborcusliborcus-0_8-0libpagemakerlibpagemaker-0_0-0libreoffice-share-linkerlibreoffice-voikkolibrevenge-0_0-0librevenge-stream-0_0-0libvisiolibvisio-0_1-1libvoikkolibvoikko1libwpslibwps-0_4-4malaga-suomimyspell-af_ZAmyspell-armyspell-be_BYmyspell-bg_BGmyspell-bn_BDmyspell-bs_BAmyspell-camyspell-cs_CZmyspell-da_DKmyspell-demyspell-dictionariesmyspell-el_GRmyspell-enmyspell-esmyspell-et_EEmyspell-fr_FRmyspell-gu_INmyspell-he_ILmyspell-hi_INmyspell-hr_HRmyspell-hu_HUmyspell-it_ITmyspell-lo_LAmyspell-lt_LTmyspell-lv_LVmyspell-nl_NLmyspell-nomyspell-pl_PLmyspell-pt_BRmyspell-pt_PTmyspell-romyspell-ru_RUmyspell-sk_SKmyspell-sl_SImyspell-srmyspell-sv_SEmyspell-te_INmyspell-th_THmyspell-vimyspell-zu_ZAlibpng12LibVNCServergdk-pixbufldblibtalloc2libtalloc2-32bitlibtdb1libtdb1-32bitlibtevent0libtevent0-32bitpytallocpytalloc-32bittallocboostboost-license1_54_0hunspellhunspell-32bithunspell-toolslibOpenCOLLADA0libboost_atomic1_54_0libboost_date_time1_54_0libboost_filesystem1_54_0libboost_iostreams1_54_0libboost_program_options1_54_0libboost_regex1_54_0libboost_signals1_54_0libboost_system1_54_0libboost_thread1_54_0libixion-0_11-0liborcus-0_11-0myspell-af_NAmyspell-ar_AEmyspell-ar_BHmyspell-ar_DZmyspell-ar_EGmyspell-ar_IQmyspell-ar_JOmyspell-ar_KWmyspell-ar_LBmyspell-ar_LYmyspell-ar_MAmyspell-ar_OMmyspell-ar_QAmyspell-ar_SAmyspell-ar_SDmyspell-ar_SYmyspell-ar_TNmyspell-ar_YEmyspell-bn_INmyspell-bsmyspell-ca_ADmyspell-ca_ESmyspell-ca_ES_valenciamyspell-ca_FRmyspell-ca_ITmyspell-de_ATmyspell-de_CHmyspell-de_DEmyspell-en_AUmyspell-en_BSmyspell-en_BZmyspell-en_CAmyspell-en_GBmyspell-en_GHmyspell-en_IEmyspell-en_INmyspell-en_JMmyspell-en_MWmyspell-en_NAmyspell-en_NZmyspell-en_PHmyspell-en_TTmyspell-en_USmyspell-en_ZAmyspell-en_ZWmyspell-es_ARmyspell-es_BOmyspell-es_CLmyspell-es_COmyspell-es_CRmyspell-es_CUmyspell-es_DOmyspell-es_ECmyspell-es_ESmyspell-es_GTmyspell-es_HNmyspell-es_MXmyspell-es_NImyspell-es_PAmyspell-es_PEmyspell-es_PRmyspell-es_PYmyspell-es_SVmyspell-es_UYmyspell-es_VEmyspell-fr_BEmyspell-fr_CAmyspell-fr_CHmyspell-fr_LUmyspell-fr_MCmyspell-lightproof-enmyspell-lightproof-hu_HUmyspell-lightproof-pt_BRmyspell-lightproof-ru_RUmyspell-nb_NOmyspell-nl_BEmyspell-nn_NOmyspell-pt_AOmyspell-ro_ROmyspell-sr_CSmyspell-sr_Latn_CSmyspell-sr_Latn_RSmyspell-sr_RSmyspell-sv_FImyspell-temyspell-vi_VNopenCOLLADAgifliblibnettlepostgresql94-libslibotrlibcilkrts5libcilkrts5-32bitlibffi-gcc5liblsan0libstdc++6-localelibubsan0libubsan0-32bitpython-backports.ssl_match_hostnamepython-tornadocairolibcairo-gobject2libcairo-gobject2-32bitlibcairo2libcairo2-32bityast2-ntp-clientpoppler-qtimaplibc-client2007e_suselibimobiledevicelibimobiledevice-toolslibimobiledevice4libusbmuxd2usbmuxdlibidnlibstoragelibstorage-rubylibstorage6libX11libXfixeslibXilibXrandrlibXrenderlibXtstlibXvlibXvMCgtk2libpcre1libpcre1-32bitlibpcre16-0libpcrecpp0libpcrecpp0-32bitpcregclibasslibass5libgmelibgme0gstreamer-plugins-goodgstreamer-plugins-good-langlibcares2libcares2-32bitgstreamer-plugins-badgstreamer-plugins-bad-langlibgstbasecamerabinsrc-1_0-0libgstcodecparsers-1_0-0libgstegl-1_0-0libgstmpegts-1_0-0libgstphotography-1_0-0libpng15libcairo-script-interpreter2gstreamer-0_10-plugins-goodgstreamer-0_10-plugins-good-langgstreamer-0_10-plugins-basegstreamer-0_10-plugins-base-32bitgstreamer-0_10-plugins-base-langlibgstapp-0_10-0libgstapp-0_10-0-32bitlibgstinterfaces-0_10-0libgstinterfaces-0_10-0-32bitguileguile-modules-2_0libguile-2_0-22libopus0opuslibXpmlibXpm4libXpm4-32bitlibz1libz1-32bitzlibrrdtoolrrdtool-cachedgstreamer-plugins-basegstreamer-plugins-base-langlibgstallocators-1_0-0libgstapp-1_0-0libgstapp-1_0-0-32bitlibgstaudio-1_0-0libgstaudio-1_0-0-32bitlibgstfft-1_0-0libgstfft-1_0-0-32bitlibgstpbutils-1_0-0libgstpbutils-1_0-0-32bitlibgstriff-1_0-0libgstrtp-1_0-0libgstrtsp-1_0-0libgstsdp-1_0-0libgsttag-1_0-0libgsttag-1_0-0-32bitlibgstvideo-1_0-0libgstvideo-1_0-0-32bittypelib-1_0-GstAudio-1_0typelib-1_0-GstPbutils-1_0typelib-1_0-GstTag-1_0typelib-1_0-GstVideo-1_0libopenjp2-7openjpeg2libgstadaptivedemux-1_0-0libgstbadaudio-1_0-0libgstbadbase-1_0-0libgstbadvideo-1_0-0libgstgl-1_0-0libgsturidownloader-1_0-0zlib-develsle-ha-releaseconntrack-toolslibnetfilter_cthelperlibnetfilter_cthelper0libnetfilter_cttimeoutlibnetfilter_cttimeout1ctdbhawk2libpacemaker3pacemakerpacemaker-clipacemaker-remotelibpcreposix0cluster-md-kmp-defaultcluster-network-kmp-defaultdlm-kmp-defaultgfs2-kmp-defaultocfs2-kmp-defaultkgraft-patch-3_12_38-44-defaultkgraft-patch-3_12_38-44-xenkgraft-patch-SLE12_Update_3sle-live-patching-releasekgraft-patch-3_12_39-47-defaultkgraft-patch-3_12_39-47-xenkgraft-patch-SLE12_Update_4kgraft-patch-3_12_32-33-defaultkgraft-patch-3_12_32-33-xenkgraft-patch-3_12_36-38-defaultkgraft-patch-3_12_36-38-xenkgraft-patch-SLE12_Update_1kgraft-patch-SLE12_Update_2kgraft-patch-3_12_43-52_6-defaultkgraft-patch-3_12_43-52_6-xenkgraft-patch-SLE12_Update_5kgraft-patch-3_12_44-52_10-defaultkgraft-patch-3_12_44-52_10-xenkgraft-patch-SLE12_Update_6kgraft-patch-3_12_44-52_18-defaultkgraft-patch-3_12_44-52_18-xenkgraft-patch-SLE12_Update_7kgraft-patch-3_12_48-52_27-defaultkgraft-patch-3_12_48-52_27-xenkgraft-patch-SLE12_Update_8kgraft-patch-3_12_51-52_31-defaultkgraft-patch-3_12_51-52_31-xenkgraft-patch-SLE12_Update_9kgraft-patch-3_12_51-60_20-defaultkgraft-patch-3_12_51-60_20-xenkgraft-patch-SLE12-SP1_Update_1kgraft-patch-3_12_60-52_49-defaultkgraft-patch-3_12_60-52_49-xenkgraft-patch-SLE12_Update_14kgraft-patch-3_12_59-60_41-defaultkgraft-patch-3_12_59-60_41-xenkgraft-patch-SLE12-SP1_Update_5kgraft-patch-3_12_59-60_45-defaultkgraft-patch-3_12_59-60_45-xenkgraft-patch-SLE12-SP1_Update_6kgraft-patch-3_12_60-52_54-defaultkgraft-patch-3_12_60-52_54-xenkgraft-patch-SLE12_Update_15kgraft-patch-3_12_51-52_34-defaultkgraft-patch-3_12_51-52_34-xenkgraft-patch-SLE12_Update_10kgraft-patch-3_12_49-11-defaultkgraft-patch-3_12_49-11-xenkgraft-patch-SLE12-SP1_Update_0kgraft-patch-3_12_57-60_35-defaultkgraft-patch-3_12_57-60_35-xenkgraft-patch-SLE12-SP1_Update_4kgraft-patch-3_12_53-60_30-defaultkgraft-patch-3_12_53-60_30-xenkgraft-patch-SLE12-SP1_Update_3kgraft-patch-3_12_51-60_25-defaultkgraft-patch-3_12_51-60_25-xenkgraft-patch-SLE12-SP1_Update_2kgraft-patch-3_12_62-60_62-defaultkgraft-patch-3_12_62-60_62-xenkgraft-patch-SLE12-SP1_Update_7kgraft-patch-3_12_51-52_39-defaultkgraft-patch-3_12_51-52_39-xenkgraft-patch-SLE12_Update_11kgraft-patch-3_12_62-60_64_8-defaultkgraft-patch-3_12_62-60_64_8-xenkgraft-patch-SLE12-SP1_Update_8kgraft-patch-3_12_67-60_64_18-defaultkgraft-patch-3_12_67-60_64_18-xenkgraft-patch-SLE12-SP1_Update_9kgraft-patch-3_12_67-60_64_21-defaultkgraft-patch-3_12_67-60_64_21-xenkgraft-patch-SLE12-SP1_Update_10kgraft-patch-4_4_21-84-defaultkgraft-patch-SLE12-SP2_Update_2kgraft-patch-4_4_21-90-defaultkgraft-patch-SLE12-SP2_Update_3kgraft-patch-4_4_21-69-defaultkgraft-patch-SLE12-SP2_Update_0kgraft-patch-3_12_67-60_64_24-defaultkgraft-patch-3_12_67-60_64_24-xenkgraft-patch-SLE12-SP1_Update_11kgraft-patch-4_4_21-81-defaultkgraft-patch-SLE12-SP2_Update_1kgraft-patch-3_12_55-52_42-defaultkgraft-patch-3_12_55-52_42-xenkgraft-patch-SLE12_Update_12kgraft-patch-3_12_55-52_45-defaultkgraft-patch-3_12_55-52_45-xenkgraft-patch-SLE12_Update_13kgraft-patch-4_4_38-93-defaultkgraft-patch-SLE12-SP2_Update_4kgraft-patch-3_12_69-60_64_29-defaultkgraft-patch-3_12_69-60_64_29-xenkgraft-patch-SLE12-SP1_Update_12kgraft-patch-3_12_69-60_64_32-defaultkgraft-patch-3_12_69-60_64_32-xenkgraft-patch-SLE12-SP1_Update_13kgraft-patch-4_4_49-92_11-defaultkgraft-patch-SLE12-SP2_Update_5ruby2.1-rubygem-passengerrubygem-passengerrubygem-passenger-apache2python-setuptoolsruby2.1-rubygem-rack-1_4rubygem-rack-1_4sles12-docker-imagesles12sp1-docker-imagecontainerdruby2.1-rubygem-docker-apiruby2.1-rubygem-exconrubygem-docker-apirubygem-exconruncsles11sp4-docker-imageportuscompat-libldap-2_3-0kernel-ec2kernel-ec2-develkernel-ec2-extrapython-rsagcc5-32bitgcc5-adagcc5-ada-32bitgcc5-c++-32bitgcc5-fortran-32bitlibada5libada5-32bitlibffi-devel-gcc5-32bitlibstdc++6-devel-gcc5-32bitapache2-mod_php5php5php5-bcmathphp5-bz2php5-calendarphp5-ctypephp5-curlphp5-dbaphp5-domphp5-enchantphp5-exifphp5-fastcgiphp5-fileinfophp5-fpmphp5-ftpphp5-gdphp5-gettextphp5-gmpphp5-iconvphp5-intlphp5-jsonphp5-ldapphp5-mbstringphp5-mcryptphp5-mysqlphp5-odbcphp5-opensslphp5-pcntlphp5-pdophp5-pearphp5-pgsqlphp5-pspellphp5-shmopphp5-snmpphp5-soapphp5-socketsphp5-sqlitephp5-suhosinphp5-sysvmsgphp5-sysvsemphp5-sysvshmphp5-tokenizerphp5-wddxphp5-xmlreaderphp5-xmlrpcphp5-xmlwriterphp5-xslphp5-zipphp5-zlibsle-module-web-scriptingphp5-opcachephp5-posixphp5-imapphp5-pharapache2-mod_php7php7php7-bcmathphp7-bz2php7-calendarphp7-ctypephp7-curlphp7-dbaphp7-domphp7-enchantphp7-exifphp7-fastcgiphp7-fileinfophp7-fpmphp7-ftpphp7-gdphp7-gettextphp7-gmpphp7-iconvphp7-imapphp7-intlphp7-jsonphp7-ldapphp7-mbstringphp7-mcryptphp7-mysqlphp7-odbcphp7-opcachephp7-opensslphp7-pcntlphp7-pdophp7-pearphp7-pear-Archive_Tarphp7-pgsqlphp7-pharphp7-posixphp7-pspellphp7-shmopphp7-snmpphp7-soapphp7-socketsphp7-sqlitephp7-sysvmsgphp7-sysvsemphp7-sysvshmphp7-tokenizerphp7-wddxphp7-xmlreaderphp7-xmlrpcphp7-xmlwriterphp7-xslphp7-zipphp7-zlibnodejs4nodejs4-develnodejs4-docsnpm4nodejs6nodejs6-develnodejs6-docsnpm6policycoreutilspolicycoreutils-pythonperl-DBD-mysqlkernel-computekernel-compute-basekernel-compute-develkernel-compute_debugkernel-compute_debug-develkernel-devel-rtkernel-rtkernel-rt-basekernel-rt-develkernel-rt_debugkernel-rt_debug-develkernel-source-rtkernel-syms-rtSUSE-Linux-Enterprise-RT-releaseSUSE_SLES_SAP-releaselibstorage5kgraft-patch-3_12_60-52_57-defaultkgraft-patch-3_12_60-52_57-xenkgraft-patch-SLE12_Update_16kgraft-patch-3_12_60-52_60-defaultkgraft-patch-3_12_60-52_60-xenkgraft-patch-SLE12_Update_17kgraft-patch-3_12_60-52_63-defaultkgraft-patch-3_12_60-52_63-xenkgraft-patch-SLE12_Update_18clamsapkgraft-patch-3_12_61-52_66-defaultkgraft-patch-3_12_61-52_66-xenkgraft-patch-SLE12_Update_19python-magicfltk-develfltk-devel-staticevolution-data-server-develtypelib-1_0-EBook-1_2typelib-1_0-EBookContacts-1_2typelib-1_0-EDataServer-1_2libnetfilter_cthelper-devellibnetfilter_cttimeout-devellibffi48hyphen-devellibabw-devellibabw-devel-doclibcdr-devellibcdr-devel-doclibcmis-c-0_5-5libcmis-c-devellibcmis-devellibe-book-devellibe-book-devel-doclibetonyek-devellibetonyek-devel-doclibfreehand-devellibfreehand-devel-doclibixion-develliblangtag-devellibmspub-devellibmspub-devel-doclibmwaw-devellibmwaw-devel-doclibodfgen-devellibodfgen-devel-docliborcus-devellibvisio-devellibvisio-devel-doclibvoikko-devellibwps-develhivexlibtalloc-devellibtdb-devellibtevent-develpytalloc-develboost-develhunspell-develhunspell-devel-32bitlibboost_chrono1_54_0libboost_graph1_54_0libboost_graph_parallel1_54_0libboost_locale1_54_0libboost_log1_54_0libboost_math1_54_0libboost_mpi1_54_0libboost_python1_54_0libboost_random1_54_0libboost_serialization1_54_0libboost_test1_54_0libboost_timer1_54_0libboost_wave1_54_0libhyphen0-32bitcairo-develyast2-ntp-client-devel-docimap-develobs-service-source_validatorlibstorage-develpcre-develpcre-devel-staticpcre-toolslibass-devellibgme-devellibcares-develgstreamer-plugins-bad-devellibgstinsertbin-1_0-0yast2-users-devel-docgstreamer-0_10-plugins-base-develtypelib-1_0-GstApp-0_10typelib-1_0-GstInterfaces-0_10guile-devellibguilereadline-v-18-18libopus-devellibopus-devel-staticlibXpm-develzlib-devel-32bitzlib-devel-staticrrdtool-develgstreamer-plugins-base-develtypelib-1_0-GstAllocators-1_0typelib-1_0-GstApp-1_0typelib-1_0-GstFft-1_0typelib-1_0-GstRiff-1_0typelib-1_0-GstRtp-1_0typelib-1_0-GstRtsp-1_0typelib-1_0-GstSdp-1_0libgit2libgit2-24libXpm-toolsruby2.1-rubygem-sle2dockersle2dockerpython-docpython-doc-pdfapache2-mod_auth_kerbapache2-mod_security2tdb-toolsapache-commons-collectionsapache-commons-collections-javadoccyrus-imapdlttng-moduleslttng-modules-kmp-defaultdnsmasq-utilspython-glanceclientpython-keystonemiddlewarepython-novaclientpython-novaclient-docpython-swiftclientpython-swiftclient-docopenstack-ceilometeropenstack-ceilometer-agent-computeopenstack-novaopenstack-nova-computeopenstack-suseopenstack-suse-sudopython-ceilometerpython-novapython-python-memcachedNetworkManager-glibNetworkManager-gnomeOpenEXROpenEXR-32bitOpenEXR-x86PackageKitPackageKit-langhalhal-32bithal-dochal-x86libpackagekit-glib10PolicyKitPolicyKit-32bitPolicyKit-docPolicyKit-x86acpidamavisd-newphp5-dbasephp5-hashapache2-mod_php53php53php53-bcmathphp53-bz2php53-calendarphp53-ctypephp53-curlphp53-dbaphp53-domphp53-exifphp53-fastcgiphp53-fileinfophp53-ftpphp53-gdphp53-gettextphp53-gmpphp53-iconvphp53-intlphp53-jsonphp53-ldapphp53-mbstringphp53-mcryptphp53-mysqlphp53-odbcphp53-opensslphp53-pcntlphp53-pdophp53-pearphp53-pgsqlphp53-pspellphp53-shmopphp53-snmpphp53-soapphp53-suhosinphp53-sysvmsgphp53-sysvsemphp53-sysvshmphp53-tokenizerphp53-wddxphp53-xmlreaderphp53-xmlrpcphp53-xmlwriterphp53-xslphp53-zipphp53-zliblibavahi-client3-x86libavahi-common3-x86libavahi-core5libdns_sd-x86bind-libs-x86boost-licenselibboost_program_options1_36_0libboost_regex1_36_0libboost_signals1_36_0libbz2-1-x86cups-libs-x86libcurl4-x86dbus-1-32bitdbus-1-x86dbus-1-glib-x86dhcpcddhcpv6libcom_err2-x86ecryptfs-utils-x86edenscriptevince-docevolution-data-server-32bitevolution-data-server-x86libexpat1-x86file-32bitfile-x86findutilsfindutils-locatefoomatic-filtersfreeradius-server-dialupadminfreetype2-32bitfreetype2-x86fvwm2ghostscript-fonts-otherghostscript-fonts-rusghostscript-fonts-stdghostscript-libraryghostscript-omnilibgimpprintglib2glib2-doclibgio-2_0-0-x86libglib-2_0-0-x86libgmodule-2_0-0-x86libgobject-2_0-0-x86libgthread-2_0-0-x86glibc-locale-x86glibc-profile-x86glibc-x86gmimegmime-2_4gmime-doclibgmime-2_0-3libgmime-2_4-2gnome-screensavergnome-screensaver-langlibgnutls26libgnutls26-32bitlibgnutls26-x86gstreamer-0_10-plugins-base-docgstreamer-0_10-plugins-base-x86libgstapp-0_10-0-x86libgstinterfaces-0_10-0-x86gstreamer-0_10-plugins-good-docgtk2-32bitgtk2-docgtk2-x86vim-basejava-1_4_2-ibmjava-1_4_2-ibm-jdbcjava-1_4_2-ibm-pluginjava-1_6_0-ibm-alsakde4-kgreeter-pluginskdebase4-wallpaperskdebase4-workspacekdebase4-workspace-ksysguarddkdmkwinkdebase3-runtimekdebase3-runtime-32bitkdebase3-runtime-x86kdelibs3kdelibs3-32bitkdelibs3-default-stylekdelibs3-default-style-32bitkdelibs3-default-style-x86kdelibs3-x86libkde4-x86libkdecore4-x86kdenetwork4-filesharingkgetkopetekrdckrfbkernel-paekernel-pae-basekernel-pae-develkernel-ppc64kernel-ppc64-basekernel-ppc64-develkernel-tracekernel-trace-basekernel-trace-develkrb5-apps-clientskrb5-apps-serverskrb5-x86kvmliblcms1-x86ldapsmblibsmbclient0-x86libtalloc2-x86libtdb1-x86libwbclient0-x86samba-client-x86samba-krb-printingsamba-winbind-x86samba-x86libMagickCore1libMagickCore1-32bitlibQtWebKit4-x86libqt4-qt3support-x86libqt4-sql-x86libqt4-x11-x86libqt4-x86libadns1libapr-util1-32bitlibapr1-32bitlibarchive2libcap-progslibcap2libcap2-32bitlibcap2-x86libdrmlibdrm-32bitlibdrm-x86libexiflibexif-32bitlibexif-x86libexiv2-4libfreebl3-x86mozilla-nss-x86libgdiplus0libgtoplibgtop-2_0-7libgtop-doclibgtop-langlibiculibicu-32bitlibicu-x86libltdl7-x86libtool-x86libmysqlclient15libmysqlclient15-32bitlibmysqlclient15-x86libmysqlclient_r15mysqlmysql-Maxmysql-clientmysql-toolslibneon27-x86libnetpbm10libnetpbm10-32bitlibnetpbm10-x86newtpython-newtlibopensc2libopensc2-32bitlibopensc2-x86opensc-32bitopensc-x86libopenssl0_9_8-x86libpng12-0-x86libpoppler-glib4libpoppler-qt4-3libpoppler5libpulse-browse0libpulse0-x86libpython2_6-1_0libpython2_6-1_0-32bitlibpython2_6-1_0-x86python-base-x86librpcsecgsslibtirpc1librsvglibrsvg-32bitlibrsvg-x86libsampleratelibsamplerate-32bitlibsamplerate-x86libsndfile-32bitlibsndfile-x86libsnmp15libsnmp15-32bitlibsnmp15-x86libsoup-2_4-1-x86libtiff3libtiff3-32bitlibtiff3-x86libvirt-pythonlibvorbislibvorbis-32bitlibvorbis-x86libxcryptlibxcrypt-32bitlibxcrypt-x86pam-modules-x86pwdutilspwdutils-plugin-auditlibxml2-32bitlibxml2-x86libxsltlibxslt-32bitlibxslt-x86libzip1log4netlvm2manmono-coremono-datamono-data-postgresqlmono-data-sqlitemono-locale-extrasmono-nunitmono-webmono-winformsmozilla-xulrunner192mozilla-xulrunner192-32bitmozilla-xulrunner192-gnomemozilla-xulrunner192-translationsmozilla-xulrunner192-x86nagiosnagios-wwwnagios-pluginsnagios-plugins-extrasofedofed-docofed-kmp-defaultofed-kmp-paeofed-kmp-ppc64ofed-kmp-traceopenslp-x86openssh-askpassopenswanopenswan-docopie-x86pam-x86pam_krb5-x86pam_ldappam_ldap-32bitpam_ldap-x86pam_mountpam_mount-32bitpam_mount-x86pangopango-32bitpango-docpango-x86pcsc-lite-32bitpcsc-lite-x86perl-x86perl-libwww-perlperl-spamassassinspamassassinpostgresqlpostgresql-contribpostgresql-docspostgresql-libspostgresql-libs-32bitpostgresql-libs-x86postgresql-serverpure-ftpdpython-x86pyxmlqt3qt3-32bitqt3-x86ruby-doc-htmlruby-tksquid3starsysstatsysstat-isagsystem-config-printer-langt1libtgttomcat6tomcat6-admin-webappstomcat6-docs-webapptomcat6-javadoctomcat6-jsp-2_1-apitomcat6-libtomcat6-servlet-2_5-apitomcat6-webappsunrarvtevte-docvte-langxen-doc-pdfxen-kmp-paexorg-x11-xauthxorg-x11-libs-32bitxorg-x11-libs-x86xtermMesaMesa-32bitMesa-x86ant-traxarkkcalckcharselectkdesshkdfkfloppykgpgktimerkwalletmanagerkwikdiskoktetalibboost_thread1_36_0libldap-2_4-2-x86libgnutls-extra26ibutilsibutils-32bitjakarta-commons-httpclient3java-1_7_0-ibmjava-1_7_0-ibm-alsajava-1_7_0-ibm-jdbcjava-1_7_0-ibm-pluginjpeglibjpeglibjpeg-32bitlibjpeg-x86postgresql91postgresql91-contribpostgresql91-docspostgresql91-serverlibsoftokn3-x86libopenssl0_9_8-hmaclibopenssl0_9_8-hmac-32bitlibotr2libproxy0libproxy0-32bitlibproxy0-config-gnomelibproxy0-config-kde4libproxy0-networkmanagerlibproxy0-x86libtspi1libtspi1-32bitlibtspi1-x86trousersnut-classicnfs-clientopenCryptokiopenCryptoki-32bitopenCryptoki-64bitperl-Module-Buildperl-Test-Simplepython-pamtaglib-32bittaglib-x86unixODBC_23virt-utilsx3270xorg-x11-libxcbxorg-x11-libxcb-32bitxorg-x11-libxcb-x86xorg-x11-server-dmxxorg-x11-server-rdpa2psbash-x86libreadline5libreadline5-32bitlibreadline5-x86boost-license1_49_0libboost_system1_49_0libboost_thread1_49_0coreutils-x86libdw1-x86libebl1-x86libelf1-x86fastjarkdebase4-runtimekdirstatlibFLAC8-x86libblkid1-x86libuuid1-x86uuid-runtimelibevent-1_4-2libgcc_s1-x86libstdc++6-x86libgcrypt11libgcrypt11-32bitlibgcrypt11-x86libjasperlibjasper-32bitlibjasper-x86liblzo2-2-x86libmpfr1libmpfr1-32bitlibmpfr1-x86libmysql55client18libmysql55client18-32bitlibmysql55client18-x86libmysql55client_r18libmysql55client_r18-32bitlibmysql55client_r18-x86libpixman-1-0libpixman-1-0-32bitlibpixman-1-0-x86libpulse-mainloop-glib0-x86libtasn1-3libtasn1-3-32bitlibtasn1-3-x86libtevent0-x86libwsman1openwsman-clientopenwsman-serversuseRegisterlxcmozilla-nspr-x86nagios-nrpenagios-nrpe-docnagios-plugins-nrpenfs-docnfs-kernel-serverpoptpopt-32bitpopt-x86rpm-x86python-lxmlsendmailxorg-x11-libX11xorg-x11-libX11-32bitxorg-x11-libX11-x86xorg-x11-libXextxorg-x11-libXext-32bitxorg-x11-libXext-x86xorg-x11-libXfixesxorg-x11-libXfixes-32bitxorg-x11-libXfixes-x86xorg-x11-libXpxorg-x11-libXp-32bitxorg-x11-libXp-x86xorg-x11-libXrenderxorg-x11-libXrender-32bitxorg-x11-libXrender-x86xorg-x11-libXtxorg-x11-libXt-32bitxorg-x11-libXt-x86xorg-x11-libXvxorg-x11-libXv-32bitxorg-x11-libXv-x86GraphicsMagicklibGraphicsMagick2perl-GraphicsMagicklibMagick++1libMagickWand1libMagickWand1-32bitMesa-develMesa-devel-32bitOpenEXR-develPackageKit-develhal-devellibpackagekit-glib10-devellibpackagekit-qt10libpackagekit-qt10-develPolicyKit-develXerces-clibXerces-c-devellibXerces-c28a2ps-develant-antlrant-apache-bcelant-apache-bsfant-apache-log4jant-apache-oroant-apache-regexpant-apache-resolverant-commons-loggingant-javadocant-javamailant-jdependant-junitant-manualant-nodepsapache2-mod_fcgidapache2-mod_perl-develbind-devel-32bitbinutils-devel-32bitboinc-clientboinc-client-develboost-devel-32bitboost-doclibboost_date_time1_36_0libboost_date_time1_36_0-32bitlibboost_filesystem1_36_0libboost_filesystem1_36_0-32bitlibboost_graph1_36_0libboost_graph1_36_0-32bitlibboost_iostreams1_36_0libboost_iostreams1_36_0-32bitlibboost_math1_36_0libboost_math1_36_0-32bitlibboost_mpi1_36_0libboost_program_options1_36_0-32bitlibboost_python1_36_0libboost_python1_36_0-32bitlibboost_regex1_36_0-32bitlibboost_serialization1_36_0libboost_serialization1_36_0-32bitlibboost_signals1_36_0-32bitlibboost_system1_36_0libboost_system1_36_0-32bitlibboost_test1_36_0libboost_test1_36_0-32bitlibboost_thread1_36_0-32bitlibboost_wave1_36_0libboost_wave1_36_0-32bitbuildbytefx-data-mysqlmono-data-firebirdmono-data-oraclemono-data-sybasemono-develmono-extrasmono-jscriptmono-wcfmono-winfxcoremonodoc-coregcc48-fortran-32bitcscopecyrus-imapd-develderbylibcom_err-devel-32bitlibext2fs-devel-32bitlibext2fs2-32bitlibext2fs2-x86empathy-develevolutionevolution-develevolution-langfilesharesetkdebase3kdebase3-32bitkdebase3-develmisc-console-fontlibFLAC++6-x86freetype2-devel-32bitgdk-pixbuf-32bitghostscript-ijs-devellibgimpprint-develglib2-devel-32bitgmime-2_4-develgmime-develgmime-sharpgnucashgnucash-develgnucash-langgtk2-devel-32bitibutils-develibutils-devel-32bitlibicu-devel-32bitimlibimlib-32bitimlib-configimlib-develimlib-x86imlib2imlib2-develimlib2-filtersimlib2-loadersinkscapeinkscape-extensions-diainkscape-extensions-extrainkscape-extensions-figinkscape-extensions-gimpinkscape-langkdebase4-workspace-develkdelibs3-artskdelibs3-arts-32bitkdelibs3-arts-x86kdelibs3-develkdelibs3-dockopete-develkrb5-devel-32bitlibqt4-sql-mysql-x86libqt4-sql-postgresql-x86libqt4-sql-sqlite-x86libqt4-sql-unixODBC-x86libadns-devellibapr-util1-devel-32bitlibapr1-devel-32bitlibblkid-devel-32bitlibuuid-devel-32bitlibcap-devellibdhcp6client-1_0-2libdhcp6client-devellibdrm-devellibdrm-devel-32bitlibexiv2-4-32bitlibexiv2-4-x86libexiv2-devellibgadulibgcrypt-devel-32bitlibgnutls-extra-devellibgpgme11-32bitlibgpgme11-x86libgtop-2_0-7-32bitlibgtop-2_0-7-x86libgtop-devellibid3taglibjpeg-devellibjpeg-devel-32bitliblcms-devel-32bitpython-lcmssamba-develsamba-testlibmikmodmpfr-devel-32bitlibmysqlclient_r15-32bitlibmysqlclient_r15-x86libnetpbm-devel-32bitpcp-devellibpixman-1-0-devellibpng-devellibpng-devel-32bitlibpoppler-qt2libpoppler-qt3-develreadline-devel-32bitlibreoffice-base-extensionslibreoffice-draw-extensionslibreoffice-impress-extensionslibreoffice-kdelibreoffice-kde4libreoffice-l10n-prebuiltlibreoffice-monolibreoffice-branding-upstreamlibreoffice-icon-themeslibreoffice-l10n-ellibreoffice-l10n-en-GBlibreoffice-l10n-gu-INlibreoffice-l10n-hi-INlibreoffice-l10n-ptlibreoffice-l10n-zh-CNlibreoffice-l10n-zh-TWlibreoffice-help-cslibreoffice-help-dalibreoffice-help-delibreoffice-help-en-GBlibreoffice-help-en-USlibreoffice-help-eslibreoffice-help-frlibreoffice-help-gu-INlibreoffice-help-hi-INlibreoffice-help-hulibreoffice-help-itlibreoffice-help-jalibreoffice-help-kolibreoffice-help-nllibreoffice-help-pllibreoffice-help-ptlibreoffice-help-pt-BRlibreoffice-help-rulibreoffice-help-svlibreoffice-help-zh-CNlibreoffice-help-zh-TWlibreoffice-testtoollibsamplerate-develnet-snmp-devel-32bitlibsoup-devel-32bitlibssh2libssh2-1-x86libsss_sudo-devellibthailibthai-devellibtiff-devel-32bitlibtirpc-devellibtunepimplibtunepimp-devellibtunepimp5libvirt-devel-32bitlibwebkit-1_0-1libwebkit-1_0-2libwebkit-devellibwebkit-langlibwmf-32bitlibwmf-gnome-32bitlibwmf-gnome-x86libwmf-x86libwpd-0_8-8libwpd-devellibwpd-devel-doclibwsman-developenwsman-pythonlibxcrypt-devellibxine-devellibxine1libxine1-32bitlibxine1-gnome-vfslibxine1-pulselibxmllibxml-32bitlibxml-devellibxml2-devel-32bitlibxslt-devellibxslt-devel-32bitlighttpdlighttpd-mod_cmllighttpd-mod_magnetlighttpd-mod_mysql_vhostlighttpd-mod_rrdtoollighttpd-mod_trigger_b4_dllighttpd-mod_webdavlxc-devellynxlzo-devel-32bitmemcachedmozilla-xulrunner192-develmozilla-xulrunner192-gnome-32bitmozilla-xulrunner192-translations-32bitnagios-develnetatalknetatalk-develnovell-ipsec-toolsnovell-ipsec-tools-develobex-data-serverofed-developenCryptoki-developenldap2-devel-32bitopensc-develpam-devel-32bitpango-devel-32bitperl-DBD-Pgperl-base-32bitphp53-develphp53-imapphp53-posixphp53-readlinephp53-socketsphp53-sqlitephp53-tidypopt-develpopt-devel-32bitrpm-devel-32bitpostgresql-develpwlibpwlib-develpython-cryptopython-imaging-sanepython-logilab-commonpython-lxml-docqt3-develqt3-devel-32bitqt3-devel-docqt3-devel-toolsqt3-devel-tools-32bitruby-doc-riruby-examplesruby-test-suiterubygem-actionmailer-3_2rubygem-actionpack-3_2rubygem-activemodel-3_2rubygem-activeresource-3_2rubygem-rails-3_2rubygem-railties-3_2rubygem-activerecord-3_2rubygem-activesupport-3_2rubygem-bundlerrubygem-i18n-0_6rubygem-json_purerubygem-rack-sslrubygem-rdocrubygem-sprockets-2_2rxvt-unicodesendmail-develstrutsstruts-javadocstruts-manualt1lib-develtaglib-develtexlivetexlive-arabtexlive-bintexlive-bin-cjktexlive-bin-develtexlive-bin-dviljtexlive-bin-jadetextexlive-bin-latextexlive-bin-metaposttexlive-bin-musictextexlive-bin-omegatexlive-bin-tex4httexlive-bin-toolstexlive-bin-xetextexlive-bin-xmltextexlive-cjktexlive-contexttexlive-develtexlive-doctexlive-dviljtexlive-jadetextexlive-latextexlive-latex-doctexlive-metaposttexlive-musictextexlive-omegatexlive-ppower4texlive-tex4httexlive-toolstexlive-xetextexlive-xmltextrousers-develunixODBC_23-develvalgrindvalgrind-develvte-develxalan-j2-javadocxorg-x11-devel-32bitxorg-x11-libX11-develxorg-x11-libX11-devel-32bitxorg-x11-libXext-develxorg-x11-libXext-devel-32bitxorg-x11-libXfixes-develxorg-x11-libXfixes-devel-32bitxorg-x11-libXp-develxorg-x11-libXp-devel-32bitxorg-x11-libXrender-develxorg-x11-libXrender-devel-32bitxorg-x11-libXt-develxorg-x11-libXt-devel-32bitxorg-x11-libXv-develxorg-x11-libXv-devel-32bitxorg-x11-libxcb-develxorg-x11-libxcb-devel-32bitphp5-ncursesphp5-readlinephp5-tidybeaglebeagle-develbeagle-langinninn-develinst-source-utilsjava-1_4_2-ibm-develjava-1_6_0-ibm-develjava-1_7_0-ibm-develpostgresql91-devellibxslt-pythonperl-base-x86python-httplib2rubygem-rack-1_3rubygem-rackrubygem-actionmailer-2_3rubygem-actionpack-2_3rubygem-activerecord-2_3rubygem-activeresource-2_3rubygem-activesupport-2_3rubygem-railsrubygem-rails-2_3rubygem-actionpack-2_1rubygem-mail-2_3rubygem-rack-cache-1_1giflib-devel-32bitkde4-l10n-de-datakde4-l10n-de-docliblcms2-develpostgresql91-libsgnu-efilibtidylibtidy-develfirefox-fontconfigfirefox-fontconfig-develbsdtarfontconfig-devel-32bitlibcap-nglibcap-ng-develpython-capnggoogle-carlito-fontslibmythes-1_2-0mythesmythes-develpython-importliblibopenssl-devel-32bitperl-SOAP-Literubygem-mail-2_4xorg-x11-libXpmxorg-x11-libXpm-develxorg-x11-libXpm-devel-32bityast2-storageyast2-storage-develcurl-openssl1libcurl4-openssl1libcurl4-openssl1-32bitlibcurl4-openssl1-x86libopenssl1-devellibopenssl1_0_0-x86openssl1openssl1-doclibldap-openssl1-2_4-2libldap-openssl1-2_4-2-32bitlibldap-openssl1-2_4-2-x86openldap2-client-openssl1openssh-openssl1openssh-openssl1-helperswget-openssl1acroreadacroread-cmapsacroread-fonts-jaacroread-fonts-koacroread-fonts-zh_CNacroread-fonts-zh_TWacroread_jaibm-data-db2libtalloc1libtalloc1-32bitcompat-openssl097gcompat-openssl097g-32bitMozillaFirefox-branding-SLEDbeagle-evolutionbeagle-firefoxbeagle-guimhtml-firefoxflash-player-kde4icedtea-webjava-1_6_0-openjdkjava-1_6_0-openjdk-demojava-1_6_0-openjdk-develkernel-pae-extrakernel-trace-extrakernel-xen-extraxen-kmp-tracepermissionslibproxy0-config-gnome-32bitlibproxy0-networkmanager-32bitlibxml2-pythonopenssl-certsquotavirt-managervm-installxrdpzypperzypper-logcabextractcompat-wireless-kmp-defaultcompat-wireless-kmp-paecompat-wireless-kmp-xengiflib-32bitlibgstbasecamerabinsrc-0_10-0libgstbasecamerabinsrc-0_10-0-32bitlibgstbasevideo-0_10-0libgstbasevideo-0_10-0-32bitlibgstphotography-0_10-0libgstphotography-0_10-0-32bitlibgstsignalprocessor-0_10-0libgstsignalprocessor-0_10-0-32bitlibgstvdp-0_10-0libgstvdp-0_10-0-32bitkde4-l10n-arkde4-l10n-cskde4-l10n-dakde4-l10n-da-datakde4-l10n-da-dockde4-l10n-dekde4-l10n-en_GBkde4-l10n-eskde4-l10n-es-datakde4-l10n-es-dockde4-l10n-frkde4-l10n-fr-datakde4-l10n-fr-dockde4-l10n-hukde4-l10n-itkde4-l10n-it-datakde4-l10n-it-dockde4-l10n-jakde4-l10n-kokde4-l10n-nbkde4-l10n-nlkde4-l10n-nl-datakde4-l10n-nl-dockde4-l10n-plkde4-l10n-pl-datakde4-l10n-pl-dockde4-l10n-ptkde4-l10n-pt_BRkde4-l10n-pt_BR-datakde4-l10n-pt_BR-dockde4-l10n-rukde4-l10n-ru-datakde4-l10n-ru-dockde4-l10n-svkde4-l10n-sv-datakde4-l10n-sv-dockde4-l10n-zh_CNkde4-l10n-zh_TWkdebase4-runtime-xinekernel-bigsmp-develkernel-bigsmplcms2liblcms2-2novell-qtguinovell-qtgui-clinovell-ui-baseorcaorca-langpwlib-plugins-avcpwlib-plugins-dcpwlib-plugins-v4l2wpa_supplicant-guisle-hae-releasehawkhawk-templatescluster-network-kmp-bigsmpcluster-network-kmp-paecluster-network-kmp-ppc64cluster-network-kmp-tracecluster-network-kmp-xengfs2-kmp-bigsmpgfs2-kmp-paegfs2-kmp-ppc64gfs2-kmp-tracegfs2-kmp-xenocfs2-kmp-bigsmpocfs2-kmp-paeocfs2-kmp-ppc64ocfs2-kmp-traceocfs2-kmp-xendrbd-kmp-bigsmpsle-pos-releasePOS_Image-Minimal3POS_Image-Netboot-hooksPOS_Image-ToolsPOS_Image3POS_MigrationPOS_Server-Admin3POS_Server-AdminGUIPOS_Server-AdminTools3POS_Server-BranchTools3POS_Server-Modules3POS_Server3admindadmind-clientposbioskernel-ec2-baseiscsitarget-kmp-rtbrocade-bna-kmp-rtcluster-network-kmp-rtcluster-network-kmp-rt_tracedrbd-kmp-rtdrbd-kmp-rt_tracekernel-rt_tracekernel-rt_trace-basekernel-rt_trace-develocfs2-kmp-rtocfs2-kmp-rt_traceofed-kmp-rtiscsitarget-kmp-rt_tracelttng-modules-kmp-rtlttng-modules-kmp-rt_traceofed-kmp-rt_tracejava-1_4_2-ibm-sapjava-1_4_2-ibm-sap-develsap_suse_cluster_connectorrhn-virtualization-commonrhn-virtualization-hostrhncfgrhncfg-actionsrhncfg-clientrhncfg-managementkoanrhnmdspacewalk-backend-libsspacewalk-certs-toolsgconf2gconf2-32bitgconf2-x86libidllibidl-32bitlibidl-x86mozilla-xulrunner190mozilla-xulrunner190-32bitmozilla-xulrunner190-gnomevfsmozilla-xulrunner190-translationsmozilla-xulrunner190-x86mozilla-xulrunner191mozilla-xulrunner191-32bitmozilla-xulrunner191-gnomevfsmozilla-xulrunner191-translationsmozilla-xulrunner191-x86orbit2orbit2-32bitorbit2-x86procpsacllibacllibacl-32bitlibacl-x86cifs-mountlibtalloc1-x86libgcc43libgcc43-32bitlibgcc43-x86libstdc++43libstdc++43-32bitlibstdc++43-x86keyutils-libskeyutils-libs-32bitkeyutils-libs-x86libidn-32bitlibidn-x86cyrus-sasl-crammd5-x86cyrus-sasl-gssapi-x86cyrus-sasl-otp-x86cyrus-sasl-plain-x86cyrus-sasl-x86gtkhtml2gtkhtml2-langcdparanoiacdparanoia-32bitcdparanoia-x86desktop-file-utilsfamfam-32bitfam-x86gnome-vfs2gnome-vfs2-32bitgnome-vfs2-x86gstreamer-0_10libogg0libogg0-32bitlibogg0-x86liboilliboil-32bitliboil-x86libgpg-error0libgpg-error0-32bitlibgpg-error0-x86iscsitargetiscsitarget-kmp-defaultiscsitarget-kmp-paeiscsitarget-kmp-ppc64iscsitarget-kmp-vmiiscsitarget-kmp-xenjava-1_5_0-beajava-1_5_0-bea-consolejava-1_5_0-bea-fontsjava-1_5_0-bea-jdbcjava-1_6_0-ibm-alsa-x86java-1_6_0-ibm-x86kde4-akonadikde4-akregatorkde4-kaddressbookkde4-kalarmkde4-kjotskde4-kmailkde4-knodekde4-knoteskde4-kontactkde4-korganizerkde4-ktimetrackerkde4-ktnefkdepim4kdepim4-wizardskdepimlibs4libakonadi4libkdepim4libkdepimlibs4kde4-gwenviewkde4-kcolorchooserkde4-krulerkde4-ksnapshotkde4-okularlibkipi5kde4-kdmkde4-kwinkde4-kgetkde4-knewstickerkde4-kopetekde4-krdckde4-krfbutempterutempter-32bitutempter-x86ext4dev-kmp-defaultext4dev-kmp-paeext4dev-kmp-ppc64ext4dev-kmp-vmiext4dev-kmp-xenkernel-kdumpkernel-vmikernel-vmi-baseoracleasm-kmp-defaultkvm-kmp-defaultkvm-kmp-paelibHX13libHX13-32bitlibHX13-x86libesmtpzlib-32bitzlib-x86neonlibpoppler4libtheora0libtheora0-32bitlibtheora0-x86libvolume_id1open-iscsiperl-IO-Socket-SSLwebsphere-as_celibcmpiutillibvirt-cimvirt-viewerxerces-j2xerces-j2-xml-apisxerces-j2-xml-resolverxpdf-toolsyast2-ldap-serverfirefox-libgcc_s1firefox-libstdc++6btrfs-kmp-defaultbtrfs-kmp-paebtrfs-kmp-xenext4dev-kmp-tracehyper-v-kmp-defaulthyper-v-kmp-paehyper-v-kmp-tracefirefox-gcc47libpq5-x86libopenssl0_9_8-hmac-x86quota-nfsMozillaFirefox-branding-SLES-for-VMwaregiflib-x86jakarta-commons-collectionsjakarta-commons-collections-javadocjakarta-commons-collections-tomcat5kde4-l10n-bgkde4-l10n-cakde4-l10n-csbkde4-l10n-elkde4-l10n-etkde4-l10n-eukde4-l10n-fikde4-l10n-gakde4-l10n-glkde4-l10n-hikde4-l10n-iskde4-l10n-kkkde4-l10n-kmkde4-l10n-kukde4-l10n-ltkde4-l10n-lvkde4-l10n-mkkde4-l10n-mlkde4-l10n-ndskde4-l10n-nnkde4-l10n-pakde4-l10n-rokde4-l10n-slkde4-l10n-thkde4-l10n-trkde4-l10n-ukkde4-l10n-wakernel-bigsmp-baseiscsitarget-kmp-bigsmpofed-kmp-bigsmporacleasm-kmp-bigsmpkrb5-pluginsNetworkManager-kde4NetworkManager-kde4-langNetworkManager-kde4-libsNetworkManager-openvpn-kde4NetworkManager-pptp-kde4plasmoid-networkmanagementrhnlibsuseRegisterInfocracklib-32bitcracklib-x86fontconfig-x86kernel-bigmemkernel-bigmem-basekernel-bigmem-devellhalibcap-ng-utilslibcap-ng0libcap-ng0-32bitperl-Sys-Virtlibsqlite3-0-x86xorg-x11-libXpm-32bitxorg-x11-libXpm-x86yast2-storage-libsuse-cloud-releasecrowbar-barclamp-trovemongodbcrowbar-barclamp-neutronopenstack-neutron-docopenstack-neutron-ibm-agentopenstack-neutron-mlnx-agentopenstack-neutron-nec-agentopenstack-neutron-nvsd-agentopenstack-neutron-plugin-ciscoopenstack-neutron-restproxy-agentopenstack-neutron-ryu-agentopenstack-neutron-servernovncopenstack-ceilometer-agent-centralopenstack-ceilometer-agent-ipmiopenstack-ceilometer-agent-notificationopenstack-ceilometer-alarm-evaluatoropenstack-ceilometer-alarm-notifieropenstack-ceilometer-apiopenstack-ceilometer-collectoropenstack-ceilometer-docopenstack-cinder-apiopenstack-cinder-backupopenstack-cinder-docopenstack-cinder-scheduleropenstack-glanceopenstack-glance-docopenstack-heatopenstack-heat-apiopenstack-heat-api-cfnopenstack-heat-api-cloudwatchopenstack-heat-docopenstack-heat-engineopenstack-keystoneopenstack-keystone-docopenstack-saharaopenstack-sahara-apiopenstack-sahara-docopenstack-sahara-enginepython-glancepython-heatpython-keystonepython-oslo.i18npython-oslo.utilspython-oslotestpython-saharapython-sixcrowbar-barclamp-nova_dashboardopenstack-dashboardpython-django_openstack_authpython-horizonopenstack-nova-apiopenstack-nova-cellsopenstack-nova-certopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-consoleauthopenstack-nova-docopenstack-nova-novncproxyopenstack-nova-objectstoreopenstack-nova-scheduleropenstack-nova-serialproxyopenstack-nova-vncproxyopenstack-swiftopenstack-swift-accountopenstack-swift-containeropenstack-swift-docopenstack-swift-objectopenstack-swift-proxypython-swiftopenstack-troveopenstack-trove-apiopenstack-trove-conductoropenstack-trove-docopenstack-trove-guestagentopenstack-trove-taskmanagerpython-trovepython-Djangopython-Pillowpython-openstackclientruby2.1-rubygem-sprockets-2_11ruby2.1-rubygem-actionpack-4_1rubygem-actionpack-4_1ruby2.1-rubygem-actionview-4_1rubygem-actionview-4_1ruby2.1-rubygem-activemodel-4_1rubygem-activemodel-4_1ruby2.1-rubygem-activerecord-4_1rubygem-activerecord-4_1ruby2.1-rubygem-activesupport-4_1rubygem-activesupport-4_1ruby2.1-rubygem-bson-1_11ruby2.1-rubygem-easy_diffruby2.1-rubygem-redcarpetrubygem-bson-1_11rubygem-easy_diffrubygem-redcarpetrubygem-sprockets-2_11ruby2.1-rubygem-rackapache2-mod_wsgisuse-openstack-cloud-releasecouchdbcrowbar-openstackopenstack-heat-plugin-heat_dockeropenstack-heat-templatesopenstack-ironicopenstack-ironic-apiopenstack-ironic-conductorpython-ironicrabbitmq-serverrabbitmq-server-pluginsruby2.1-rubygem-actionpack-4_2ruby2.1-rubygem-actionview-4_2ruby2.1-rubygem-activemodel-4_2ruby2.1-rubygem-activerecord-4_2ruby2.1-rubygem-activesupport-4_2ruby2.1-rubygem-chef-expanderruby2.1-rubygem-chef-serverruby2.1-rubygem-chef-server-apiruby2.1-rubygem-chef-solrrubygem-chef-expanderrubygem-chef-server-apirubygem-chef-solrruby2.1-rubygem-extlibruby2.1-rubygem-multi_xmlruby2.1-rubygem-rails-html-sanitizerruby2.1-rubygem-railties-4_2openstack-designateopenstack-designate-agentopenstack-designate-apiopenstack-designate-centralopenstack-designate-docopenstack-designate-sinkopenstack-ironic-docopenstack-neutron-vpnaasopenstack-neutron-vpnaas-docopenstack-nova-dockeropenstack-tempestopenstack-tempest-testpython-designatepython-neutron-vpnaaspython-tempestopenstack-ceilometer-pollingopenstack-manilaopenstack-manila-apiopenstack-manila-docopenstack-manila-scheduleropenstack-manila-shareopenstack-neutron-fwaasopenstack-neutron-fwaas-docopenstack-neutron-lbaasopenstack-neutron-lbaas-docopenstack-resource-agentspython-manilapython-networking-ciscopython-neutron-fwaaspython-neutron-lbaasopenstack-horizon-plugin-manila-uipython-horizon-plugin-manila-uipython-suds-jurkorubygem-actionview-4_2python-defusedxmlpython-pysaml2roundcubemailopenSUSE-releaseMozillaFirefox-branding-upstreamMozillaFirefox-buildsymbolsMozillaFirefox-translations-commonMozillaFirefox-translations-otheropenldap2-back-sqlopenldap2-docphpMyAdminchromedriverchromiumchromium-desktop-gnomechromium-desktop-kdechromium-ffmpegsumojava-1_7_0-openjdk-accessibilityjava-1_7_0-openjdk-javadocjava-1_7_0-openjdk-srcMozillaThunderbirdMozillaThunderbird-buildsymbolsMozillaThunderbird-develMozillaThunderbird-translations-commonMozillaThunderbird-translations-otherdbus-1-devel-32bitseamonkeyseamonkey-dom-inspectorseamonkey-ircseamonkey-translations-commonseamonkey-translations-otherprivoxyprivoxy-doclibmysql56client18libmysql56client18-32bitlibmysql56client_r18libmysql56client_r18-32bitmysql-community-servermysql-community-server-benchmysql-community-server-clientmysql-community-server-errormessagesmysql-community-server-testmysql-community-server-toolslibcurl-devel-32bitcacticacti-spinelibnettle-devel-32bitnettleclaws-mailclaws-mail-develclaws-mail-langglibc-devel-static-32bitglibc-extraglibc-obsoleteglibc-testsuiteglibc-utilsglibc-utils-32bitxdelta3wireshark-ui-gtkwireshark-ui-qtlibotr-toolslibotr2-devellibotr2-toolsbind-lwresdgit-remote-helperscgitnss-myhostnamenss-myhostname-32bitsystemd-journal-gatewaysystemd-loggersystemd-mini-sysvinitctdb-pcp-pmdactdb-testslibdcerpc-atsvc0-32bitlibdcerpc-samr0-32bitlibldb1-x86libregistry0-32bitlibsamba-policy0-32bitsamba-pidlsamba-pythonapache2-mod_apparmorapparmorapparmor-docsapparmor-parserapparmor-parser-langapparmor-profilesapparmor-utilsapparmor-utils-langlibapparmor-devellibapparmor1libapparmor1-32bitpam_apparmorpam_apparmor-32bitperl-apparmorpython3-apparmorruby-apparmorproftpdproftpd-develproftpd-docproftpd-langproftpd-ldapproftpd-mysqlproftpd-pgsqlproftpd-radiusproftpd-sqlitelibtorrent-rasterbarlibtorrent-rasterbar-devellibtorrent-rasterbar-doclibtorrent-rasterbar7python-libtorrent-rasterbarlibvirt-daemon-driver-umllibvirt-daemon-driver-vboxlibvirt-daemon-driver-xenlibvirt-daemon-umllibvirt-daemon-vboxlibvirt-login-shelllibircclientlibircclient-devellibircclient-doclibircclient1dropbeartypo3-cms-4_5typo3-cms-4_7rubygem-i18nrubygem-i18n-docrubygem-i18n-testsuiterubygem-activesupport-3_2-docrubygem-actionmailer-3_2-docenigmaillibv8-3v8v8-develv8-private-headers-develwebyast-basewebyast-base-branding-defaultwebyast-base-testsuitephp5-firebirdphp5-mssqlupdate-test-securityibusibus-branding-openSUSE-KDEibus-develibus-gtkibus-gtk-32bitibus-gtk3ibus-gtk3-32bitibus-langlibibus-1_0-5libibus-1_0-5-32bitpython-ibustypelib-1_0-IBus-1_0python-djangolibgnutls-devel-32bitlibvarnishapi1varnishvarnish-develnginxruby19ruby19-develruby19-devel-extraruby19-doc-riruby19-tksubversion-rubyruby20ruby20-develruby20-devel-extraruby20-doc-riruby20-tkchromium-suid-helperxtrabackupnodejsnodejs-develthttpdxen-kmp-desktopxen-xend-toolsca-certificates-mozillarubygem-actionpack-3_2-docquasselquassel-basequassel-clientquassel-corequassel-monoopenttdopenttd-dataopenttd-dedicatedlibpoppler34libpoppler43qemu-linux-userpython-apache-libcloudkernel-debugkernel-debug-basekernel-debug-develkernel-desktopkernel-desktop-basekernel-desktop-develkernel-source-vanillakernel-vanillakernel-vanilla-develseamonkey-venkmannagios-www-dchMozillaFirefox-branding-basedonopensusePackageKit-branding-basedonopensuseawesome-branding-basedonopensusebot-sentrybranding-basedonopensusecompiz-branding-basedonopensusedynamic-wallpaper-branding-basedonopensusee17-branding-basedonopensuseepiphany-branding-basedonopensusefcitx-branding-basedonopensusegcin-branding-basedonopensusegconf2-branding-basedonopensusegdm-branding-basedonopensusegfxboot-branding-basedonopensusegio-branding-basedonopensusegnome-menus-branding-basedonopensusegrub2-branding-basedonopensusegtk2-branding-basedonopensusegtk3-branding-basedonopensusehicolor-icon-theme-branding-basedonopensuseinstall-initrd-branding-basedonopensusekdebase3-SuSE-branding-basedonopensusekdebase4-runtime-branding-basedonopensusekdebase4-workspace-branding-basedonopensusekdelibs4-branding-basedonopensusekdm-branding-basedonopensuseksplash-qml-branding-basedonopensuseksplashx-branding-basedonopensuseleechcraftleechcraft-advancednotificationsleechcraft-aggregatorleechcraft-aggregator-bodyfetchleechcraft-anheroleechcraft-auscrieleechcraft-azothleechcraft-azoth-acetamideleechcraft-azoth-adiumstylesleechcraft-azoth-autoidlerleechcraft-azoth-autopasteleechcraft-azoth-birthdaynotifierleechcraft-azoth-chathistoryleechcraft-azoth-depesterleechcraft-azoth-docleechcraft-azoth-embedmedialeechcraft-azoth-herbicideleechcraft-azoth-hilileechcraft-azoth-isteriqueleechcraft-azoth-juickleechcraft-azoth-keesoleechcraft-azoth-lastseenleechcraft-azoth-metacontactsleechcraft-azoth-modnokleechcraft-azoth-nativeemoticonsleechcraft-azoth-otroidleechcraft-azoth-p100qleechcraft-azoth-rosenthalleechcraft-azoth-shxleechcraft-azoth-standardstylesleechcraft-azoth-vaderleechcraft-azoth-velvetbirdleechcraft-azoth-xooxleechcraft-azoth-xtazyleechcraft-azoth-zheetleechcraft-bittorrentleechcraft-blogiqueleechcraft-blogique-hestialeechcraft-blogique-metidaleechcraft-choroidleechcraft-cstpleechcraft-dbusmanagerleechcraft-deadlyricsleechcraft-develleechcraft-docleechcraft-dolozheeleechcraft-dumbeepleechcraft-gactsleechcraft-glanceleechcraft-gmailnotifierleechcraft-historyholderleechcraft-hotsensorsleechcraft-hotstreamsleechcraft-kbswitchleechcraft-kinotifyleechcraft-knowhowleechcraft-lackmanleechcraft-lastfmscrobbleleechcraft-launchyleechcraft-lemonleechcraft-lhtrleechcraft-liznooleechcraft-lmpleechcraft-lmp-dumbsyncleechcraft-lmp-graffitileechcraft-lmp-mp3tunesleechcraft-monocleleechcraft-monocle-docleechcraft-monocle-fxbleechcraft-monocle-muleechcraft-monocle-pdfleechcraft-monocle-postrusleechcraft-monocle-seenleechcraft-musiczombieleechcraft-netstoremanagerleechcraft-netstoremanager-googledriveleechcraft-networkmonitorleechcraft-newlifeleechcraft-otlozhuleechcraft-pintableechcraft-pogooglueleechcraft-popishuleechcraft-poshukuleechcraft-poshuku-autosearchleechcraft-poshuku-cleanwebleechcraft-poshuku-fatapeleechcraft-poshuku-fileschemeleechcraft-poshuku-fualeechcraft-poshuku-keywordsleechcraft-poshuku-onlinebookmarksleechcraft-poshuku-onlinebookmarks-deliciousleechcraft-poshuku-onlinebookmarks-readitlaterleechcraft-sb2leechcraft-secmanleechcraft-secman-simplestorageleechcraft-seekthruleechcraft-shaitanleechcraft-shellopenleechcraft-summaryleechcraft-syncerleechcraft-tabsessionmanagerleechcraft-tabslistleechcraft-touchstreamsleechcraft-tpileechcraft-vgrabberleechcraft-vroobyleechcraft-xproxylibexo-1-0-branding-basedonopensuselibgarcon-branding-basedonopensuselibpurple-branding-basedonopensuselibpurple-branding-openSUSElibpurple-branding-upstreamlibpurple-plugin-bot-sentrylibpurple-plugin-bot-sentry-langlibpurple-plugin-facebookchatlibpurple-plugin-mrimlibpurple-plugin-mrim-langlibpurple-plugin-openfetionlibpurple-plugin-openfetion-langlibpurple-plugin-packlibpurple-plugin-pack-extraslibpurple-plugin-sipelibpurple-plugin-skypelibpurple-plugin-skype-langlibreoffice-branding-basedonopensuselibsocialweb-branding-basedonopensuselibxfce4ui-branding-basedonopensuselightdm-gtk-greeter-branding-basedonopensuselxde-common-branding-basedonopensusemidori-branding-basedonopensusepidgin-advanced-sound-notificationpidgin-advanced-sound-notification-langpidgin-birthday-reminderpidgin-birthday-reminder-langpidgin-branding-openSUSEpidgin-embeddedvideopidgin-facebookchatpidgin-guificationspidgin-guifications-langpidgin-mrimpidgin-openfetionpidgin-plugin-advanced-sound-notificationpidgin-plugin-birthday-reminderpidgin-plugin-embeddedvideopidgin-plugin-guificationspidgin-plugin-packpidgin-plugin-pack-extraspidgin-plugin-skypepidgin-sipeplymouth-branding-basedonopensusepurple-plugin-packpurple-plugin-pack-langskype4pidginsplashy-branding-basedonopensusesusegreeter-branding-basedonopensusesystemd-presets-branding-basedonopensusetelepathy-hazetelepathy-plugin-sipethunar-volman-branding-basedonopensusewallpaper-branding-basedonopensusexfce4-notifyd-branding-basedonopensusexfce4-panel-branding-basedonopensusexfce4-session-branding-basedonopensusexfce4-settings-branding-basedonopensusexfce4-splash-branding-basedonopensusexfdesktop-branding-basedonopensusexfwm4-branding-basedonopensuseyast2-branding-basedonopensuseyast2-qt-branding-basedonopensuseoperaopera-gtkopera-kde4mumblemumble-32bitmumble-servericingaicinga-develicinga-docicinga-idoutilsicinga-idoutils-mysqlicinga-idoutils-oracleicinga-idoutils-pgsqlicinga-plugins-downtimesicinga-plugins-eventhandlersicinga-wwwmonitoring-toolsmupdfmupdf-devel-staticpython3-logilab-commonicedtea-web-javadoclibvlc5libvlccore7vlcvlc-develvlc-gnomevlc-noXvlc-noX-langvlc-qtpercona-toolkitrubygem-activerecord-3_2-doclibecpg6-32bitpostgresql92postgresql92-contribpostgresql92-develpostgresql92-docspostgresql92-libspostgresql92-plperlpostgresql92-plpythonpostgresql92-pltclpostgresql92-serverfail2banlibpng16-compat-devel-32bitlibpng16-devel-32bitlibpng16-toolsotrsotrs-docotrs-itsmImageMagick-devel-32bitImageMagick-docImageMagick-extralibMagick++-6_Q16-2libMagick++-6_Q16-2-32bitlibMagick++-devel-32bitlibMagick++5libMagickCore5libMagickCore5-32bitlibMagickWand-6_Q16-1-32bitlibMagickWand5libMagickWand5-32bitlibssh4-32bitlibmagic-dataphp5-pear-Net_IDNA2udisksudisks-develtypelib-1_0-UDisks-2_0libjanssonlibjansson-develnet-snmp-pythonperl-HTTP-Bodylighttpd-mod_geoiplibpython3_3m1_0libpython3_3m1_0-32bitpython3-32bitpython3-base-32bitpython3-dbmpython3-docpython3-doc-pdfpython3-idlepython3-testsuitepython3-tkpython3-toolsrubygem-rack-ssl-docjson-clibjson-devellibjson-doclibjson0libjson0-32bitlibmmslibmms0-32bitnrpenrpe-doclibpng12-compat-devel-32bitlibpng12-devel-32bitpython-eyeD3android-toolscloopcloop-kmp-defaultcloop-kmp-desktopcloop-kmp-paecloop-kmp-xencrashcrash-develcrash-doccrash-eppiccrash-gcorecrash-kmp-defaultcrash-kmp-desktopcrash-kmp-paecrash-kmp-xenhdjmodhdjmod-kmp-defaulthdjmod-kmp-desktophdjmod-kmp-paehdjmod-kmp-xenipsetipset-develipset-kmp-defaultipset-kmp-desktopipset-kmp-paeipset-kmp-xeniscsitarget-kmp-desktoplibipset3ndiswrapperndiswrapper-kmp-defaultndiswrapper-kmp-desktopndiswrapper-kmp-paeopenvswitch-controlleropenvswitch-kmp-desktopopenvswitch-kmp-paeopenvswitch-pkiopenvswitch-testpcfclockpcfclock-kmp-defaultpcfclock-kmp-desktoppcfclock-kmp-paepython-openvswitchpython-openvswitch-testpython-virtualboxvirtualboxvirtualbox-develvirtualbox-guest-kmp-defaultvirtualbox-guest-kmp-desktopvirtualbox-guest-kmp-paevirtualbox-guest-toolsvirtualbox-guest-x11virtualbox-host-kmp-defaultvirtualbox-host-kmp-desktopvirtualbox-host-kmp-paevirtualbox-qtvirtualbox-websrvxtables-addonsxtables-addons-kmp-defaultxtables-addons-kmp-desktopxtables-addons-kmp-paextables-addons-kmp-xenstrongswan-mysqlstrongswan-nmstrongswan-sqlitelibXfont-devel-32bitlibXfont1-32bitpostfixadmintorlibcap-ng-pythonpython3-lxmlpython3-lxml-doclightdm-gtk-greeterlightdm-gtk-greeter-branding-upstreamlightdm-gtk-greeter-langninjarmailuucplibminiupnpc-devellibminiupnpc10miniupnpcpython-miniupnpccastorcastor-democastor-doccastor-javadoccastor-testcastor-xmlvhba-kmpvhba-kmp-defaultvhba-kmp-desktopvhba-kmp-paevhba-kmp-xenxalan-j2-xsltclibreoffice-help-astlibreoffice-help-bglibreoffice-help-calibreoffice-help-ellibreoffice-help-en-ZAlibreoffice-help-etlibreoffice-help-eulibreoffice-help-filibreoffice-help-gllibreoffice-help-group1libreoffice-help-group2libreoffice-help-group3libreoffice-help-group4libreoffice-help-group5libreoffice-help-kmlibreoffice-help-mklibreoffice-help-nblibreoffice-help-sklibreoffice-help-sllibreoffice-help-trlibreoffice-help-vilibreoffice-icon-theme-crystallibreoffice-icon-theme-hicontrastlibreoffice-icon-theme-oxygenlibreoffice-icon-themes-prebuiltlibreoffice-l10nlibreoffice-l10n-amlibreoffice-l10n-aslibreoffice-l10n-astlibreoffice-l10n-be-BYlibreoffice-l10n-brlibreoffice-l10n-cylibreoffice-l10n-en-ZAlibreoffice-l10n-eolibreoffice-l10n-etlibreoffice-l10n-eulibreoffice-l10n-galibreoffice-l10n-gdlibreoffice-l10n-gllibreoffice-l10n-helibreoffice-l10n-idlibreoffice-l10n-islibreoffice-l10n-kalibreoffice-l10n-kmlibreoffice-l10n-knlibreoffice-l10n-mklibreoffice-l10n-mllibreoffice-l10n-mrlibreoffice-l10n-nrlibreoffice-l10n-omlibreoffice-l10n-orlibreoffice-l10n-pa-INlibreoffice-l10n-rwlibreoffice-l10n-shlibreoffice-l10n-sllibreoffice-l10n-srlibreoffice-l10n-sslibreoffice-l10n-stlibreoffice-l10n-talibreoffice-l10n-telibreoffice-l10n-tglibreoffice-l10n-thlibreoffice-l10n-trlibreoffice-l10n-tslibreoffice-l10n-uglibreoffice-l10n-velibreoffice-l10n-vilibreoffice-sdk-doclzoeeteet-develeet-doc-htmleet-exampleslibeet1pulseaudio-system-wideeximeximoneximstats-htmltransmissiontransmission-commontransmission-daemontransmission-gtktransmission-gtk-langtransmission-qttransmission-qt-langkdebase4-workspace-branding-upstreamkdebase4-workspace-liboxygenstylekdebase4-workspace-liboxygenstyle-32bitkdebase4-workspace-plasma-calendarkdelibs4-apidocskdm-branding-upstreamkrandrlibksuseinstall-develpython-kdebase4jbigkitlibjbig-devel-32bitlibelf-devel-32bitapache2-eventldb-toolspyldb-32bitpython-tdb-32bitpython-tevent-32bitopenstack-neutron-hyperv-agentopenstack-neutron-testopenstack-neutron-vmware-agentpython-eventletpython-eventlet-docpython-greenletpython-greenlet-develpython-iso8601python-neutronclientpython-neutronclient-testpython-pypython-pytestlibserflibserf-1-0libserf-develIPythonIPython-docpython-pyzmqpython-pyzmq-develpython3-IPythonlua-docgearygeary-langbash-loadablessrtpsrtp-develrsyslog-module-dbirsyslog-module-elasticsearchrsyslog-module-gcryptrsyslog-module-guardtimersyslog-module-mmnormalizegetmailgetmail-docperl-Email-Addresstnftplibzmq4libMagick++-6_Q16-5libMagick++-6_Q16-5-32bitlibMagickCore-6_Q16-2libMagickCore-6_Q16-2-32bitlibMagickWand-6_Q16-2libMagickWand-6_Q16-2-32bitpixmanrubygem-sprockets-2_2-docrubygem-sprockets-2_1rubygem-sprockets-2_1-docrubygem-sprocketsrubygem-sprockets-docicecasticecast-docflac-devel-32bitopenvpn-down-root-pluginlibjpeg62-devel-32bitlibjpeg8-devel-32bitlibturbojpeg0-32bitperl-Placklua-rrdtoolpython-rrdtoolruby-rrdtooltcl-rrdtoolfirebirdfirebird-32bitfirebird-classicfirebird-docfirebird-superserverlibfbclient2libfbclient2-32bitlibfbclient2-develpdns-recursorpython3-rpmsubversion-python-ctypesapache2-itklibreoffice-icon-theme-sifrlibreoffice-l10n-bnlibreoffice-l10n-dzlibreoffice-l10n-falibreoffice-l10n-kklibreoffice-l10n-lvlibreoffice-l10n-mailibreoffice-l10n-nsolibreoffice-l10n-palibreoffice-l10n-silibreoffice-l10n-tngnumericgnumeric-develgnumeric-langackperl-App-AcklibQt5Gui5-32bitlibQt5Sql5-32bitlibQt5Test5-32bitlibQt5Widgets5-32bitlibqt5-qtbase-32bitlibqt5-sql-mysqllibqt5-sql-mysql-32bitlibqt5-sql-postgresqllibqt5-sql-postgresql-32bitlibqt5-sql-sqlitelibqt5-sql-sqlite-32bitlibqt5-sql-unixODBClibqt5-sql-unixODBC-32bitvirtualbox-guest-desktop-iconsunzip-docunzip-rcclibLLVMlibLLVM-32bitlibclangllvmllvm-clangllvm-clang-develllvm-develllvm-vim-pluginsgcabgcab-develgcab-langlibgcab-1_0-0jythonjython-demojython-javadocjython-manuallibsndfile-progssnackpython-ropelibmspack0-32bitxtrabackup-testputtyglusterfsglusterfs-devellibgfapi0libgfrpc0libgfxdr0libglusterfs0libarchive13-32bitkdebase4-runtime-branding-upstreamkdebase4-runtime-develkonversationkonversation-langkwebkitpartkwebkitpart-langplasma-theme-oxygenlesslibzip2-32bitmercurial-langrubygem-bundler-doclibgd3libgd3-32bitlibgit2-0libgit2-21libgit2-devellibpotrace0potracepotrace-develrubygem-rest-clientrubygem-rest-client-docrubygem-rest-client-testsuitentoplibblkid-devel-staticlibmount-devel-32bitlibmount-devel-staticlibsmartcols-devel-staticlibuuid-devel-staticDirectFB-MesaDirectFB-devel-32bitDirectFB-docDirectFB-libSDLDirectFB-libvncclientlib++dfb-1_7-5libdirectfb-1_6-0libdirectfb-1_6-0-32bitlibdirectfb-1_7-5libdirectfb-1_7-5-32bitlibpcre16-0-32bitlibpcreposix0-32bitpcre-docgnu_parallelgnu_parallel-doclibtasn1-devel-32bitlibrawlibraw-toolslibraw10openstack-dashboard-branding-upstreamopenstack-dashboard-testpython-horizon-branding-upstreamnbdnbd-doclibfuse2-32bitzeromq-toolstidy-docdpkgdpkg-develdpkg-langbusybox-staticlibwmf-0_2-7-32bitrubygem-RedClothrubygem-RedCloth-docrubygem-RedCloth-testsuitemariadb-benchmariadb-testpesignlibunwindlibunwind-32bitlibunwind-develrubygem-rack-docrubygem-rack-testsuiterubygem-rack-1_3-docrubygem-rack-1_3-testsuiterubygem-rack-1_4-docrubygem-rack-1_4-testsuiterubygem-jquery-railsrubygem-jquery-rails-doclibcryptopplibcryptopp-5_6_2-0libcryptopp-5_6_2-0-32bitlibcryptopp-devellibcryptopp-devel-staticpdnspdns-backend-ldappdns-backend-luapdns-backend-mydnspdns-backend-mysqlpdns-backend-postgresqlpdns-backend-sqlite3java-1_7_0-openjdk-bootstrapjava-1_7_0-openjdk-bootstrap-develjava-1_7_0-openjdk-bootstrap-headlessgpsdgpsd-clientsgpsd-devellibQgpsmm20libgps20python-gpsdMozillaFirefox-branding-openSUSEvirtualbox-host-sourcelibgcrypt-cavslibvdpau-devel-32bitlibvdpau_trace1libvdpau_trace1-32bitremindlibnfsidmap-ssslibsss_simpleifp-devellibsss_simpleifp0python-ipa_hbacpython-sss_nss_idmapsssd-dbussssd-wbclientsssd-wbclient-develredisfroxlorpython3-IPython-docpolkit-docspice-clientjakarta-taglibs-standardjakarta-taglibs-standard-javadoclibeventlibevent-2_0-5-32bitnodejs-docnodejs-docsnodejs-npmaudiofileaudiofile-develaudiofile-devel-32bitaudiofile-doclibaudiofile1libaudiofile1-32bitsudo-testbouncycastlebouncycastle-javadocxulrunnerxulrunner-32bitxulrunner-develgit-docxscreensaver-data-extralibminiupnpc10-32bitpython-hivexgummigummi-langgrub2-branding-upstreamgrub2-i386-efilive555live555-devellibebmllibebml-devellibebml4libebml4-32bitlibmatroskalibmatroska-devellibmatroska6libmatroska6-32bitnpmperl-Module-Signature0:1.5.4-1.1050:2014.2.3.dev13-1.10:2014.2.2.dev26-3.10:1.6.4-0.7.10:1.0.0-14.10:2.6.1-1.180:2.6.3-2.200:2.3.0-1.60:10.32.2-3.10:6.8.8.1-5.21120:31.1.0esr-1.200:13.2+git20140911.61c1681-1.160:0.6.35-1.1260:1.0.27.2-11.100:1.6.3-1.1790:0.6.31-20.590:4.2-75.20:6.2-75.20:9.9.5P1-1.100:1.2.4-3.560:1.0.6-27.11290:6.4-3.50:0.98.4-1.460:1.1.7-2.420:0.1.25-3.1130:1.1.0-147.710:8.22-5.170:2.11-26.1820:1.27.1-2.220:4.8.3+r212056-6.30:4.2-55.30:1.4.11-55.30:1.7.5-2.70:1.0.58-2.60:0.2.5-3.750:7.37.0-2.50:1.12.12-181.630:2.1.26-7.10:1.8.8-1.50:1.8.8-1.120:0.100.2-3.580:4.2.6-7.30:0.97.2-13.2530:037-34.40:103-5.350:0.158-3.2000:24.3-14.440:3.10.3-1.1310:3.10.3-1.2130:2.1.0-13.2320:2.0.2-1.60:6.3.26-5.180:5.19-2.1490:2.10.9-5.150:11.2.202.406-1.30:1.0.2-7.90:2.5.3-2.110:2.9.3-3.650:1.1.36-54.1000:2.1.0-3.120:2.30.6-1.230:2.40.2-1.130:3.10.0.1-13.30:2.8.10-1.1640:2.38.2-5.120:2.19-17.720:3.10.1-4.10:3.10.5-1.110:3.10.4-22.130:3.2.15-1.80:2.0.24-1.50:1.5.1-1.120:1.22.2-5.4290:7.4.326-2.620:1.6-7.3920:1.0-6.450:3.14.6-3.140:1.4.10.1-2.250:1.5.0-2.130:s20121221-2.190:1.7.0.65-3.70:1.5.1-1.130:1.15.5-7.120:3.12.28-4.60:1.12.1-6.30:1.0.3-1.50:1.19-17.310:3.18-1.190:2.1.0-4.50:1.6.2-4.120:1.0.7-3.540:1.1.14-3.600:1.3.2-3.610:5.0.1-3.530:1.4.7-2.90:1.7.2-3.620:1.1.3-3.550:1.0.2-3.580:1.4.2-3.560:0.9.8-3.560:1.1.4-3.590:1.2.2-3.600:1.0.10-3.570:1.0.8-3.570:1.1.3-3.540:1.2.0-1.50:2.25-6.690:2.25-6.50:2.25-6.10:0.41.rc1-1.300:4.1.12-3.20:1.1.3-3.520:9.3.5-2.30:9.3.5-2.240:2.0.21-4.10:0.6.21-6.40:2.5.2.26539-13.420:3.16.4-5.20:2.5.3-2.180:1.11.4-1.120:7.2d-3.770:1.6.1-9.10:1.0.0-352.840:0.4-3.830:210-44.10:0.15.1b-182.580:1.11.5.1-5.200:2.2.7-3.630:2.0-12.130:0.11-2.220:2.4.2-14.600:5.2.2-4.20:2.08-1.130:3.2.0-4.590:0.6.2-15.80:0.8.8.4-13.690:0.4-3.640:2.1.5-27.860:10.0.11-6.40:0.30.0-3.650:0.9.8j-59.110:1.0.1i-2.120:1.36.3-4.140:1.8.10-3.70:1.2.50-8.210:1.6.8-2.240:0.112-2.1890:0.24.4-3.140:0.24.4-3.130:0.4.11-11.20:0.4.11-11.60:5.0-2.70:2.7.7-2.360:3.4.1-2.380:4.8.6-2.110:4.8.6-2.60:2.0.10-3.670:0.15.4-3.880:4.3.1.2-3.70:0.19-16.560:1.1.10-24.1280:0.4.8-18.630:1.0.25-18.750:5.7.2.1-3.80:2.44.2-1.460:0.25-3.40:0.6.3-1.40:1.9.1-1.2650:3.7-2.130:4.0.3-9.780:2.1.3-1.140:1.2.5-13.30:1.3.3-8.230:0.28.2-17.830:1.10-1.210:3.1.1-1.60:2.9.1-6.20:0.1.6-1.190:0.11.1-4.620:4.0.4-2.10:3.8.7-3.210:1.4.16-15.740:2.0.2.umip.0.4-19.770:4.10.7-1.130:1.5.21-44.380:4.2.6p5-24.30:0.13.0-1.1220:2.0.0-2.90:6.6p1-4.60:1.1.8-11.570:12.1-23.120:2.4.4-4.50:2.0-1.400:2.7.1-5.1910:1.4.14-1.450:5.18.2-3.70:2.82-3.140:3.71-1.1780:6.04-5.40:804.031-3.820:0.38-7.610:4.0.0-6.180:2.4.7-1.70:3.22-267.120:3.6.2-3.620:2.7.7-2.120:3.4.1-2.760:1.4.5-1.50:1.1.7-21.150:0.14-1.70:0.7.0-4.70:2.0.0-40.70:1.0.0-40.70:1.7.4-40.70:8-40.70:1.9.7-2.170:3.0.2-1.920:3.1.0-2.70:8.4.0-2.20:0.11_git201205151338-8.170:2.1-1.60:0.7-14.20:1.7.2.4-1.20:4.3-1.150:5.1.3-4.10:1.8.10p3-1.620:0.83.7-2.10:2.0-778.10:2.88+-94.130:5.1.1-1.170:0.18.1-3.2680:0.2.0-1.620:5.2-8.840:1.3.0-17.30:2.3.1-4.950:3.10.1-1.860:1.4.0-16.90:0.5.3-153.1450:1.2.1-3.640:1.14-4.830:1.10.9-1.110:2.7.0-264.1330:4.4.1_06-2.20:4.4.1_06_k3.12.28_4-2.20:2.99.914-4.10:2.3.15-7.70:5.43-5.330:7.6_1-14.170:1.1.0-3.580:7.6-45.140:7.6_1.15.2-12.170:3.1.108-1.160:3.1.11-1.90:2.10-1020.620:1.7.1-4.112.10:6.8.8.1-8.20:38.4.0esr-51.10:13.2+git20140911.61c1681-9.10:0.6.35-3.100:5.0.9-8.10:9.9.6P1-30.20:2.25.0-13.10:1.21.1-3.30:6.4-6.40:0.98.7-13.10:1.1.7-5.30:8.22-9.10:2.11-29.10:4.8.5-24.10:4.2-58.30:1.4.11-58.30:1.7.5-9.10:1.0.58-8.10:7.37.0-15.10:1.8.16-14.10:4.3.3-2.20:2.71-8.30:037-66.20:1.42.11-7.10:0.158-6.10:2.0.2-6.10:5.19-9.10:2.10.9-8.10:11.2.202.548-111.10:2.5.5-7.5.10:2.9.3-5.10:2.1.0-5.10:3.10.0.1-23.10:2.19-31.90:3.10.1-11.10:3.10.2-20.10:3.10.4-40.10:3.2.15-11.10:0.10.23-17.10:6-11.10:52.1-7.10:1.7.0.91-21.20:1.6.1-2.3.10:1.6.1-2.4.210:1.8.0.65-1.130:1.15.5-8.4.10:3.12.49-11.10:1.12.1-19.10:1.3.0-6.10:5.3.2-1.810:1.4.7-4.10:1.7.4-9.20:3.1.2-9.10:1.2.0-3.10:2.25-30.10:2.25-30.40:0.41.rc1-4.10:4.2.4-4.190:9.4.5-4.10:9.4.5-4.50:3.19.2.1-29.10:1.6.1-16.10:210-83.20:1.11.5.1-14.10:1.900.1-170.10:2.4.8-16.20:1.3.1-30.30:62.1.0-30.10:1.3.1-30.10:8.0.2-30.30:1.3.0-9.10:3.1.2-7.10:0.4-10.10:10.0.21-1.170:0.9.8j-81.10:1.0.1i-34.10:1.5.22-2.20:1.6.8-5.10:0.113-4.10:2.7.9-20.60:3.4.1-12.10:4.8.6-4.20:4.8.6-4.10:5.0.2.2-13.140:2.1.2-9.10:1.0.25-21.10:5.7.3-4.20:0.29-1.40:0.12.5-2.20:1.4.3-11.10:0.6.3-8.10:3.7-4.10:4.0.4-12.20:0.8-3.10:1.2.18.1-4.220:0.2.8.4-242.30:3.1.1-4.10:2.9.1-10.10:0.1.6-7.10:0.11.1-9.10:4.0.4-13.10:12.5-25.150:4.10.10-9.10:1.5.21-49.10:4.2.8p4-1.30:2.0.0-5.10:6.6p1-29.10:2.3.8-16.3.10:9.20.1-3.20:1.1.8-14.10:2.7.5-7.10:2.0019-5.30:0.38-10.10:2.3-5.10:2.7.9-20.20:2.3.0-6.5.20:2.3.1-5.70:1.0.0-5.70:1.8.1-5.70:8-5.70:0.2.1_rc4-16.20:4.11.2-10.10:8.4.0-8.30:1.4.8-8.20:0.9-2.140:5.1.3-18.10:0.83.8-7.10:1.27.1-4.10:4.5.1-7.10:5.2-10.30:1.4.3-7.20:6.00-32.10:1.4.0-26.10:1.14-7.10:1.12.7-15.10:2.2-8.10:20140630-5.10:4.5.1_12-2.30:4.5.1_12_k3.12.49_11-2.30:2.99.914-7.10:7.6_1.15.2-36.210:3.1.155-1.130:3.1.18-1.50:1.7.1-6.112.20:6.8.8.1-33.10:45.4.0esr-81.10:1.0.12-8.60:13.2+git20140911.61c1681-28.10:0.6.42-14.20:1.6.3-3.30:3.1.14-7.30:4.8.6+2.3.3-3.10:2.32.1-16.10:4.12.0-7.30:10.66.3-4.10:1.2.0-10.10:5.0.9-21.60:0.6.32-30.360:4.3-78.390:6.3-78.390:9.9.9P1-46.10:2.26.1-9.12.10:1.2.4-5.30:1.0.6-29.20:6.5-8.90:0.99.2-25.10:1.3.3-10.140:0.1.26-6.30:8.25-12.80:4.8.5-30.10:2.9.0-7.10:5.8-7.10:1.7.5-12.40:1.0.58-13.10:7.37.0-28.10:1.8.16-19.10:4.3.3-9.10:0.97.3-15.630:2.71-10.10:3.0.26-6.50:044-87.10:103-7.10:24.3-16.320:3.12.12-5.120:3.20.4-7.70:3.20.1-5.660:2.1.0-17.10:6.3.26-12.30:2.11.0-12.50:2.11.1-7.10:2.0.0~git.1463131968.4e66df7-11.690:2.6.3-7.8.30:2.1.0-12.10:2.34.0-16.20:2.40.15-4.50:3.10.0.1-52.50:9.15-6.50:2.8.18-4.70:2.48.2-10.20:2.22-49.160:3.20.0-27.20:3.20.4-7.20:3.20.1-40.50:3.20.4-70.40:2.0.24-3.20:2.02~beta2-104.160:0.10.23-20.510:2.24.31-7.110:7-13.10:1.4.14-4.110:1.5.0-7.100:1.2.0-7.310:1.7.0.111-33.10:1.8.0.101-14.30:1.15.5-8.7.10:0.8.15-28.50:4.4.21-69.10:1.12.5-39.10:0.2.0-5.10:1.3.0-11.10:5.6.1-11.70:5.6.1-9.40:1.5.1-10.30:1.5.0-6.20:1.6.0-12.60:3.1.2-22.10:5.3.1+r233831-9.10:2.28-40.280:2.28-40.170:2.28-40.10:4.2.4-26.20:4.4.2-29.40:9.4.9-14.10:3.21.1-46.20:2.6.3-7.8.20:1.6.1-16.33.10:5.0.5-12.10:2.0.0-353.6.20:1.3.1-6.10:0.9-6.240:2.7.1-9.10:1.28-4.10:1.13.4-18.100:2.4.11-23.200:2.12.5-1.120:1.3.0-23.10:2.4.41-18.25.10:1.1.26-10.40:0.4-14.40:10.0.27-12.10:1.6-2.20:0.52.16-1.830:1.0.2j-55.10:0.9.8j-102.10:4.0.0-9.10:1.40.1-9.50:1.2.50-13.10:1.5.22-4.10:1.6.8-11.10:0.113-5.6.10:0.43.0-15.10:0.24.4-12.10:0.4.13-16.30:0.4.13-16.60:2.7.9-24.20:4.8.6-7.10:5.1.5.2-29.40:2.1.2-12.30:1.0.25-25.10:2.54.1-4.50:0.31-7.20:0.12.7-6.30:3.8.10.2-3.10:1.5.2-2.10:1.4.3-19.10:0.6.3-11.10:228-117.120:3.7-11.10:0.1.25-4.20:4.0.6-26.30:1.0.10-2.30:1.1.1-6.730:2.0.0-26.20:0.28.2-19.70:1.10-3.10:3.1.1-12.30:2.9.4-27.10:0.11.1-12.10:4.0.4-6.10:12.5-28.10:4.12-15.20:1.6.0-54.10:4.2.8p8-14.10:2.0.0-11.10:7.2p2-55.10:2.3.8-16.6.40:9.20.1-6.10:5.18.2-11.10:4.0.0-11.60:3.8.5-5.10:2.7.9-24.10:1.5.7-7.50:16.0.0-2.3.20:2.8.1-6.11.10:2.6.1-27.150:1.0.0-27.150:1.9.1-27.150:8-27.150:3.4-6.140:0.2.3-21.40:4.11.2-15.10:3.1.0-12.10:8.4.0-14.10:0.9-20.30:1.7.2.4-3.10:4.3-6.20:5.1.3-22.10:1.8.10p3-6.160:3.0-85.10:0.84.0-13.10:2.88+-96.10:1.27.1-8.10:4.5.1-10.10:0.18.3-5.70:2.3.4-6.50:1.18.4-14.2160:3.20.2-5.80:0.5.3-157.10:1.14-10.30:1.12.13-31.10:2.2-14.20:4.7.0_12-23.40:2.99.917.641_ge4ef6e9-12.30:4.3.0-8.80:7.6_1.18.3-57.340:5.22-7.10:3.1.206-37.1.20:3.1.23-6.380:3.1.57-16.70:12-00:1.6.2-31.20:3.10-15.10:1.5.4-2.50:1.6.0_sr16.1-5.90:3.4.5-3.50:13.2+git20140911.61c1681-1.80:0.6.35-1.960:1.0.27.2-11.40:1.9.4-1.60:1.9.2-1.270:1.0.15-4.2210:3.1-4.4980:2.4.10-6.10:1.2.40-1.60:1.0.8-9.80:2.0.8-8.30:1.13.4-4.560:9.9.5P1-1.70:1.0.6-27.8860:8.22-5.50:4.8.3+r212056-6.40:1.2.0-3.120:2.2.13-2.70:103-5.80:0.158-3.820:6.3.26-5.90:5.19-2.320:3.0.3-3.30:2.5.3-2.80:1.1.36-54.750:2.1.0-3.80:1.8.5.2-2.50:2.38.2-5.90:3.10.4-22.20:1.26.9-1.230:3.7.4-1.390:3.14.6-3.50:6-7.30:1.5.0-2.90:1.1.1-120.2380:1.7.0.6-33.30:1.15.5-7.70:6.8.8.1-5.80:1.5.3-1.770:1.5.1-2.70:2.5.3-2.90:3.10.5-1.60:2.0-12.60:2.08-1.60:1.0.1i-2.70:1.36.3-4.20:0.24.4-3.80:0.24.4-3.90:4.8.6-2.80:4.8.6-2.90:3.7-2.60:2.7.1-4.840:1.3.3-8.60:7.4.0-13.1310:2.1.17-1.180:4.10.7-1.60:2.1.2-8.90:2.1.2_k3.12.28_4-8.90:2.1.2_k3.12.28_4-8.140:2.4-724.650:12.1-23.60:2.3.18-35.710:2.6.7-2.10:3.22-267.30:2.7.7-2.70:1.1.7-21.80:0.99.22.1-3.1280:4.3-1.90:3.3.13-1.80:1.4-23.10:5.00-1.190:2.5-1.550:2.88+-94.60:7.0.55-2.80:1.10.9-1.50:2.7.0-264.380:7.6_1-14.80:7.6-45.70:3.1.108-1.60:0.6.35-3.30:2.4.16-5.10:1.2.40-5.20:1.0.8-13.30:2.0.8-11.430:1.5.2-2.30:3.0.3-10.10:1.8.5.6-11.80:1.26.10-4.270:0.8.0-11.20:1.7.0.75-11.10:1.7.1_sr3.10-14.10:1.8.0_sr1.10-2.360:4.1.13-2.10:1.3.10-4.10:2.7-1.20:4.8.6-4.60:2.4.41-18.3.10:2.1.2-4.5.80:2.1.2_k3.12.49_11-4.5.80:1.2.26-6.10:2.6.9-2.10:3.0.8-1.40:3.3.13-4.20:5.00-3.10:2.5-4.440:8.0.23-1.800:3.0.2-24.10:2.4.23-14.70:1.0.14-18.30:2.5.37-8.10:1.13.4-6.20:2.3-3.1100:0.7.2-1.20:1.8.5.6-18.10:1.32.4-14.180:0.8.0-15.160:1.7.1_sr3.50-28.20:1.8.0_sr3.0-10.10:1.7.1-1.840:4.8.6-7.30:1.1.32-9.10:0.9.9-16.10:7.4.3-15.650:2.5.1-24.150:1.3.2-17.10:2.7.1-5.60:0.99.22.1-12.10:3.0.18-26.10:3.5.21-23.40:3.0-7.150:8.0.36-11.40:3.0.2-31.10:1.0.15-4.1810:3.1-4.3640:1.4.16-15.670:1.1.0-147.670:0.2.5-3.720:1.12.12-181.540:2.2.13-2.30:1.5.1-1.110:1.22.2-5.2870:3.7.4-1.360:1.2.1-3.560:7.4.326-2.140:1.6-7.2090:1.0-6.380:s20121221-2.170:1.1.1-120.1130:1.0.3-1.20:3.18-1.180:2.1.0-4.30:1.6.2-4.100:1.0.7-3.530:1.1.14-3.590:1.3.2-3.600:5.0.1-3.520:1.0.2-3.570:0.9.8-3.550:1.1.4-3.570:1.2.2-3.590:1.0.10-3.560:1.0.8-3.560:1.1.4-3.580:1.1.3-3.530:1.5.3-1.460:1.5.1-2.30:1.1.3-3.510:0.6.21-6.30:7.2d-3.750:0.4-3.760:0.9-6.220:0.11-2.150:1.19-17.280:2.4.2-14.300:0.8.8.4-13.630:2.1.5-27.790:0.30.0-3.640:1.8.10-3.40:5.0-2.20:2.0.10-3.630:0.4.8-18.550:1.9.1-1.2180:2.1.3-1.130:2.7.1-4.550:3.8.7-3.140:2.0.2.umip.0.4-19.630:0.13.0-1.1070:2.4-724.560:2.4.4-4.40:2.0-1.390:1.4.14-1.420:2.82-3.120:3.71-1.1450:804.031-3.760:2.4.7-1.40:0.7.0-4.30:1.9.7-2.120:0.11_git201205151338-8.140:2.1-1.40:5.1.1-1.160:2.3.15-7.30:5.43-5.300:1.1.0-3.570:3.1.206-36.30:2.10-1020.560:2.4.0-167.10:1.9.4-1.310:2.12.6-3.420:2.5.3-4.130:3.0.3-3.100:1.8.5.2-2.320:1.0.1-5.10:3.8.3-261.1350:3.12.28-4.30:3.12.28-4.20:1.3.0-25.50:1.1.12-7.10:3.6.10-4.1240:4.8.6-2.290:1.3.7-1.370:1.8.10-1.250:0.148.1-1.70:5.5.14-4.200:1.7.3-1.20:3.2.5c-2.80:38.3.0esr-48.10:2.5.5-1.30:4.1.13-2.20:1.11.4-1.70:2.2.7-3.260:1.1.13-10.40:3.6.10-4.970:0.15.4-3.890:1.3.7-1.80:1.8.10-15.10:1.0.20100204cvs-25.30:2.8.2-3.10:0.152.0-11.10:5.5.14-39.10:1.7.3-3.80:2.0.0.b5-3.20:0.7-5.10:1.0.9-1075.10:1.1.15-19.150:1.8.10-24.10:2.8.2-9.10:5.1.35-3.10:4.03.0-6.9.10:5.5.14-73.10:7.0.7-15.10:4.3.5.2-10.10:4.3.3.2-6.10:1.7.5-5.10:3.12.38-44.10:3.12.39-47.10:3.12.32-33.10:3.12.43-52.6.10:1.12.1-16.10:3.12.44-52.10.10:2.7.3-4.10:3.12.36-38.10:3.12.44-52.18.10:3.12.48-52.27.10:1.12.1-9.10:1.3.0-4.20:1.1.3-4.30:1.1.3-4.90:0.2.10-4.80:1.1.3-3.20:0.0.2-4.10:1.1.2-4.30:0.12.1-3.10:0.9.4-4.50:1.3-4.10:0.23-4.10:3.12.51-52.31.10:1.12.1-22.20:1.3.8-2.3.10:0.9.26-3.3.10:3.12.60-52.49.10:3.12.60-52.54.20:5.1.3.2-22.90:3.12.51-52.34.10:3.12.51-52.39.10:1.12.1-25.10:3.12.55-52.42.10:9.15-6.10:1.5.3-17.10:1.12.1-28.10:1.5.4-20.30:1.6.1-23.10:210-70.48.10:3.12.55-52.45.10:3.12.51-60.20.10:1.3.8-4.10:0.9.26-4.10:3.12.59-60.41.20:3.12.59-60.45.20:3.12.51-60.25.10:3.12.62-60.62.10:1.12.1-36.20:4.02.3-6.6.140:6.1.6-10.10:210-114.10:9.15-11.10:3.12.62-60.64.8.20:9.15-14.10:9.15-17.10:3.12.67-60.64.18.10:3.12.67-60.64.21.10:3.12.67-60.64.24.10:3.12.53-60.30.10:3.12.57-60.35.10:210-104.10:3.12.69-60.64.29.10:3.12.69-60.64.32.10:15.2.1-8.10:4.4.21-84.10:4.4.21-90.10:228-132.10:4.4.49-92.11.10:4.4.38-93.10:1.3.0-22.30:3.2.15-4.10:11.2.202.425-19.10:12.5-22.10:4.2.6p5-31.10:2.3.2-11.10:1.8.12-6.50:1.8.12-6.10:4.5.1-4.10:0.6.3-4.10:11.2.202.411-4.10:1.7.0.71-6.20:8.4.0-5.10:11.2.202.418-11.10:31.3.0esr-15.20:31.0-9.10:3.17.2-12.40:2.7.7-9.30:2.7.7-9.10:0.9.8j-66.30:1.0.1i-9.30:11.2.202.424-15.10:5.19-5.20:4.4.3_06-22.15.10:4.4.3_06_k3.12.48_52.27-22.15.10:38.5.0esr-54.10:9.9.6P1-28.6.10:0.9.8j-87.10:7.6_1.15.2-21.10:3.2.1-3.50:2.02~beta2-56.9.40:11.2.202.559-117.10:31.5.0esr-24.10:2.5.3-5.10:9.3.6-5.10:9.3.6-5.20:6.00-28.10:11.2.202.451-77.10:1.7.0.75-11.30:2.19-20.30:1.0.1i-20.10:0.9.8j-73.20:4.4.1_10-9.10:4.4.1_10_k3.12.36_38-9.10:31.5.3esr-27.10:1.10.13-8.10:0.11.1-6.10:4.4.2_02-15.10:4.4.2_02_k3.12.38_44-15.10:31.6.0esr-30.10:11.2.202.457-80.10:3.2.15-7.20:10.0.16-15.10:1.7.0.79-15.10:1.0.58-5.10:3.10.0.1-16.10:7.6_1.15.2-17.20:11.2.202.429-23.10:4.2.6p5-44.10:11.2.202.460-83.10:0.12.4-6.10:2.0.2-46.10:1.0.0-46.10:1.7.4-46.10:8-46.10:4.4.2_04-18.10:4.4.2_04_k3.12.39_47-18.10:1.3.2-10.20:1.4.1-32.10:31.7.0esr-34.10:2.71-4.10:1.4.0-23.10:31.4.0esr-20.10:3.17.3-16.10:4.4.2_06-21.10:4.4.2_06_k3.12.39_47-21.10:11.2.202.466-86.10:1.10.14-12.10:2.4.39-16.10:7.6_1.15.2-28.40:11.2.202.468-89.10:1.0.1i-25.10:0.9.8j-78.10:7.37.0-5.10:1.6.1-13.10:9.9.6P1-18.10:11.2.202.481-93.10:11.2.202.491-96.10:9.3.8-8.10:31.8.0esr-37.30:3.19.2_CKBI_1.98-21.10:4.10.8-3.10:10.0.20-18.10:4.4.2_08-22.5.10:4.4.2_08_k3.12.43_52.6-22.5.10:9.9.6P1-23.10:1.7.0.85-18.20:9.9.5P1-8.10:2.7.9-14.10:3.10.4-5.110:11.2.202.508-99.10:31.8.0esr-40.10:4.4.2_10-22.8.10:4.4.2_10_k3.12.44_52.10-22.8.10:5.3.1-4.4.20:0.1.6-4.10:1.0.1i-27.3.10:11.2.202.438-27.10:11.2.202.440-31.10:2.24-7.10:38.2.1esr-45.10:31.0-14.10:3.19.2.0-26.20:9.9.6P1-26.10:0.98.5-6.10:1.900.1-166.10:2.0.2-48.4.10:1.0.0-48.4.10:1.7.4-48.4.10:8-48.4.10:1.0.1i-17.10:5.7.2.1-4.3.20:11.2.202.442-67.10:11.2.202.521-102.10:1.2.5-21.10:4.10.9-6.10:0.2.1_rc4-13.3.10:3.12.48-52.27.20:2.25-10.10:2.25-10.30:0.12.4-8.5.10:11.2.202.535-105.10:4.2.6p5-37.20:11.2.202.540-108.10:5.1.3-9.10:2.0.2-48.9.10:1.0.0-48.9.10:1.7.4-48.9.10:8-48.9.10:9.3.10-11.10:0.98.6-10.10:2.19-22.7.10:0.9.8j-70.20:4.4.3_02-22.12.10:4.4.3_02_k3.12.48_52.27-22.12.10:1.1.3-7.10:0.5.0-5.10:1.3.1-3.10:2.8.8-9.10:0.1.1-5.30:0.1.2-4.20:0.1.3-3.50:0.1.1-4.90:0.0.1-2.10:0.9.1-3.10:0.5.7-3.10:0.1.2-5.10:0.3.6-3.30:0.1.4-3.90:0.7.1-3.10:0.0.2-2.30:1-2.10:4.1-6.30:0.1.3-4.30:3.7.1-3.10:0.4.1-3.10:1.18-3.20:20150827-5.10:4.4.1_08-5.20:4.4.1_08_k3.12.28_4-5.20:31.0-17.10:1.10.12-4.10:1.2.50-10.10:1.6.8-8.10:1.3.0-18.10:037-51.17.30:2.0.2-42.10:1.0.0-42.10:1.7.4-42.10:8-42.10:1.4.8-5.3.30:4.1.12-16.10:2.30.6-7.20:0.4-6.10:1.0.1i-27.6.10:11.2.202.554-114.10:1.4.0-19.10:1.12.1-22.50:1.1.24-4.3.10:4.1.12-18.3.10:2.1.5-3.4.10:4.2.6-14.6.10:45.2.0esr-75.20:45.0-28.20:3.12.60-52.54.10:2.19-22.16.20:1.54.0-15.10:0.5.1-8.20:1.3.2-18.10:2.8.8-12.10:1_3335ac1-2.10:0.1.6-6.30:0.11.0-6.20:0.11.0-6.10:0.1.5-7.10:0.4.2-6.10:20160511-11.10:4.0.6-19.10:2.0.2-48.12.10:1.0.0-48.12.10:1.7.4-48.12.10:8-48.12.10:3.1.0-6.10:2.9.1-17.10:9.9.6P1-28.9.10:5.0.5-7.10:2.4.41-18.13.10:2.30.6-10.10:1.7.0.95-24.20:1.2.5-27.10.10:38.6.0esr-57.30:31.0-20.10:3.20.2-37.10:7.37.0-18.10:11.2.202.569-120.10:2.19-22.13.10:9.3.11-14.20:4.2.6-14.3.10:9.4.6-7.10:9.4.6-7.20:38.6.1esr-60.10:1.0.1i-27.13.10:0.9.8j-94.10:2.9.1-13.10:11.2.202.577-123.10:1.4.3-16.10:38.7.0esr-63.30:3.20.2-40.10:4.12-12.10:9.9.6P1-28.12.10:4.1.12-18.8.10:4.0.0-8.10:1.7.0.99-27.10:11.2.202.616-126.10:3.4.0.2-15.10:4.2.1-11.10:4.2.4-18.17.10:3.1.1-7.10:1.6.1-16.27.10:1.12.16-13.10:2.9.1-20.10:1.0.1i-27.16.10:1.7.0.101-30.10:4.2.8p6-46.5.20:3.1.12.4-8.20:38.8.0esr-66.20:6.8.8.1-19.10:0.9.8j-97.10:1.12.9-22.10:11.2.202.621-130.10:4.4.4_02-22.19.10:4.4.4_02_k3.12.55_52.42-22.19.10:1.12.11-25.10:6.6p1-42.10:6.6p1-33.10:10.0.22-20.3.10:3.0-82.10:2.9.1-24.10:2.0.2-48.19.10:1.0.0-48.19.10:1.7.4-48.19.10:8-48.19.10:0.12.4-8.9.10:4.2.8p8-46.8.10:6.8.8.1-25.10:3.1.2-12.10:11.2.202.626-133.10:10.0.25-20.6.10:2007e_suse-19.10:1.1.5-6.10:1.0.8-12.10:3.19.2.2-32.10:9.9.6P1-32.10:2.02~beta2-73.30:1.0.1i-36.10:3.12.51-60.20.20:1.1.24-4.10:4.2.4-6.10:2.1.5-4.10:4.5.2_02-4.10:4.5.2_02_k3.12.49_11-4.10:3.12.59-60.41.10:2.3.1-14.10:1.8.1-14.10:8-14.10:3.12.59-60.45.10:2.19-38.20:6.8.8.1-30.20:11.2.202.632-137.10:9.9.6P1-35.10:2.8.10-7.80:1.2.18.4-11.70:4.5.3_08-17.10:4.5.3_08_k3.12.59_60.45-17.10:45.3.0esr-78.10:1.12.1-36.40:3.1.0-9.30:2.25.35.1-3.10:2.11.0-6.10:10.0.26-9.20:6.6p1-52.10:11.2.202.635-140.10:1.0.1i-52.10:4.5.3_10-20.10:4.5.3_10_k3.12.62_60.62-20.10:4.0.6-31.10:1.0.2-9.10:1.6.2-6.20:5.0.1-5.20:1.7.4-12.20:1.4.2-5.20:0.9.8-5.20:1.2.2-5.20:1.0.10-5.20:1.0.8-5.20:11.2.202.637-143.10:2.24.24-3.10:0.8.15-29.10:1.8.22-22.20:1.11.5.1-28.10:2.3.1-21.10:1.0.0-21.10:1.8.1-21.10:8-21.10:2.9.1-26.3.10:3.4.5-17.10:2.0.0-17.10:11.2.202.643-146.10:6.8.8.1-40.10:9.9.9P1-49.10:7.37.0-31.10:1.8.0.72-3.20:2.25-37.10:1.900.14-181.10:11.2.202.644-149.10:9.15-17.20:3.10.2-2.3.10:4.2-82.10:6.2-82.10:1.8.0.111-17.10:1.27.1-11.10:1.8.10p3-2.6.10:3.1.2-25.10:10.0.28-17.20:7.4.326-7.10:6.8.8.1-47.10:1.7.0.121-36.20:2007e_suse-22.10:8.39-5.10:2.3.1-24.60:1.0.0-24.60:1.8.1-24.60:8-24.60:1.6.2-11.10:45.5.0esr-88.10:3.21.3-50.10:1.7.4-17.10:45.5.1esr-93.10:0.5.3.git20161120-160.10:7.2d-5.10:4.5.5_02-22.3.10:4.5.5_02_k3.12.67_60.64.18-22.3.10:0.10.2-3.10:24.0.0.186-152.10:8.39-7.10:10.0.22-3.10:4.2.8p9-55.10:4.5.5_04-22.6.10:4.5.5_04_k3.12.67_60.64.24-22.6.10:2.1.0-20.10:45.6.0esr-96.10:0.6.0-5.10:6.8.8.1-54.10:1.14-17.10:2.71-13.10:4.2.4-28.3.10:1.2.4-2.3.10:1.9.1-5.10:1.2.4-3.4.10:4.0.7-35.10:2.3.1-7.70:1.0.0-7.70:1.8.1-7.70:8-7.70:2.19-35.10:4.3.3-4.10:1.0.1i-44.10:9.9.6P1-38.10:4.2.4-11.10:4.5.2_06-7.10:4.5.2_06_k3.12.53_60.30-7.10:1.2.18.2-8.10:1.8.0.77-6.10:4.2.4-16.10:3.1.41.3-9.10:4.2.8p6-8.20:3.1.22-6.20:1.0.1i-47.10:1.8.0.91-11.10:4.2.8p7-11.10:2.8.1-6.9.10:0.12.5-4.10:10.0.25-6.10:0.10.31-13.3.30:0.10.36-11.3.10:0.10.23-19.3.40:0.10.23-19.6.10:1.8.0.121-20.10:3.2.15-16.10:2.11-32.10:2.0.9-8.30:0.12.5-7.10:10.0.29-22.10:2.1.0-20.20:45.7.0esr-99.10:1.1-3.10:4.0.7-40.10:1.0.1i-54.5.10:3.5.11-5.10:2.1.0-23.10:2.4.7-3.40:1.7.0.131-39.10:24.0.0.221-158.10:1.900.14-184.10:6.8.8.1-59.10:2.25-40.10:2.25-40.20:4.5.5_06-22.11.20:4.5.5_06_k3.12.69_60.64.32-22.11.20:1.2.8-6.3.10:1.4.7-20.10:24.0.0.194-155.10:9.9.9P1-53.10:1.2.4-2.3.20:1.6.2-8.10:5.0.1-7.10:1.7.4-14.10:0.9.8-7.10:1.2.2-7.10:1.0.10-7.10:1.0.8-7.10:3.4.5-19.10:2.6.2-31.20:1.0.0-31.20:1.9.1-31.20:8-31.20:1.8.10p3-8.10:2.28-42.10:2.28-42.40:2.28-42.30:4.7.1_02-25.10:4.7.1_04-28.10:2.1.0-3.10:4.4.2-31.10:1.8.3-14.10:1.8.3-9.10:1.8.3-9.60:0.10.31-16.10:0.10.36-14.10:0.10.23-22.50:7.2p2-66.10:7.2p2-66.30:1.8.10-6.10:1.8.22-24.2.10:0.10.23-25.10:2.9.4-33.10:1.2.8-11.10:0.12.7-8.10:1.0.2j-59.10:2.28-44.3.10:2.28-44.3.30:4.7.1_06-31.10:2.6.2-39.10:1.0.0-39.10:1.9.1-39.10:8-39.10:1.0.0-7.10:1.0.0-9.10:1.5.4-2.4.10:4.2.4-18.30.10:1.0.1+git.1456406635.49e230d-12.10:1.1.13-20.10:1.1.15-21.10:1-2.20:2-3.10:1-2.30:3-2.10:2-7.10:2-10.10:2-6.10:1-4.20:1-2.60:4-2.30:2-2.10:2-4.10:1-4.10:5-14.20:2-2.20:4-2.10:5-2.10:6-17.20:6-2.10:2-9.10:7-20.20:7-2.10:3-5.10:1-6.30:8-23.20:8-2.10:2-5.10:3-8.20:4-11.20:1-3.10:1-6.10:5.0.18-6.10:1.1.7-7.10:1.8.3-49.10:1.4.5-8.100:1.1.2-201607270:1.0.5-201607270:0.2.4+gitr565_0366d7e-9.10:1.12.3-81.20:1.31.0-11.20:0.52.0-9.10:0.1.1+gitr2816_02f8fa7-9.10:1.0.4-201603081706330:1.1.1-201603041041230:1.1.1-201603070826320:2.0.3-2.40:1.10.3-66.10:0.2.5+gitr569_2a5e70c-15.30:1.12.6-87.20:0.1.1+gitr2819_50a19c6-15.20:1.6.0_sr16.2-8.10:1.5.4-5.10:1.5.4-9.10:2.3.37-16.10:1.6.0_sr16.4-15.10:1.6.0_sr16.7-22.20:1.6.0_sr16.3-12.10:1.6.0_sr16.15-27.10:2.3.37-18.13.40:2.4.41-18.13.40:1.6.0_sr16.30-40.10:1.6.0_sr16.35-43.20:1.6.0_sr16.20-30.10:1.6.0_sr16.25-34.10:1.6.0_sr16.26-37.10:3.12.60-52.57.10:3.12.60-52.60.10:3.12.60-52.63.10:3.1.4-11.10:3.12.61-52.66.10:5.5.14-7.10:5.5.14-15.10:5.5.14-22.10:5.5.14-30.10:5.5.14-33.20:5.5.14-36.10:5.5.14-11.30:5.5.14-68.10:4.6.0-8.10:5.5.14-78.10:7.0.7-20.10:5.5.14-83.10:4.6.1-11.10:7.0.7-25.10:5.5.14-42.20:5.5.14-86.20:5.5.14-53.10:5.5.14-56.10:5.5.14-59.20:5.5.14-64.50:5.5.14-89.20:6.9.5-7.10:7.0.7-35.10:5.5.14-96.10:7.0.7-28.20:1.1.34-12.10:2.2.13-4.10:8.0.36-17.10:2.5-6.10:3.0.3-14.10:4.021-11.10:3.5.21-25.10:2.4.23-16.30:3.12.58-14.10:3.12.61-60.18.10:3.12.67-60.27.10:3.12.69-60.30.10:2-2.30:4-2.20:5-2.20:6-2.20:10.0.26-20.10.20:2.4.10-14.17.10:2.25.16.1-3.10:1.0.1i-27.21.10:1.0.14-10.14.30:10.0.27-20.13.10:9.9.9P1-28.20.10:9.3.14-19.20:210-70.58.10:4.4.4_04-22.22.20:4.4.4_04_k3.12.60_52.54-22.22.20:6-5.10:9.9.9P1-28.23.10:2.0.2-48.22.10:1.0.0-48.22.10:1.7.4-48.22.10:8-48.22.10:10.0.28-20.16.20:2.0.2-48.25.10:1.0.0-48.25.10:1.7.4-48.25.10:8-48.25.10:1.7.1_sr3.60-31.20:4.4.4_05-22.25.10:4.4.4_05_k3.12.60_52.57-22.25.10:4.2.8p9-46.18.10:4.4.4_05-22.28.20:4.4.4_05_k3.12.60_52.63-22.28.20:0.98.9-4.10:0.12.4-8.12.10:10.0.29-20.23.10:2.25-24.10.10:2.25-24.10.30:4.4.4_14-22.33.10:4.4.4_14_k3.12.61_52.66-22.33.10:9.9.9P1-28.26.10:1.7.1_sr2.0-4.10:5.19-5.30:0.151.0-8.10:3.12.38-44.50:3.12.39-47.30:3.12.39-47.20:1.8.10-12.10:3.12.32-33.30:2.4.10-12.10:3.12.43-52.6.20:1.7.1_sr3.0-11.10:3.12.44-52.10.30:1.8.5.6-5.10:1.8.10-4.10:3.12.36-38.30:3.12.36-38.20:3.12.44-52.18.30:2.4.10-14.10.10:1.7.1_sr2.10-8.10:1.8.5.6-15.10:1.7.1_sr3.20-18.10:3.12.51-52.31.50:3.12.60-52.49.30:3.12.60-52.54.30:3.12.51-52.34.30:3.12.51-52.39.30:1.7.1_sr3.30-21.10:9.3.11-14.10:1.8.10-18.20:3.12.55-52.42.20:0.99.22.1-5.10:0.99.22.1-9.10:2.8.2-6.10:1.8.10-21.10:1.7.1_sr3.40-25.10:3.12.55-52.45.40:1.8.0_sr2.0-4.10:3.12.59-60.41.80:3.12.59-60.45.40:3.12.59-60.45.30:2.4.16-7.10:0.6+git20160531.fbfe336-5.30:3.12.51-60.25.20:3.12.62-60.62.30:3.12.62-60.64.8.50:3.12.62-60.64.8.30:0.99.22.1-15.10:1.8.0_sr3.10-15.10:3.12.67-60.64.18.30:3.12.67-60.64.21.30:1.8.0_sr3.21-20.10:3.12.67-60.64.24.30:1.8.0_sr2.10-7.10:3.12.53-60.30.20:3.12.57-60.35.30:1.8.0_sr4.0-23.10:3.12.69-60.64.29.30:3.12.69-60.64.32.30:0.24.1-3.10:4.4.21-84.30:4.4.21-90.30:0.24.1-6.10:4.4.49-92.11.30:4.4.38-93.30:1.3.2-9.10:0.2.3-5.10:3.0.2-18.10:1.4.1-16.10:7.0.55-8.20:2.7.9-14.30:1.2.22-7.10:5.1.3-9.20:5.4-2.4.10:1.2.40-2.6.10:2.8.0-3.4.10:3.2.2-6.10:4.2.4-18.27.90:7.0.68-7.6.10:2.3.18-37.10:3.3.14-20.20:2.7.9-24.40:8.0.32-8.70:2.3.18-40.10:1.4-27.10:8.0.32-10.13.20:2.7.0-3.10:2.7.0_k3.12.53_60.30-3.10:8.0.32-3.10:2.3-3.3.10:3.3.14-22.6.10:1.0.0-16.10:0.15.0-3.10:1.0.0-19.10:1.2.0-4.10:2.20.0-6.10:2.3.1-3.10:2014.2.4.dev18-3.20:2014.2.4~a0~dev78-7.20:2014.2.4~a0~dev61-6.20:2014.2-5.10:2014.2.4~a0~dev103-10.30:2014.2.4~a0~dev80-14.10:1.54-2.10:2.71-6.3.10:3.12.49-11.20:0.9.1-154.2411.20:10.0-0.3.20:0.7.1_git20090811-3.20.50:0.7.1-5.22.280:1.6.1-83.17.10:0.3.14-2.23.1260:0.5.12-23.58.220:0.5.12-23.58.210:0.9-14.39.10:0.9-14.39.20:11-6.65.10:1.0.6-91.16.10:2.7.0-18.7.10:2.2.12-1.28.10:1.2.26-1.30.1100:2.0.4-40.190:5.2.14-0.7.24.10:5.3.8-0.19.60:0.6.23-11.19.220:9.6ESVR5P1-0.8.10:1.36.0-11.170:1.0.5-34.253.10:5.1-0.4.90:0.97.3-0.2.10:1.1.0-22.240:4.1-194.199.10:1.3.9-8.44.10:7.19.7-1.18.10:2.3.11-60.65.64.10:1.2.10-3.23.10:0.76-34.22.10:4.2.3.P2-0.7.20:3.2.3-44.28.10:1.0.22-3.21.20:1.41.9-2.7.10:61-1.29.10:0.2-1001.30.10:22.3-4.40.10:1.6.4-152.22.10:2.28.2-0.7.20:2.28.2-0.26.33.140:2.0.1-88.26.10:6.3.8.90-13.20.19.10:4.24-43.19.10:4.4.0-38.26.10:3.0.2-269.35.10:2.1.1-7.10.10:2.1.1-7.7.19.770:2.3.7-25.28.10:2.3.7-25.90:2.7.2-61.23.10:2.5.26-1.250:1.1.36-26.310:2.0.36.RC1-52.180:8.62-32.28.10:4.2.7-32.28.10:2.22.5-0.2.230:2.11.3-17.31.10:2.2.23-1.50.10:2.4.8-1.2.550:2.28.3-0.28.10:2.4.1-24.39.33.10:2.0.9-25.33.27.10:0.10.35-5.15.80:0.10.30-5.8.110:2.18.9-0.21.40:7.2-8.15.20:1.3.12-69.19.10:3.11.10-0.6.7.10:0.7.3-1.1.930:1.4.2_sr13.10-0.4.10:1.6.0_sr9.3-0.4.10:1.14.1-16.31.10:4.3.5-0.10.20:4.3.5-0.8.400:3.5.10-20.310:3.5.10-23.27.10:4.3.5-0.6.10:4.3.5-0.4.10:3.0.13-0.27.10:1.6.3-133.48.48.10:1.6.3-133.210:1.6.3-133.120:0.15.1-0.17.30:1.17-77.14.190:1.34b-12.18.30:3.6.3-0.18.30:6.4.3.6-7.22.10:4.6.3-5.12.10:1.4-73.210:1.3.4-12.22.21.20:1.3.4-12.22.21.10:1.3.3-11.18.17.10:2.5.5-5.190:2.11-2.17.10:0.34-2.5.10:2.4.27-0.6.60:0.6.17-2.120:0.17.1-31.200:3.13.1-0.2.10:2.6.7-0.5.760:1.0.0-307.10.10:2.28.0-1.2.200:4.0-7.26.10:4.0-7.24.110:2.2.6-2.131.10:2.1.5-5.180:5.0.94-0.2.4.10:0.29.6-6.7.10:10.26.44-101.9.10:0.52.10-1.35.70:0.11.6-5.27.10:0.9.8j-0.26.10:1.2.31-5.25.10:0.12.3-1.3.10:0.9.23-0.7.1280:2.6.0-8.12.20:4.6.3-5.10.10:0.18-1.150:0.2.1-1.5.10:2.26.0-2.3.10:0.1.4-1.150:1.0.20-2.4.10:5.4.2.1-8.12.6.10:2.32.2-4.7.10:3.8.2-141.142.10:0.9.6-0.13.420:1.2.0-79.13.10:3.0.3-0.6.10:11-1.22.10:3.2.15-0.13.10:2.7.6-0.13.10:1.1.24-19.150:0.9-1.24.10:1.2.10-1.360:3.7.7-10.24.10:7.3.6-65.72.10:2.02.84-3.25.50:2.1.14-9.2.10:2.5.2-17.160:2.0.2.umip.0.4-8.7.10:2.6.7-0.7.190:1.9.2.24-0.3.10:1.9.2.24-0.3.20:1.5.17-42.33.10:3.0.6-1.25.24.10:1.4.13-1.350:4.2.4p8-1.16.10:1.5.2-0.22.230:1.5.2_3.0.13_0.27-0.22.230:1.2.0-172.22.10:5.1p1-41.51.10:2.6.16-1.36.10:2.0.9-143.310:2.4-662.18.10:1.1.5-0.10.170:2.3.1-47.10.150:184-147.200:0.47-13.13.650:1.26.2-1.3.10:1.3.8-3.15.10:1.4.102-1.37.30:5.10.0-64.55.10:3.56-1.18.10:804.028-50.240:5.816-2.23.10:3.3.1-10.8.30:8.3.14-0.2.10:2.6.12-0.10.10:1.0.22-3.15.10:1.5.11-0.9.960:0.8.4-194.23.380:3.3.8b-88.210:0.99.15-0.6.20:1.1-1.24.4.10:3.0.4-2.38.10:5.8.7-0.5.50:1.8.7.p357-0.7.10:2.7.STABLE5-2.10.10:3.1.12-8.10.10:1.4-13.6.10:1.5final-28.21.10:1.7.6p2-0.2.4.10:0.71.47-0.7.10:2.0.9-27.32.10:8.1.5-7.32.10:1.0.8-9.16.10:1.5-0.7.540:5.1.1-100.19.10:1.26-1.2.4.10:0.48-101.20.10:0.9.10-0.15.10:6.0.18-20.35.36.10:3.80.2-2.80:6.00-11.7.10:0.22.5-0.2.10:0.5.2-132.2.10:1.11.4-1.15.10:1.4.10-0.2.10:1.0.2-36.180:4.1.2_14-0.5.50:4.1.2_14_3.0.13_0.27-0.5.50:7.4-9.47.10:7.4-27.60.50:7.4-8.26.32.10:238-1.160:2.17.119-0.5.250:2.17.44-0.5.30:2.10-911.2211.30:9.0.3-0.17.10:17.0.4esr-0.10.420:0.7.1_git20090811-3.28.20:0.3.14-2.28.460:0.5.12-23.68.10:0.9-14.41.10:11-6.90.10:1.0.6-91.25.200:1.7.1-20.9.530:1.7.1-16.9.650:2.2.12-1.38.20:5.3.17-0.13.70:2.7.1-0.2.12.10:4.3.5-0.3.30:0.6.23-11.30.40:9.6ESVR7P4-0.10.10:1.36.0-12.3.10:5.1-0.11.10:0.97.7-0.3.10:2.3.37-2.24.360:2.4.26-0.24.360:4.1-194.207.10:1.3.9-8.46.46.10:7.19.7-1.26.80:1.12.12-144.23.5.10:1.2.10-3.27.10:4.2.4.P2-0.16.150:3.2.3-44.30.10:1.41.9-2.9.10:61-1.33.10:2.28.2-0.29.240:2.0.1-88.34.10:4.24-43.23.10:2.1.1-7.16.70:2.3.7-25.32.10:2.8.7-0.9.120:8.62-32.34.10:4.2.7-32.34.10:2.22.5-0.8.8.10:2.11.3-17.54.10:2.28.3-0.32.10:2.4.1-24.39.45.10:2.0.9-25.33.31.10:2.18.9-0.23.10:1.20.4-0.14.90:1.3.12-69.23.10:5-0.7.100:1.5.7-0.7.310:3.0.1-253.36.10:1.6.0_sr13.1-0.9.10:1.7.0_sr4.1-0.5.10:6b-879.12.10:6.2.0-879.12.10:4.3.5-0.12.12.10:4.3.5-0.10.10:3.0.76-0.11.10:1.6.3-133.49.54.10:1.4.1-0.11.10:1.34b-12.39.10:3.6.3-0.39.10:6.4.3.6-7.26.10:4.6.3-5.25.50:4.6.3-5.25.40:1.3.3-11.18.19.10:0.37.1-5.16.10:2.4.41-0.8.460:9.1.9-0.3.10:0.6.17-2.14.10:3.14.3-0.11.110:2.28.0-1.9.240:4.0-7.26.150:5.0.96-0.6.10:5.5.31-0.7.100:0.52.10-1.35.1130:0.9.8j-0.50.10:3.2.0-10.3.10:1.2.31-5.31.10:0.12.3-1.8.10:0.3.1-2.6.10:0.3.1-2.6.30:2.6.8-0.15.10:5.4.2.1-8.12.16.10:2.32.2-4.13.10:1.9.4-0.12.240:3.8.2-141.152.10:0.3.10-0.9.500:2.6.2-0.2.4.10:1.0.5.1-0.7.100:1.2.0-79.20.10:2.7.6-0.23.10:1.1.24-19.21.10:3.7.7-10.26.10:2.02.98-0.25.30:2.1.14-9.6.10:1.9.2.27-0.2.10:3.0.6-1.25.28.10:1.4.16-0.11.350:1.2.3-18.31.10:4.2.4p8-1.22.10:1.5.4.1-0.11.50:1.5.4.1_3.0.76_0.11-0.11.50:2.4.2-0.9.120:6.2p2-0.9.10:2.0.9-143.38.220:2.3.1-47.12.10:0.47-13.16.10:5.10.0-64.67.520:0.2808.01-0.67.520:0.72-0.67.520:8.3.23-0.4.10:2.6.18-0.4.20:1.0.22-3.19.10:0.5.0-3.20.10:0.99.15-0.12.10:3.0.4-2.47.280:5.10.1-0.7.490:1.8.7.p357-0.9.9.10:1.3.11-0.19.10:1.7.0.0-1.16.10:2.7.STABLE5-2.12.12.10:3.1.12-8.12.10:1.5final-28.23.23.10:4.54-0.9.240:1.7.6p2-0.17.50:0.71.61-0.11.120:2.0.9-27.34.36.10:8.1.5-7.45.240:1.0.8-9.23.440:1.5-0.9.10:5.1.1-100.21.10:1.5-19.23.40:0.48-101.31.270:0.9.10-0.17.10:6.0.18-20.35.40.10:2.3.1-0.9.400:1.2.1-0.7.190:1.8.6-0.2.10:3.3.12-517.12.340:4.2.2_04-0.7.50:4.2.2_04_3.0.76_0.11-0.7.50:7.4-9.62.460:7.4-27.81.70:7.4-1.29.10:7.3.99-17.11.10:7.3.99-3.20.10:2.17.129-0.7.20:2.17.45-0.5.111.40:9.0.3-0.28.29.20:31.7.0esr-0.8.10:0.3.14-2.30.110:0.5.12-23.76.10:0.9-14.43.10:4.13-1326.37.10:11-6.105.10:1.7.1-20.11.10:1.7.1-16.11.10:2.2.12-1.51.52.10:1.2.40-0.2.10:1.0.8-0.4.13.10:2.0.4-40.24.10:5.3.17-0.41.10:2.7.1-0.2.18.10:0.9.0-3.15.10:1.10.1-4.131.9.10:0.6.23-11.32.10:3.2-147.27.350:5.2-147.27.350:9.9.6P1-0.5.50:9.9.6P1-0.5.10:2.24-3.620:1.36.0-12.6.490:1.49.0-0.13.30:5.1-0.14.460:0.98.7-0.3.10:2.3.37-2.30.10:2.4.26-0.30.10:8.12-6.25.32.33.10:2.9-75.78.10:4.1-194.211.213.10:1.3.9-8.46.56.10:7.19.7-1.42.10:1.5.2-1.360:1.2.10-3.31.10:4.2.4.P2-0.22.10:2.71-0.14.90:1.41.9-2.14.30:0.152-4.9.170:22.3-4.42.10:2.28.2-0.32.10:0.95-1.24.10:4.24-43.27.10:2.1.1-7.18.10:2.3.7-25.35.36.10:2.8.7-0.11.10:2.0.36.RC1-52.20.10:2.22.5-0.8.14.10:2.11.3-17.84.10:2.28.3-0.39.170:2.4.1-24.39.55.10:2.0.9-25.33.39.10:1.1.6-25.32.10:0.10.30-5.12.150:1.20.12-0.18.700:3.11.10-0.6.11.10:6-3.50:1.5.7-0.15.220:0.7.3-1.4.10:1.1.1-1.37.10:1.7.1_sr3.0-1.10:1.14.1-16.33.10:4.3.5-0.12.18.10:4.3.5-0.11.18.10:4.3.5-0.3.10:4.3.5-0.14.10:2.4.4-255.28.10:3.0.101-63.10:1.6.3-133.49.66.10:1.4.2-30.50:1.17-77.16.10:1.34b-12.58.10:3.6.3-0.58.10:1.2.1-68.17.10:6.4.3.6-7.30.10:4.6.3-5.34.20:1.3.4-12.22.23.10:1.3.3-11.18.19.80:2.19.1-6.72.10:0.41.rc1-2.340:2.4.52-0.7.10:9.4.4-0.6.20:1.4.5-24.24.10:3.17.3-0.8.110:4.8.3+r212056-2.170:1.5.0-0.17.10:2.28.0-1.13.10:1.900.1-134.17.10:1.0.4-1.18.10:2.03-12.3.10:2.3.2-3.118.20:2.3.2-3.118.10:0.0.20060920alpha-74.5.10:5.5.43-0.7.30:5.0.96-0.6.200:0.9.8j-0.70.10:0.24.4-0.15.10:1.2.31-5.33.10:0.12.3-1.10.10:0.9.23-0.17.10:2.6.9-0.35.10:0.2.1-1.7.10:1.0.20-2.6.50:5.4.2.1-8.12.22.10:1.2.9-4.2.4.10:1.9.4-0.16.10:1.5-1.30.10:3.8.2-141.154.10:0.3.10-0.11.10:1.2.5-3.760:2.2.3-0.8.10:1.4-1.38.240:11-1.25.260:3.2.15-0.17.280:2.7.6-0.31.10:1.1.24-19.23.10:3.7.7-10.30.10:7.3.6-65.74.10:2.02.98-0.33.10:0.8.0-0.23.20:12.5-1.9.10:2.6.7-0.13.10:4.10.7-0.3.30:1.5.17-42.39.10:3.0.6-1.25.36.10:2.12-24.4.10.10:1.4.16-0.13.10:1.2.3-18.38.43.10:4.2.8p2-2.180:1.5.4.1-20.260:1.5.4.1_3.0.101_63-20.260:3.2-0.11.260:1.2.0-172.24.10:6.6p1-4.70:2.0.9-143.44.10:1.1.5-0.15.90:5.10.0-64.72.10:0.2808.01-0.72.10:0.72-0.72.10:1.7-37.63.64.10:4.4.2.3-37.63.64.10:1.2.22-2.10:2.6.7-1.310:2.4.5.git-2.29.10:3.22-240.8.10:2.7.26-0.5.10:1.0.22-3.25.10:1.1.6-168.34.10:2.3.6-0.13.10:0.7-6.22.10:0.99.15-0.14.110:1.1-1.24.8.190:5.10.1-0.11.10:1.8.7.p357-0.9.17.10:1.3.11-0.23.20:8.14.3-50.24.10:0.7.318.81ee561d-0.9.20:2.7.STABLE5-2.12.16.10:3.1.12-8.16.20.10:1.5final-28.23.25.10:4.4.0-6.25.10:1.7.6p2-0.23.10:0.71.61-0.13.10:8.1.5-7.50.250:1.26-1.2.6.10:3.9.8-1.27.10:6.0.41-0.43.10:6.00-11.13.10:2.28.1-2.5.10:1.2.1-10.410:2.0.7-4.35.10:1.11.4-1.19.10:1.10.13-0.2.10:0.7.1-6.15.10:2.7.0-217.26.10:4.4.2_08-1.70:4.4.2_08_3.0.101_63-1.70:2.3.14-130.133.10:7.4-9.65.460:7.4-27.105.10:7.4-5.11.11.70:7.4-5.11.11.10:7.4-1.18.20:7.4-1.16.80:7.4-1.16.20:7.4-1.18.70:7.4-1.18.10:7.4-1.19.80:7.4-1.19.20:7.4-8.26.44.10:7.3.99-3.22.10:2.17.140-1.10:2.17.46-0.5.10:1.2.5-4.33.10:2.8.0-29.17.10:2.2-31.27.10:2.24-3.180:6.2.18-4.31.20:2011.10.10-0.7.100:15.6-95.220:1.0.114.6-0.11.10:10.3.1.4-1.160:2.28.2-0.13.490:2.28.2-0.30.10:2.0-20.310:2.6.6-0.25.20:0.22.0-294.26.10:2.6.2-3.34.45.10:1.7.12.4-0.9.10:2.2.7-1.350:1.9.14-401.200:1.4.2-2.18.530:0.46-62.43.10:1.8.2-1.24.10:0.15.1b-130.170:3.1.11a-116.2.10:3.6.10-0.3.10:4.0.3.3.26-0.10.20:4.0.3.3.26-0.10.10:3.4.5.5-0.3.10:0.4.5-2.7.10:0.2-5.20.10:0.1.9-9.19.10:0.5.3-126.250:1.0.1-0.1.1410:1.2.7-0.17.10:0.2.8.4-206.27.40:0.8.14-4.330:1.1.15-23.3.90:1.8.17-481.19.50:1.8.17-481.19.20:0.1.3-0.10.16.20:1.4.20-2.54.10:2.8.6-143.190:1.2.6-5.17.10:2.3.2-0.9.20:2.0.3-249.21.10:0.7.1-2.29.10:0.4.6-2.7.900:0.139.2-0.3.10:2.10.3-1.20.10:1.10.10-120.35.10:2.0.1-28.20.10:0.56.2-1.9.10:0.6c11-5.2.10:0.10.1-0.5.7.10:0.99.15-0.14.10:3.2.12-0.9.10:3.2.12-0.19.10:3.2.12-0.5.80:3.2.12-0.5.100:3.2.12-0.7.90:3.2.12-0.11.10:1.7.0-0.7.10:0.6.0-0.8.10:1.2.0-0.4.40:1.4.5-0.5.80:1.3.2-0.12.5.10:3.9.1-0.8.30:2.2.1-0.7.11.10:9.05-1.19.10:1.1.7-7.23.20:1.2.9-162.37.10:1.6.17-1.33.10:0.7.10-2.19.10:2007-219.34.60:3.8.1-0.5.10:7.11.2-0.9.10:2.2.12-1.40.10:5.2.14-0.7.30.50.10:5.3.8-0.43.10:2.7.1-0.2.14.10:9.9.4P2-0.6.10:2.6.7-0.9.10:3.6.3-0.33.39.10:1.3.9-8.46.48.10:7.19.7-1.20.31.10:1.2.10-3.25.10:4.2.4.P2-0.11.13.10:2.6.6-0.19.10:4.9.2-0.6.10:3.13.6-0.5.10:4.9.3-0.2.10:3.14-0.3.10:4.9.4-0.3.10:3.14.1-0.3.10:0.3.8-56.51.10:0.3.8-56.44.45.1290:4.9.5-0.3.20:3.14.2-0.4.3.20:4.9.6-0.3.10:3.14.3-0.4.3.10:2.1.1-7.16.10:1.7.12.4-0.5.10:2.11.3-17.45.49.10:2.4.1-24.39.47.10:1.5.4-0.7.7.10:0.46-62.38.10:2.4.2-170.21.3.10:2012.9.13-0.8.10:1.4.2_sr13.18-0.4.10:1.6.0_sr15.0-0.5.10:1.7.0_sr6.0-0.7.10:4.3.5-0.12.10:1.6.3-133.49.58.10:3.6.3-0.24.40:4.6.3-5.20.23.10:1.5.0-0.15.20:0.16.0-1.4.10:3.5.4.13-0.3.10:2.32.2-4.11.10:0.2-5.18.10:0.9.6-0.29.10:0.9.6-0.23.10:1.2.7-0.15.20:2.7.6-0.25.10:1.4.20-2.52.10:4.10.1-0.3.10:3.15.2-0.3.10:3.0.6-1.25.34.10:4.10.2-0.3.10:3.15.3-0.3.10:3.15.3.1-0.4.2.10:2.4-0.11.10:5.10.0-64.61.61.10:1.7-37.50.60:4.4.2.3-37.50.60:2.6.8-0.23.10:0.7.4-0.7.8.10:1.3.10-0.5.10:1.1.6-0.9.20:1.8.7.p357-0.9.13.10:2.3.17-0.9.10:2.3.17-0.8.10:2.1.2-1.14.10:2.3.17-0.13.20:2.3.14-0.10.10:2.3.14-0.12.10:3.2.12-0.7.10:2.3.0-0.10.10:1.1-0.8.20:2.3.17-0.11.10:1.6.17-1.25.10:1.8.12-0.2.10:4.1.4_02-0.5.10:0.9.6-0.21.30:4.1.2_20-0.5.20:4.1.3_02-0.5.10:4.1.3_04-0.5.10:4.1.5_02-0.5.10:4.1.6_02-0.5.10:4.1.6_04-0.5.10:7.4-27.70.76.10:7.4-8.26.40.10:7.4-1.16.10:7.4-1.19.10:7.4-1.22.5.10:24.6.0esr-0.8.10:4.10.6-0.3.10:3.16.1-0.8.10:9.0.3-0.19.10:17.0.9esr-0.7.10:31.8.0esr-0.13.20:38.5.0esr-28.20:24.5.0esr-0.8.10:4.10.4-0.3.10:3.16-0.8.10:31.6.0esr-0.8.10:31.8.0esr-0.10.10:4.10.8-0.5.10:3.19.2_CKBI_1.98-0.10.10:2.2.12-1.46.10:2.2.12-59.10:5.3.17-0.31.10:0.9.0-3.17.20:5.2-147.22.10:9.9.6P1-0.12.10:9.9.6P1-0.15.10:9.9.6P1-0.19.10:9.9.6P1-0.22.10:2.23.1-0.23.150:2.23.1-0.23.20:3.6.3-0.52.50:1.3.9-8.46.52.20:7.19.7-1.38.10:7.19.7-1.46.10:7.19.7-1.40.10:4.2.4.P2-0.24.10:1.41.9-2.10.11.10:2.19.1-6.62.70:2.6.6-0.23.10:17.0.7esr-0.8.10:17.0.10esr-0.7.40:24.3.0esr-0.8.10:3.15.4-0.7.10:24.4.0esr-0.8.10:24.7.0esr-0.8.20:3.16.2-0.8.10:24.8.0esr-0.8.10:4.10.7-0.3.10:3.16.4-0.8.10:31.3.0esr-0.8.10:31.4.0esr-0.8.70:31.5.3esr-0.8.10:4.10.9-11.10:38.3.0esr-22.10:38.4.0esr-25.60:4.10.10-16.10:3.19.2.1-19.30:24.2.0esr-0.7.10:3.15.3.1-0.7.10:31.2.0esr-0.16.10:3.17.2-0.8.10:38.2.1esr-19.30:3.19.2.0-0.16.10:2.3.7-25.34.10:4.1.6-13.10:1.7.12.4-0.11.20:2.11.3-17.72.140:2.11.3-17.87.30:2.11.3-17.95.20:2.4.1-24.39.51.10:2.4.1-24.39.57.10:2.4.1-24.39.60.10:2.18.9-0.35.10:2.18.9-0.39.10:1.20.4-0.18.10:1.5.7-0.9.10:4.0-7.28.10:1.6.0_sr16.2-0.3.10:1.6.0_sr16.7-10.10:1.6.0_sr16.15-46.10:1.7.0_sr8.0-0.5.10:1.7.0_sr9.10-9.10:1.7.0_sr9.20-42.10:4.3.5-0.12.20.10:3.0.101-0.47.71.30:1.6.3-133.49.62.10:1.6.3-133.49.97.10:1.6.3-133.49.103.10:1.6.3-133.49.64.10:1.6.3-133.49.68.10:1.0.5.9-0.19.30:2.5-0.7.10:4.6.3-5.29.20:2.19.1-6.62.10:9.1.12-0.3.10:3.16.5-0.7.10:1.5.0-0.19.10:1.0.4-1.20.10:0.0.20060920alpha-74.10.10:5.5.39-0.7.10:5.0.96-0.6.130:0.9.8j-0.66.10:1.2.31-5.35.10:1.2.31-5.38.10:0.9.23-0.15.10:4.6.3-5.32.10:4.0.3.3.26-0.6.20:4.0.3.3.26-0.6.10:2.26.0-2.5.10:1.0.20-2.10.20:1.5-1.28.10:1.0.5.9-0.9.10:0.9.1-156.10:0.2.8.4-206.29.29.10:2.7.6-0.34.10:2.7.6-0.37.10:0.8.0-0.21.60:0.8.0-0.25.10:2.6.7-0.16.10:38.6.0esr-31.30:3.20.2-25.20:4.10.8-0.8.10:3.19.2.2-22.10:3.15.2-0.8.10:5.5.45-0.11.10:5.5.46-0.14.10:5.5.47-0.17.10:5.4.2.1-8.12.24.10:3.15.3-0.8.10:2.4.26-0.35.10:2.4.26-0.62.20:0.9.8j-0.80.10:0.152.0-6.20:1.1.5-0.12.10:5.10.0-64.70.10:5.3.17-45.10:5.3.17-48.10:1.7-37.60.20:4.4.2.3-37.60.20:9.4.5-0.8.30:9.1.15-0.3.10:9.1.18-0.3.10:9.1.19-0.5.10:2.6.9-0.33.10:2.6-8.33.10:2.6.9-0.25.10:2.6-8.25.10:2.6.9-0.27.10:2.6-8.27.10:2.6.9-0.31.10:2.6-8.31.10:0.6c8-10.19.6.10:0.6c11-6.10:2.3.17-0.13.10:1.8.7.p357-0.9.15.10:2.3.17-0.15.20:3.2.12-0.14.30:3.2.12-0.18.10:2.3.0-0.12.10:1.1.6-0.11.20:1.4.5-0.7.30:3.6.3-76.10:3.6.3-0.56.10:3.6.3-64.10:3.0u-0.7.20:1.2.9-162.33.10:1.6.17-1.29.10:1.0-37.10:3.8.2-141.160.10:1.10.11-0.2.10:1.12.7-0.5.30:1.12.9-0.12.10:4.2.5_06-0.7.10:4.2.5_02-0.7.10:4.2.5_12-15.10:4.2.5_14-18.20:4.2.2_06-0.7.10:4.2.3_02-0.7.10:4.2.3_08-0.7.10:4.2.4_02-0.7.10:4.2.4_04-0.9.10:4.2.5_04-0.9.10:4.2.5_08-0.9.10:4.2.5_18-21.10:3.1.8-0.7.10:7.4-27.85.10:7.4-8.26.42.10:7.4-5.11.15.10:1.2.5-4.35.10:1.2.5-4.38.10:1.2.5-4.41.10:1.2.5-4.46.10:1.2.5-4.52.10:1.2.5-4.59.10:1.2.5-4.62.10:6.4.3.6-7.34.10:6.4.3.6-7.37.10:6.4.3.6-7.40.10:6.4.3.6-7.45.10:6.4.3.6-7.48.10:6.4.3.6-7.54.10:6.4.3.6-7.60.10:0.9.1-159.10:38.6.1esr-34.10:38.8.0esr-40.50:4.12-26.10:3.20.2-30.10:45.2.0esr-45.20:2.11.0-2.10:4.12-29.10:3.21.1-35.10:45.3.0esr-50.10:45.4.0esr-53.10:45.6.0esr-62.10:45.7.0esr-65.20:38.7.0esr-37.30:4.12-24.10:3.20.2-28.10:4.4.2_12-23.10:2.2.12-64.10:2.2-31.29.10:3.2-147.29.10:5.2-147.29.10:9.9.6P1-0.25.10:9.9.6P1-0.30.10:9.9.6P1-0.33.10:9.9.6P1-0.36.10:2.5.5-9.10:2.0-318.10:2.8.12-56.13.10:1.0.114.6-0.14.10:7.19.7-1.61.10:7.19.7-1.64.10:2.3.11-60.65.67.10:4.2.4.P2-0.27.10:2.0.1-88.38.10:2.0.1-88.41.10:2.6.0-10.19.10:2.3.7-25.41.40:4.8.5-4.20:5.3.1+r233831-10.10:2.0.36.RC1-52.22.10:2.0.36.RC1-52.25.10:2.0.36.RC1-52.29.10:2.0.36.RC1-52.32.10:8.62-32.41.10:4.2.7-32.41.10:8.62-32.38.10:4.2.7-32.38.10:4.1.6-21.10:2.6.2-3.34.47.10:1.7.12.4-0.14.10:2.11.3-17.102.10:2.4.1-24.39.67.10:0.10.35-5.17.10:2.18.9-0.44.10:1.8.5-24.10:4.0-7.30.20:4.0-38.10:4.0-43.10:4.0-46.10:1.4.2-2.20.10:1.900.14-134.25.10:1.7.1_sr3.10-3.10:1.7.1_sr3.20-6.10:1.7.1_sr3.30-9.10:1.7.1_sr3.40-13.10:1.7.1_sr3.60-19.20:1.7.1_sr3.50-16.10:3.0.101-80.20:3.0.101-88.30:3.0.101-94.20:3.0.101-65.30:3.0.101-71.20:3.0.101-68.20:3.0.101-77.20:3.0.101-84.20:1.6.3-133.49.106.10:1.6.3-133.49.109.10:0.6.3-1.9.60:1.7.4-7.9.10:1.5.0-0.22.10:1.10-6.10:1.0.4-1.25.10:3.2.0-10.5.10:1.1.03.beta1-2.10:2.8.8-2.10:1.2.4-2.10:5.0.4.2-23.10:4.1-2.260:3.7.1-5.20:20150827-23.10:1.0.2-0.8.10:0.2-5.22.10:1.2.9-4.2.6.10:1.2.5-12.30:1.2.5-15.30:2.7.6-0.40.10:2.7.6-0.44.10:2.7.6-0.50.10:2.7.6-0.64.10:3.0.101-91.20:2.3.2-0.11.10:2.3.2-0.14.20:45.5.1esr-59.10:3.21.3-39.10:2.6.7-0.18.10:5.5.49-0.20.10:5.0.96-0.8.10.30:5.5.52-0.27.10:5.5.53-0.30.10:5.5.54-0.35.10:1.5-1.34.10:4.02.1-3.40:0.9.8j-0.89.10:0.9.8j-0.97.10:0.9.8j-0.102.20:1.1.5-0.17.20:5.10.0-64.80.10:4.008-6.10:4.008-9.10:0.710.08-3.10:5.3.17-59.10:5.3.17-62.10:5.3.17-71.10:5.3.17-74.10:5.3.17-79.20:5.3.17-84.10:5.3.17-87.10:5.3.17-94.10:5.3.17-101.10:2.6.6-0.29.10:0.12.3-1.12.10:9.4.6-0.14.30:9.4.9-0.19.10:2.4.5.git-2.31.70:2.6.9-39.10:2.6-8.39.10:0.99.15-0.16.10:0.99.15-0.21.10:0.99.15-0.24.20:0.99.15-0.29.10:3.2.12-0.23.10:3.2.12-0.26.10:3.2.12-0.15.10:3.2.12-0.21.10:2.4.4-0.10.20:3.6.3-67.20:3.6.3-84.10:0.12.4-5.10:0.12.4-8.10:3.7.6.3-1.4.6.10:1.6.17-1.35.10:3.8.2-141.163.10:3.8.2-141.168.10:1.12.11-0.18.10:1.12.13-0.23.10:4.4.2_10-5.10:4.4.3_02-26.20:4.4.4_02-32.10:4.4.4_07-37.10:4.4.4_08-40.20:4.4.4_10-43.50:4.4.4_12-46.10:4.4.3_06-29.10:7.4-5.11.65.10:7.4-1.20.10:7.4-3.10:7.4-8.26.49.10:2.17.161-5.10:1.2.7-0.14.10:11.3-00:7.19.7-0.40.10:1.0.1g-0.22.10:2.4.26-0.30.20:2.4.26-0.62.30:6.6p1-10.10:6.6p1-15.10:1.0.1g-0.35.10:1.0.1g-0.40.10:1.0.1g-0.47.10:1.0.1g-0.52.10:1.0.1g-0.57.10:1.11.4-1.32.10:17.0.9esr-0.3.10:9.5.5-0.5.5.10:9.4.6-0.4.5.10:9.4.2-0.4.10:1.1.1-174.27.10:3.4.3-1.50.10:5.1-0.7.10:0.97.8-0.2.10:0.9.7g-146.22.10:8.12-6.25.29.10:10.0.7-0.3.10:7-0.6.7.800:10.0.9-0.3.10:7-0.6.7.850:10.0.10-0.3.10:10.0.11-0.3.10:10.0.12-0.4.10:17.0.4esr-0.5.10:7-0.6.9.50:0.5-1.47.51.50:17.0.5esr-0.4.10:7-0.6.9.170:17.0.6esr-0.4.10:17.0.7esr-0.3.10:7-0.6.9.310:17.0.10esr-0.4.2.40:7-0.6.9.620:11.2.202.336-0.3.10:2.0.9-25.33.37.10:1.4.1-0.8.10:1.6.0.0_b27.1.12.7-0.2.10:3.0.101-0.7.17.10:4.1.6_04_3.0.101_0.7.17-0.5.160:0.15.1-0.27.10:2013.1.7-0.3.10:5.1p1-41.57.10:1.95-0.4.10:2.0.9-143.33.3.10:2.6.18-0.12.10:3.16-50.39.10:4.4.0-6.21.10:1.7.6p2-0.2.12.10:0.1.5-1.5.10:1.0.7-5.10.10:4.1.4_02_3.0.58_0.6.6-0.5.10:0.9.0-3.19.10:0.5.10-0.5.10:4.1.2_20_3.0.38_0.5-0.5.20:0.5.12-0.5.10:4.1.3_02_3.0.38_0.5-0.5.10:4.1.3_04_3.0.42_0.7-0.5.10:4.1.5_02_3.0.74_0.6.10-0.5.10:4.1.6_02_3.0.93_0.5-0.5.10:4.1.6_04_3.0.101_0.5-0.5.10:7.3.99-3.18.20:0.4.1-28.19.10:1.6.166-0.5.10:24-0.7.480:24-0.7.360:3.2-147.22.10:1.2-2.10.10:1.2-2.12.10:0.98.1-0.10.10:0.9.7g-146.22.31.10:0.9.7g-146.22.36.10:3.13_3.0.101_0.31-0.9.10:3.2.3-45.5.30:2.71-0.12.13.10:61-1.35.10:7-0.12.10:7-0.12.410:24-0.7.140:24-0.7.230:38-15.310:24-0.7.40:31.0-0.10.10:31.0-0.12.510:11.2.202.418-0.3.10:11.2.202.481-0.8.20:11.2.202.491-0.11.10:11.2.202.508-0.14.10:11.2.202.521-0.17.10:11.2.202.535-0.20.10:11.2.202.540-0.23.10:11.2.202.548-0.26.10:11.2.202.554-0.29.10:11.2.202.559-0.32.10:3.0.2-269.39.10:2.0.9-25.33.41.20:2.00-0.49.20:0.10.22-7.11.10:1.4.2-0.7.10:1.7.0.71-0.7.10:1.7.0.85-0.11.20:1.7.0.91-0.14.20:1.7.0.95-0.17.20:4.3.5-0.11.20.10:3.0.101-0.47.55.10:3.0.101-0.40.10:4.2.4_04_3.0.101_0.40-0.7.30:3.0.101-0.47.67.20:3.0.101-0.47.71.10:1.4.2-0.17.10:1.4.2-0.22.34.30:1.4.2-37.10:1.4.2-0.21.40:1.900.1-134.13.10:0.4.1-16.20.20:2.7.6-0.34.40:2.7.6-0.37.40:12.5-1.7.10:38-18.240:1.5.17-42.37.10:3.0.0-0.20.10:3.0.0-0.10.10:4.2.4p8-1.24.10:6.2p2-0.13.10:6.2p2-0.21.10:6.2p2-0.21.30:6.2p2-0.24.10:6.2p2-0.24.30:1.97-0.3.10:2.0.9-143.40.50:2.28.3-0.5.100:0.2808.01-0.70.10:0.72-0.70.10:2.6.18-0.16.10:0.7-6.20.10:0.1.6+git20080930-6.24.10:3.0.4-2.49.10:1.3.11-0.25.40:4.4.0-6.32.10:1.7.6p2-0.21.10:1.4-1.35.10:1.1.1-174.10:0.7.1-6.17.40:4.2.5_06_3.0.101_0.47.52-0.7.10:4.2.5_02_3.0.101_0.40-0.7.10:4.2.5_12_3.0.101_0.47.55-15.10:4.2.5_14_3.0.101_0.47.67-18.20:4.2.2_06_3.0.82_0.7-0.7.10:4.2.3_02_3.0.93_0.8-0.7.10:4.2.3_08_3.0.101_0.8-0.7.10:4.2.4_02_3.0.101_0.15-0.7.10:4.2.4_04_3.0.101_0.40-0.9.10:4.2.5_04_3.0.101_0.47.52-0.9.10:4.2.5_08_3.0.101_0.47.55-0.9.10:4.2.5_18_3.0.101_0.47.71-21.10:5.07-6.36.10:4.4.2_12_3.0.101_63-23.10:0.9.7g-146.22.41.10:6.3.8.90-13.20.21.10:11.2.202.569-0.35.10:11.2.202.577-0.38.10:2.00-0.54.20:1.5.3-0.9.10:1.7.0.99-0.20.20:3.0.101-65.10:3.0.101-71.10:3.0.101-68.10:1.4.2-32.10:1.4.2-35.10:4.2.8p4-5.10:6.6p1-13.10:6.6p1-13.30:6.6p1-16.10:6.6p1-16.40:1.7.0.0-1.18.20:4.4.2_10_3.0.101_63-5.10:4.4.3_02_3.0.101_65-26.20:4.4.4_02_3.0.101_68-32.10:4.4.3_06_3.0.101_65-29.10:1.0.0-0.9.10:0.6.1-0.17.10:1.4_3.0.101_0.47.55-2.28.1.210:1.4_3.0.101_0.40-2.27.980:2_3.0.101_0.47.55-0.17.1.210:2_3.0.101_0.40-0.16.1040:1.6_3.0.101_0.47.55-0.21.1.210:1.6_3.0.101_0.40-0.20.980:8.4.4_3.0.101_0.40-0.22.640:0.7.0+git.1430140184.8e872c5-7.10:1.1.12-18.10:45.0-23.100:3.4.0-18.10:3.5.5-18.10:1.9-18.10:1.0-18.10:1.0.14-0.4.25.10:1.6.0_sr16.30-75.10:1.6.0_sr16.35-78.20:1.7.0_sr9.50-55.10:1.7.0_sr9.60-58.20:3.0.101-0.47.86.10:3.0.101-0.47.93.10:3.0.101-0.47.90.10:3.0.101-0.47.96.10:4.2.8p9-48.9.10:6.2p2-0.33.20:6.2p2-0.33.50:1.34b-84.10:4.2.5_21-27.10:4.2.5_21_3.0.101_0.47.86-27.10:4.2.5_21-30.10:4.2.5_21_3.0.101_0.47.90-30.10:1.4.19_2.6.33.5_rt23_0.4-0.7.611.10:2.1.0.0_2.6.33.20_rt31_0.5-0.2.520:1.4_2.6.33.20_rt31_0.5-2.5.620:8.3.11_2.6.33.20_rt31_0.5-0.3.620:1.4.19_2.6.33.20_rt31_0.5-0.9.11.380:2.6.33.20-0.5.10:1.6_2.6.33.20_rt31_0.5-0.4.2.620:1.5.2_2.6.33.20_rt31_0.5-0.9.13.490:1.5.2_2.6.33.18_rt31_0.3-0.9.13.10:1.4_3.0.101_rt130_0.7.9-2.18.790:8.4.2_3.0.101_rt130_0.7.9-0.6.6.700:1.4.20_3.0.101_rt130_0.7.9-0.25.25.180:3.0.101.rt130-0.7.9.10:2.0.4_3.0.101_rt130_0.7.9-0.9.9.60:1.6_3.0.101_rt130_0.7.9-0.11.780:1.5.2_3.0.101_rt130_0.7.9-0.28.28.500:1.4_3.0.101_rt130_0.28-2.27.990:8.4.4_3.0.101_rt130_0.28-0.22.650:1.4.20_3.0.101_rt130_0.28-0.38.840:3.0.101.rt130-0.28.10:2.1.1_3.0.101_rt130_0.28-0.11.750:1.6_3.0.101_rt130_0.28-0.20.990:1.5.4.1_3.0.101_rt130_0.28-0.13.900:3.0.101.rt130-0.33.40.10:3.0.101.rt130-0.33.44.20:3.0.101.rt130-0.33.44.10:3.0.101.rt130-51.10:3.0.101.rt130-54.10:3.0.101.rt130-45.10:3.0.101.rt130-48.10:3.0.101.rt130-65.10:3.0.101.rt130-57.10:1.4.2_sr13.13-0.3.10:1.0.0-0.8.10:0.9.7g-146.22.44.10:0.9.7g-146.22.47.10:0.98.9-0.7.10:5.4.15-0.15.20:5.9.33-0.20.10:2.0.10-0.38.10:5.3.7-0.9.10:1.2.74-0.20.10:1.2.2-0.16.10:1.2.74-0.22.20:0.5.2-0.38.160:1.4_3.0.101_0.7.17-2.18.810:2_3.0.101_0.7.17-0.7.1090:1.6_3.0.101_0.7.17-0.11.800:6.4.3.6-7.19.1110:3.0.10-1.1.10:3.5-1.1.50:2.24.0-7.50:3.12.3.1-1.2.10:0.8.11-2.140:4.8-1.3.10:1.9.0.10-1.1.10:1.9.1.11-0.1.10:1.9.2.12-0.6.10:2.14.16-2.160:0.7.0.r4359-15.9.20:0.7.0.r1053-11.11.10:3.2.7-151.30:2.2.47-30.5.10:2.2.10-2.23.22.10:5.2.6-50.18.30:0.6.23-11.14.10:9.5.0P2-20.7.10:2.0.1-1.26.10:3.2.7-11.21.10:1.34b-11.21.10:0.95.1-0.1.10:4.3.3_20081022-11.180:2.9-75.27.24.10:4.1-194.19.10:1.3.9-8.15.10:7.19.0-11.21.10:1.2-107.220:1.10-3.180:2.3.11-60.21.10:2.1.22-182.20.10:1.2.10-3.9.10:0.76-34.10.10:3.1.1-7.13.10:2.45-12.23.10:1.0.5-1.27.10:2.24.1.1-11.8.10:3.24.1.1-3.23.20:2.24.1.1-11.12.10:6.3.8.90-13.16.10:IIIalpha9.8-691.220:0.15-1.290:2.7.0-130.210:2.24.0-7.40:0.10.21-3.200:1.1.3-87.120:0.3.15-3.100:2.3.7-25.9.10:2.7.2-61.18.10:2.24.0-24.39.10:8.62-32.25.10:4.2.7-32.25.10:2.18.2-7.7.10:2.9-13.11.10:2.2.23-1.41.10:2.24.0-14.27.10:2.4.1-24.16.10:2.0.9-25.26.10:1.4.1-6.70:1.6-8.60:1.0.4-1.160:0.10.21-2.36.10:0.10.10-4.9.10:4.0-7.22.10:0.7.1-10.31.10:0.4.15-94.14.10:0.4.15_2.6.27.48_0.6-94.14.10:1.4.2_sr13-0.1.10:1.5.0.13.1.2-0.1.10:1.6.0-124.6.10:1.6.0-124.7.10:4.1.3-9.14.60:4.1.3-9.28.30:4.1.3-7.17.10:4.1.3-18.8.10:4.1.3-7.9.10:3.5.10-23.30.10:4.1.3-8.21.10:4.1.3-8.18.10:0.5.5-106.180:0_2.6.27.23_0.1-7.1.70:0.4.15_2.6.27.54_0.2-94.14.80:2.6.27.23-0.1.10:2.0.5_2.6.27.54_0.2-7.9.10:1.6.3-133.25.10:78.0.10.6-0.3.10:78.2.6.30.1_2.6.27.37_0.1-0.7.10:1.17-77.12.10:1.23-4.1.10:1.3.4-12.19.10:1.3.3-11.16.10:1.0.4-157.15.10:3.12.8-1.2.10:4.8.6-1.2.10:1.2.3-106.340:2.0-11.20.10:2.4.12-7.19.10:5.0.67-13.26.10:0.28.3-2.12.10:0.11.6-5.25.10:0.9.8h-30.13.10:1.2.31-5.11.10:1.2.31-5.18.10:0.10.1-1.37.10:0.10.1-1.30.50:2.6.0-8.8.6.10:2.6.0-8.9.6.20:4.4.3-12.11.10:1.0.17-172.14.10:1.0.beta2-6.1.10:3.8.2-141.8.10:3.8.2-141.7.10:128-13.2.10:0.4.6-14.63.10:2.7.1-10.11.10:2.02.39-18.26.30:2.0.2-2.15.10:4.8.2-1.1.10:1.9.0.9-0.1.10:1.9.1.15-0.5.10:3.0.6-1.21.10:4.2.4p6-1.17.10:2.0.870-26.6.10:1.2.0-172.10.7.10:0.9.8h-30.14.10:0.9.8h-30.18.10:2.6.16-1.32.10:1.22.1-3.17.30:1.4.102-1.31.10:5.10.0-64.43.10:1.16-3.2.10:1.7-37.18.10:4.4.2.3-37.18.10:8.3.7-0.1.10:0.24.5-5.7.10:0.8.4-194.19.10:0.99.10-17.17.10:8.14.3-50.20.10:1.8.7.p72-5.22.10:2.7.STABLE5-2.4.10:4.2.8-1.23.10:1.6.9p17-21.3.10:0.7.1-42.5.10:1.20-23.23.10:0.9.0-1.27.10:0.5.2-128.18.10:2.1.1.2-2.20:1.0.5-1.26.10:0.5-15.16.10:0.4.6-14.60.160:0.5.2-8.47.850:0.5.3-66.42.130:0.0.3-3.57.130:0.3.27-0.1.150:3.3.1_18546_24-0.3.70:3.3.1_18546_24_2.6.27.45_0.3-0.3.70:2.8.1-238.27.10:3.02-138.26.10:2.17.21-0.1.10:24.6.0esr-0.3.10:24-0.4.10.240:3.16.1-0.3.110:7.7-5.12.380:17.0.8esr-0.4.2.10:24.5.0esr-0.3.10:24-0.4.10.140:3.16-0.3.10:2.2.12-1.48.10:5.2.14-0.7.30.54.10:3.2-147.14.22.10:5.2-147.14.22.10:9.6ESVR7P4-0.2.3.10:9.6ESVR11W1-0.6.10:9.6ESVR11W1-0.9.10:3.4.3-1.54.10:1.34b-11.28.54.10:0.98.6-0.6.10:7.19.7-1.20.27.90:1.2.10-3.25.20:10.0.12-0.4.30:7-0.6.7.1030:7-0.6.9.200:17.0.10esr-0.4.2.10:7-0.6.9.600:24.3.0esr-0.4.2.20:24-0.4.10.40:4.7.2_20130108-0.16.10:3.15.4-0.4.2.10:4.10.2-0.3.20:24.7.0esr-0.3.10:3.16.2-0.3.10:24.8.0esr-0.3.10:3.16.4-0.3.10:31.3.0esr-0.3.10:31.4.0esr-0.3.10:3.17.3-0.3.10:31.5.3esr-0.3.10:38.2.1esr-17.10:31.2.0esr-0.11.11.10:31.0-0.5.5.10:3.17.2-0.3.10:2.11.1-0.58.10:2.4.1-24.39.53.10:2.0.9-25.33.37.60:1.6.0_sr16.0-0.3.10:0_2.6.32.59_0.13-0.3.1630:0_2.6.32.59_0.13-7.9.1300:0_2.6.32.59_0.13-0.18.390:2.6.32.59-0.15.20:4.0.3_21548_16_2.6.32.59_0.15-0.5.260:0.12.5-1.26.10:0.12.5-1.30.20:3.16.5-0.4.2.10:1.4.1-6.10.10:5.0.96-0.8.8.20:38.2.0esr-10.10:31.0-0.5.7.110:4.7.2_20130108-0.37.20:3.19.2.0-0.7.10:4.2.4p8-1.29.32.10:1.96-0.4.10:1.8.7.p357-0.9.15.60:4.4.0-6.23.10:1.7.6p2-0.2.12.50:4.0.3_21548_18-0.21.10:4.0.3_21548_18_2.6.32.59_0.19-0.21.10:4.0.3_21548_18-29.10:4.0.3_21548_18_2.6.32.59_0.19-29.10:4.0.3_21548_10-0.5.10:4.0.3_21548_10_2.6.32.59_0.7-0.5.10:4.0.3_21548_16-0.5.10:4.0.3_21548_16_2.6.32.59_0.9-0.5.10:4.0.3_21548_18-0.15.10:4.0.3_21548_18_2.6.32.59_0.19-0.15.10:4.0.3_21548_18-0.25.10:4.0.3_21548_18_2.6.32.59_0.19-0.25.10:7.4-27.40.70.10:7.4-8.26.42.40:7.4-1.18.160:7.4-1.22.5.1520:38.8.0esr-40.10:45.3.0esr-48.10:45.0-20.380:2.11.0-4.20:3.21.1-26.20:4.12-25.20:45.4.0esr-52.10:45.6.0esr-66.10:4.1.6_08-17.10:4.1.6_08_3.0.101_0.7.29-17.10:1.0.8-0.4.7.10:1.34b-12.33.39.10:4.2.4.P2-0.11.15.10:38.3.0esr-20.10:38.4.0esr-25.30:38-12.190:3.19.2.1-12.10:38.7.0esr-36.30:3.20.2-20.10:4.12-19.10:2.11.3-17.45.66.10:3-0.5.10:1.1.1-1.35.10:1.6.0_sr16.20-49.10:1.6.0_sr16.25-69.10:1.7.0_sr7.0-0.5.10:1.7.0_sr9.30-45.10:1.7.0_sr9.40-52.10:3.0.101-0.7.47.10:3.0.101-0.7.53.10:3.0.101-0.7.37.10:3.0.101-0.7.40.10:3.0.101-0.7.44.10:0.15.1-0.32.20:1.34b-12.24.40:2.7.6-0.44.40:45.5.1esr-63.10:3.21.3-30.10:38.6.1esr-33.10:38-15.580:3.20.2-17.50:2.12-24.4.8.10:4.2.8p6-41.10:2.17.14.1-1.12.10:4.2.8p7-44.10:4.2.8p8-47.30:5.1p1-41.69.10:5.1p1-41.69.40:2.6.16-1.40.10:5.2.14-0.7.30.72.10:5.2.14-0.7.30.89.10:5.3.17-47.10:5.3.17-55.10:5.3.17-58.10:1.34b-45.20:3.6.3-45.20:1.34b-48.20:3.6.3-48.20:1.34b-52.10:3.6.3-52.10:1.34b-56.10:3.6.3-56.10:4.36-0.12.10:6.0.18-20.35.42.10:4.1.6_08-0.11.10:4.1.6_08-0.5.10:4.1.6_08_3.0.101_0.7.23-0.5.10:4.1.6_08-20.10:4.1.6_08_3.0.101_0.7.37-20.10:4.1.6_08-26.10:4.1.6_08_3.0.101_0.7.37-26.10:4.1.6_08-29.10:4.1.6_08_3.0.101_0.7.40-29.10:4.1.6_08-32.10:4.1.6_08_3.0.101_0.7.44-32.10:4.1.6_06-0.5.10:4.1.6_06_3.0.101_0.7.17-0.5.10:4.1.6_08-0.9.10:4.1.6_08_3.0.101_0.7.29-0.9.10:4.1.6_08-0.13.10:4.1.6_08_3.0.101_0.7.29-0.13.10:4.1.6_08-23.10:4.1.6_08_3.0.101_0.7.37-23.130:1.34b-12.52.50:38-10.270:31.0-0.5.10:31.0-0.7.50:0.7.3-1.13.10:3.2.2-88.36.10:1.6.0_sr16.20-51.10:1.7.0_sr9.30-47.10:3.0.101-0.47.79.10:1.4.20_3.0.101_0.40-0.38.830:1.5.4.1_3.0.101_0.40-0.13.890:2.0.5_3.0.101_0.40-7.39.890:1.6.3-133.49.97.30:1.6.3-133.49.68.20:1.4.2-46.10:2.3.37-2.35.10:2.3.37-2.62.20:1.2.16-0.13.10:2.6.1-0.14.10:1.34b-76.10:3.6.3-76.20:1.34b-12.56.10:1.34b-64.10:2.7.STABLE5-2.12.24.20:1.3.3-12.2.10:2.0.7-4.29.10:4.2.5_20-24.90:4.2.5_20_3.0.101_0.47.79-24.90:0.9.svn1043876-1.3.150:2.5.69.8-11.20:2.1.12-14.20:2.71-0.16.30:3.0.26-3.10:0.10.30-5.14.10:3.0.101-80.10:3.0.101-88.10:3.0.101-94.10:3.0.101-77.10:3.0.101-84.10:1.4.2-44.10:1.4.2-47.10:1.4.2-50.10:1.14.0.894-3.10:1.3.3-12.4.10:1.2.5-4.20:2.7.6-0.40.30:2.7.6-0.50.40:2.7.6-0.64.40:3.0.101-91.10:4.2.8p9-57.20:6.6p1-21.10:6.6p1-21.30:6.6p1-28.10:6.6p1-28.20:0.2808.01-0.80.10:0.72-0.80.10:2.0.79-4.8.10:3.0.4-2.52.10:1.34b-67.20:2.7.STABLE5-2.12.29.10:3.1.23-8.16.30.10:3.1.23-8.16.36.10:1.4-13.10.10:4.4.0-6.29.20:1.7.6p2-0.29.10:1.20-121.10:1.26-1.2.10.10:6.0.45-0.53.20:6.0.41-0.47.10:6.0.45-0.50.10:7.2-8.17.10:0.5.3.git20161120-4.10:4.4.4_07_3.0.101_77-37.10:4.4.4_08_3.0.101_80-40.20:4.4.4_10_3.0.101_88-43.50:4.4.4_12_3.0.101_91-46.10:1.6.3-133.49.56.10:5.0.67-13.20.10:1.6.0_sr7.0-1.1.10:0.10.1-1.31.10:1.22.1-3.18.10:3.5.8-0.1.10:1.9.0.18-0.1.10:1.9.1.8-1.1.10:1.0.5-1.34.10:2.6.0-8.8.1.10:2.6.0-8.9.1.10:0.9.8h-30.22.21.10:2.18.2-7.9.10:1.6.3-133.26.10:2.7.2-61.15.10:3.5.6-1.1.10:1.9.0.13-1.1.10:1.9.1.6-1.1.10:3.5.9-0.1.10:2.4.1-24.32.10:1.4.2_sr13.4-1.6.10:3.12.6-3.1.10:1.9.0.19-0.1.10:1.9.1.9-1.1.10:1.4.2_sr13.3-1.1.10:1.9.0.16-0.1.10:8.3.9-0.1.10:8.62-32.27.26.10:4.2.7-32.27.26.10:2.4.1-24.39.49.10:1.6.0_sr8.0-0.1.20:0.96-0.12.10:1.2.31-5.13.10:3.5.7-1.1.10:1.9.1.7-1.1.10:1.3.9-8.30.10:5.2.14-0.1.10:1.3.9-8.37.10:3.2.7-11.9.10:1.34b-11.9.10:1.6.3-133.27.10:8.3.11-0.1.10:0.7.0.r4359-15.20.10.120:1.6.3-133.33.10:1.4.2_sr13.8-0.3.10:1.6.3-133.39.10:0.96.1-0.1.10:2.3.7-25.11.10:3.2.7-11.20.10:1.34b-11.20.10:2.1.0.0_2.6.33.7.2_rt30_0.3-0.2.90:1.4.19_2.6.33.7.2_rt30_0.3-0.7.260:2.6.33.7.2-0.3.10:1.4.2_2.6.33.7.2_rt30_0.3-0.14.10:0_2.6.27.54_0.2-7.1.430:2.6.27.54-0.2.10:0.9.8h-30.22.22.10:0.99.10-17.18.10:2.3.7-25.17.10:3.6.12-0.6.10:1.9.1.11-0.1.150:5.2.14-0.7.13.10:0.9.8h-30.22.28.10:2.1.0.0_2.6.33.20_rt31_0.3-0.2.340:1.4_2.6.33.20_rt31_0.3-2.5.280:8.3.11_2.6.33.20_rt31_0.3-0.3.280:1.4.19_2.6.33.20_rt31_0.3-0.9.11.20:2.6.33.20-0.3.10:1.6_2.6.33.20_rt31_0.3-0.4.2.280:1.5.2_2.6.33.20_rt31_0.3-0.9.13.150:1.4_3.0.74_rt98_0.6.2-2.18.370:8.4.2_3.0.74_rt98_0.6.2-0.6.6.280:1.4.20_3.0.74_rt98_0.6.2-0.23.340:3.0.74.rt98-0.6.2.10:2.0.4_3.0.74_rt98_0.6.2-0.7.300:1.6_3.0.74_rt98_0.6.2-0.11.360:1.5.2_3.0.74_rt98_0.6.2-0.28.28.80:2.1.0.0_2.6.33.18_rt31_0.3-0.2.240:1.4_2.6.33.18_rt31_0.3-2.5.60:8.3.11_2.6.33.18_rt31_0.3-0.3.60:1.4.19_2.6.33.18_rt31_0.3-0.7.480:2.6.33.18-0.3.10:1.6_2.6.33.18_rt31_0.3-0.4.2.60:1.4.2_sr13.9-0.3.10:2.11.1-0.50.10:2.6.32.59-0.19.10:4.0.3_21548_18_2.6.32.59_0.19-0.9.170:1.4.2_sr13.10-0.3.10:3.0.26-0.7.60:1.4_3.0.26_0.7-2.10.130:2_3.0.26_0.7-0.7.130:1.6_3.0.26_0.7-0.7.130:0_2.6.32.59_0.9-0.3.1510:0_2.6.32.59_0.9-7.9.1180:0_2.6.32.59_0.9-0.18.370:2.6.32.59-0.9.10:5.2.14-0.7.30.46.10:5.3.8-0.39.10:1.4.2_sr13.11-0.3.10:5.3.8-0.23.10:1.4.20-2.46.100:2.0.10-0.34.10:2.2.12-1.36.10:1.6.0.0_b24.1.11.4-0.3.10:1.7.0_sr2.0-0.5.10:1.6.0_sr11.0-0.3.10:3.0.58-0.6.2.10:4.1.3_06_3.0.58_0.6.2-0.7.160:1.4_3.0.58_0.6.2-2.18.180:2_3.0.58_0.6.2-0.7.530:1.6_3.0.58_0.6.2-0.11.170:5.3.8-0.27.10:9.5.3-0.2.10:9.4.6-0.4.2.40:1.6.0.0_b24.1.11.5-0.2.10:3.0.51-0.7.9.10:1.4_3.0.51_0.7.9-2.18.120:2_3.0.51_0.7.9-0.7.470:1.6_3.0.51_0.7.9-0.11.110:9.6ESVR7P1-0.5.10:1.4.2_sr13.13-0.2.10:3.0.34-0.7.90:1.4_3.0.34_0.7-2.10.300:2_3.0.34_0.7-0.7.300:1.6_3.0.34_0.7-0.7.300:3.0.31-0.9.10:1.4_3.0.31_0.9-2.10.230:2_3.0.31_0.9-0.7.230:1.6_3.0.31_0.9-0.7.230:3.0.74-0.6.6.20:4.1.4_02_3.0.74_0.6.6-0.5.220:1.4_3.0.74_0.6.6-2.18.360:2_3.0.74_0.6.6-0.7.690:1.6_3.0.74_0.6.6-0.11.350:5.3.8-0.33.20:3.0.101-0.35.10:4.2.4_02_3.0.101_0.35-0.7.450:1.4_3.0.101_0.35-2.27.780:2_3.0.101_0.35-0.16.840:1.6_3.0.101_0.35-0.20.780:1.4_3.0.61_rt85_0.7-2.18.230:8.4.2_3.0.61_rt85_0.7-0.6.6.140:1.4.20_3.0.61_rt85_0.7-0.23.200:3.0.61.rt85-0.7.10:2.0.4_3.0.61_rt85_0.7-0.7.190:1.6_3.0.61_rt85_0.7-0.11.220:1.5.2_3.0.61_rt85_0.7-0.26.220:1.4_3.0.101_rt130_0.24-2.27.790:8.4.4_3.0.101_rt130_0.24-0.22.450:1.4.20_3.0.101_rt130_0.24-0.38.640:3.0.101.rt130-0.24.10:2.1.1_3.0.101_rt130_0.24-0.11.570:1.6_3.0.101_rt130_0.24-0.20.790:1.5.4.1_3.0.101_rt130_0.24-0.13.700:5.3.8-0.35.10:3.0.42-0.7.30:1.4_3.0.42_0.7-2.18.70:2_3.0.42_0.7-0.7.420:1.6_3.0.42_0.7-0.11.60:3.0.38-0.5.10:1.4_3.0.38_0.5-2.16.10:2_3.0.38_0.5-0.7.370:1.6_3.0.38_0.5-0.7.370:2.11.3-17.43.10:1.4-0.5.10:1.4-0.10.10:2.3.14-0.14.10:0.15.1-0.23.10:4.2.4.P1-0.5.10:9.6ESVR7P2-0.8.10:4.2.4.P2-0.5.10:1.4.15-0.2.10:9.6ESVR7P3-0.9.10:9.6ESVR7P3-0.2.10:3.0.101-0.46.10:4.2.5_02_3.0.101_0.46-0.7.90:1.4_3.0.101_0.42-2.27.1150:2_3.0.101_0.42-0.16.1210:1.6_3.0.101_0.42-0.20.1150:1.4_3.0.101_rt130_0.32-2.27.1210:8.4.4_3.0.101_rt130_0.32-0.22.870:1.4.20_3.0.101_rt130_0.32-0.38.1060:3.0.101.rt130-0.32.10:2.1.1_3.0.101_rt130_0.32-0.11.960:1.6_3.0.101_rt130_0.32-0.20.1210:1.5.4.1_3.0.101_rt130_0.32-0.13.1120:3.0.101-0.7.29.10:3.0.101-0.7.23.10:4.1.6_08_3.0.101_0.7.29-0.5.190:4.1.6_06_3.0.101_0.7.23-0.5.300:2.11.3-17.56.20:3.8.2-141.150.10:4.6.3-5.18.10:2.7.6-0.21.10:9.6ESVR7P4-0.8.10:11.2.202.243-0.3.10:11.2.202.251-0.3.10:4.1.3_06-0.7.10:4.1.3_06_3.0.51_0.7.9-0.7.10:1.8.4-0.3.10:5.5.42-0.8.10:11.2.202.258-0.3.10:2.0.9-25.33.33.10:2.0.9-25.33.33.50:3.6.3-0.46.10:3.4.3-1.52.30:1.34b-11.28.52.30:1.34b-12.46.10:2.6.32.59-0.13.10:2.11.3-17.80.30:2.11.1-0.62.10:2.11.3-17.45.53.10:3.0.80-0.5.10:4.1.5_02_3.0.80_0.5-0.5.50:3.0.82-0.7.90:4.2.2_04_3.0.82_0.7-0.9.30:1.4_3.0.80_0.5-2.18.450:2_3.0.80_0.5-0.7.760:1.6_3.0.80_0.5-0.11.440:1.4_3.0.82_0.7-2.25.30:2_3.0.82_0.7-0.16.30:1.6_3.0.82_0.7-0.18.30:1.4_3.0.80_rt108_0.5-2.18.470:8.4.2_3.0.80_rt108_0.5-0.6.6.380:1.4.20_3.0.80_rt108_0.5-0.23.440:3.0.80.rt108-0.5.10:2.0.4_3.0.80_rt108_0.5-0.7.350:1.6_3.0.80_rt108_0.5-0.11.460:1.5.2_3.0.80_rt108_0.5-0.28.28.180:0.9.7g-146.22.25.10:0.9.8j-0.72.10:0.9.6-0.25.10:3.6.3-0.30.10:3.4.3-1.42.110:1.34b-12.30.10:9.1.8-0.5.10:1.6.0.0_b27.1.12.5-0.2.10:1.6.0_sr13.2-0.3.10:1.7.0_sr4.2-0.6.10:11.2.202.273-0.3.10:11.2.202.261-0.3.10:11.2.202.262-0.3.10:11.2.202.270-0.3.10:9.5.4-0.3.10:9.4.6-0.4.3.10:11.2.202.275-0.3.10:17.0.3esr-0.4.4.10:1.6.0.0_b27.1.12.4-0.2.10:3.0.58-0.6.6.10:4.1.3_06_3.0.58_0.6.6-0.7.220:1.4_3.0.58_0.6.6-2.18.220:2_3.0.58_0.6.6-0.7.560:1.6_3.0.58_0.6.6-0.11.210:3.0.93-0.5.10:4.1.5_02_3.0.93_0.5-0.5.390:3.0.93-0.8.20:4.2.2_06_3.0.93_0.8-0.7.170:1.4_3.0.93_0.5-2.18.610:2_3.0.93_0.5-0.7.910:1.6_3.0.93_0.5-0.11.600:1.4_3.0.93_0.8-2.27.80:2_3.0.93_0.8-0.16.140:1.6_3.0.93_0.8-0.20.80:1.4_3.0.93_rt117_0.5-2.18.620:8.4.2_3.0.93_rt117_0.5-0.6.6.530:1.4.20_3.0.93_rt117_0.5-0.25.25.10:3.0.93.rt117-0.5.10:2.0.4_3.0.93_rt117_0.5-0.7.440:1.6_3.0.93_rt117_0.5-0.11.610:1.5.2_3.0.93_rt117_0.5-0.28.28.330:1.4_3.0.93_rt117_0.9-2.27.160:8.4.3_3.0.93_rt117_0.9-0.19.70:1.4.20_3.0.93_rt117_0.9-0.38.10:3.0.93.rt117-0.9.10:2.1.1_3.0.93_rt117_0.9-0.11.60:1.6_3.0.93_rt117_0.9-0.20.160:1.5.4.1_3.0.93_rt117_0.9-0.13.70:11.2.202.280-0.3.10:1.4.2_sr13.17-0.2.10:1.6.0.0_b27.1.12.6-0.2.10:1.7.0.6-0.19.20:1.6.0_sr14.0-0.3.10:1.7.0_sr5.0-0.5.10:0.24.4-0.13.10:5.2.14-0.7.30.48.10:5.3.8-0.41.10:1.6.17-1.15.10:2.2.12-1.40.70:7.4-27.70.72.10:7.19.7-1.20.25.10:1.6.17-1.17.10:7.4-8.26.36.10:7.4-8.26.38.10:1.4.2-0.11.10:2.6.16-1.38.10:3.0.74-0.6.8.10:4.1.4_02_3.0.74_0.6.8-0.5.260:1.4_3.0.74_0.6.8-2.18.380:2_3.0.74_0.6.8-0.7.700:1.6_3.0.74_0.6.8-0.11.370:1.4_3.0.74_rt98_0.6.4-2.18.380:8.4.2_3.0.74_rt98_0.6.4-0.6.6.290:1.4.20_3.0.74_rt98_0.6.4-0.23.350:3.0.74.rt98-0.6.4.10:2.0.4_3.0.74_rt98_0.6.4-0.7.310:1.6_3.0.74_rt98_0.6.4-0.11.370:1.5.2_3.0.74_rt98_0.6.4-0.28.28.90:3.0.101-0.15.10:4.2.3_08_3.0.101_0.15-0.7.220:1.4_3.0.101_0.15-2.27.400:2_3.0.101_0.15-0.16.460:1.6_3.0.101_0.15-0.20.400:1.4_3.0.101_rt130_0.10-2.27.370:8.4.4_3.0.101_rt130_0.10-0.22.30:1.4.20_3.0.101_rt130_0.10-0.38.220:3.0.101.rt130-0.10.10:2.1.1_3.0.101_rt130_0.10-0.11.220:1.6_3.0.101_rt130_0.10-0.20.370:1.5.4.1_3.0.101_rt130_0.10-0.13.280:7.19.7-1.20.27.10:7.19.7-1.28.10:3.0.101-0.5.10:4.1.6_02_3.0.101_0.5-0.5.50:3.0.101-0.8.10:4.2.3_02_3.0.101_0.8-0.7.90:1.4_3.0.101_0.5-2.18.690:2_3.0.101_0.5-0.7.980:1.6_3.0.101_0.5-0.11.680:1.4_3.0.101_0.8-2.27.220:2_3.0.101_0.8-0.16.280:1.6_3.0.101_0.8-0.20.220:1.4_3.0.101_rt130_0.5-2.18.710:8.4.2_3.0.101_rt130_0.5-0.6.6.620:1.4.20_3.0.101_rt130_0.5-0.25.25.100:3.0.101.rt130-0.5.10:2.0.4_3.0.101_rt130_0.5-0.9.9.10:1.6_3.0.101_rt130_0.5-0.11.700:1.5.2_3.0.101_rt130_0.5-0.28.28.420:1.4_3.0.101_rt130_0.8-2.27.240:8.4.4_3.0.101_rt130_0.8-0.18.80:1.4.20_3.0.101_rt130_0.8-0.38.90:3.0.101.rt130-0.8.30:3.0.101.rt130-0.8.10:2.1.1_3.0.101_rt130_0.8-0.11.110:1.6_3.0.101_rt130_0.8-0.20.240:1.5.4.1_3.0.101_rt130_0.8-0.13.150:1.8.8-0.2.10:9.5.5-0.3.10:9.4.6-0.4.3.20:11.2.202.285-0.3.10:3.0.74-0.6.10.10:4.1.4_02_3.0.74_0.6.10-0.5.320:1.4_3.0.74_0.6.10-2.18.410:2_3.0.74_0.6.10-0.7.730:1.6_3.0.74_0.6.10-0.11.400:1.4_3.0.74_rt98_0.6.6-2.18.420:8.4.2_3.0.74_rt98_0.6.6-0.6.6.330:1.4.20_3.0.74_rt98_0.6.6-0.23.390:3.0.74.rt98-0.6.6.10:2.0.4_3.0.74_rt98_0.6.6-0.7.330:1.6_3.0.74_rt98_0.6.6-0.11.410:1.5.2_3.0.74_rt98_0.6.6-0.28.28.130:4.4.0-6.17.20:4.4.0-6.17.50:11.2.202.291-0.3.10:11.2.202.297-0.3.10:11.2.202.310-0.3.10:4.0.3_21548_18-0.9.10:4.0.3_21548_18_2.6.32.59_0.15-0.9.10:2.6.18-0.6.10:1.7.0.6-0.21.10:1.8.7.p357-0.9.11.10:5.3.17-0.15.10:3.6.3-0.33.35.10:3.4.3-1.46.20:3.6.3-0.42.10:1.34b-12.33.35.10:1.34b-12.42.10:5.3.17-0.17.10:1.6.17-1.21.30:1.0.5.6-0.7.10:5.5.37-0.7.10:5.0.96-0.6.110:3.0.101-0.7.15.10:4.1.6_04_3.0.101_0.7.15-0.5.120:1.4_3.0.101_0.7.15-2.18.790:2_3.0.101_0.7.15-0.7.1070:1.6_3.0.101_0.7.15-0.11.780:2.11.3-17.62.10:7.4-27.70.74.10:7.4-27.83.20:3.0.101-0.21.10:4.2.4_02_3.0.101_0.21-0.7.120:1.4_3.0.101_0.21-2.27.540:2_3.0.101_0.21-0.16.600:1.6_3.0.101_0.21-0.20.540:1.4_3.0.101_rt130_0.14-2.27.550:8.4.4_3.0.101_rt130_0.14-0.22.210:1.4.20_3.0.101_rt130_0.14-0.38.400:3.0.101.rt130-0.14.10:2.1.1_3.0.101_rt130_0.14-0.11.360:1.6_3.0.101_rt130_0.14-0.20.550:1.5.4.1_3.0.101_rt130_0.14-0.13.460:3.0.101-0.7.19.10:3.6.3-0.50.10:1.34b-12.33.41.20:3.6.3-0.33.41.20:3.4.3-1.54.40:1.34b-12.50.10:7.19.7-1.20.29.10:7.19.7-1.30.10:2.6.18-0.14.10:9.9.3P2-0.5.10:1.8.9-0.2.50:11.2.202.327-0.3.10:11.2.202.332-0.3.10:1.7.0.6-0.23.10:1.6.0_sr15.1-0.6.10:1.7.0_sr6.1-0.8.10:1.7.0_sr9.0-0.7.10:1.8.11-0.2.10:1.0.5.8-0.7.10:1.0.5.9-0.7.10:0.98.5-0.5.10:5.3.17-0.35.20:1.7.0.6-0.27.10:1.8.12-0.4.10:2.11.3-17.82.110:2.11.1-0.64.10:2.11.3-17.45.59.10:7.19.7-1.32.10:1.6.17-1.27.20:0.9.8j-0.54.10:0.9.8j-0.58.10:3.1.12-8.16.18.10:1.4.2-0.15.20:3.0.101-0.47.50.10:4.2.5_04_3.0.101_0.47.50-0.7.10:1.4_3.0.101_0.47.50-2.28.1.70:2_3.0.101_0.47.50-0.17.1.70:1.6_3.0.101_0.47.50-0.21.1.70:1.4_3.0.101_rt130_0.33.36-2.28.1.140:8.4.4_3.0.101_rt130_0.33.36-0.23.1.140:1.4.20_3.0.101_rt130_0.33.36-0.39.1.140:3.0.101.rt130-0.33.36.10:2.1.1_3.0.101_rt130_0.33.36-0.12.1.130:1.6_3.0.101_rt130_0.33.36-0.21.1.140:1.5.4.1_3.0.101_rt130_0.33.36-0.14.1.140:1.0.1g-0.16.10:3.0.101-0.29.10:4.2.4_02_3.0.101_0.29-0.7.240:1.4_3.0.101_0.29-2.27.630:2_3.0.101_0.29-0.16.690:1.6_3.0.101_0.29-0.20.630:1.4_3.0.101_rt130_0.16-2.27.650:8.4.4_3.0.101_rt130_0.16-0.22.310:1.4.20_3.0.101_rt130_0.16-0.38.500:3.0.101.rt130-0.16.10:2.1.1_3.0.101_rt130_0.16-0.11.450:1.6_3.0.101_rt130_0.16-0.20.650:1.5.4.1_3.0.101_rt130_0.16-0.13.560:5.3.17-0.27.10:6.0.41-0.45.10:5.3.8-0.45.10:5.3.17-0.23.50:2.11.3-17.68.10:11.2.202.335-0.4.10:11.2.202.341-0.3.10:11.2.202.346-0.3.10:11.2.202.350-0.3.10:11.2.202.359-0.3.10:11.2.202.356-0.3.10:11.2.202.378-0.3.10:11.2.202.394-0.3.10:11.2.202.400-0.3.10:11.2.202.406-0.3.10:11.2.202.411-0.3.10:11.2.202.425-0.3.10:9.6ESVR11W1-0.2.10:6.4.3.6-7.28.10:4.24-43.25.10:1.8.13-0.5.10:5.4.2.1-8.12.20.10:1.7.0.65-0.7.40:3.0.101-0.7.21.10:4.1.6_06_3.0.101_0.7.21-0.5.160:1.2.10-3.29.10:0.9.8j-0.62.10:0.9.8j-0.62.30:1.0.1g-0.20.10:1.7.0.75-0.7.10:0.9.7g-146.22.27.10:0.9.8j-0.68.10:1.0.1g-0.24.10:1.6.17-1.31.30:2.11.3-17.66.10:5.3.17-0.29.10:1.7.0_sr7.1-0.5.10:1.6.0_sr16.1-0.3.10:1.6.3-133.49.60.10:3.2-147.20.10:5.2-147.20.10:3.2-147.14.20.10:5.2-147.14.20.10:1.10.10-0.2.10:4.2.5_08_3.0.101_0.47.55-0.7.10:1.4_3.0.101_rt130_0.33.38-2.28.1.220:8.4.4_3.0.101_rt130_0.33.38-0.23.1.220:1.4.20_3.0.101_rt130_0.33.38-0.39.1.220:3.0.101.rt130-0.33.38.10:2.1.1_3.0.101_rt130_0.33.38-0.12.1.200:1.6_3.0.101_rt130_0.33.38-0.21.1.220:1.5.4.1_3.0.101_rt130_0.33.38-0.14.1.220:7.4-27.101.10:2.6.32.59-0.17.10:4.0.3_21548_18_2.6.32.59_0.17-0.9.20:3.0.101-0.7.27.10:4.1.6_08_3.0.101_0.7.27-0.5.50:6.00-11.9.10:5.3.17-0.33.10:1.0.1g-0.30.10:11.2.202.424-0.3.10:3.9.8-1.23.10:1.6.0_sr16.3-0.4.50:1.7.0_sr8.10-0.6.40:1.6.0_sr16.3-0.4.10:1.7.0_sr8.10-0.6.10:4.2.4p8-1.28.10:1.3.9-8.46.54.20:1.6.0_sr16.4-0.3.10:1.0.1g-0.26.10:2.11.3-17.74.130:2.11.1-0.60.10:2.11.3-17.45.55.50:1.34b-12.33.43.10:3.6.3-0.33.43.10:3.4.3-1.54.390:7.4-27.103.10:0.9.7g-146.22.29.10:11.2.202.429-0.4.10:11.2.202.438-0.3.10:11.2.202.440-0.3.10:11.2.202.442-0.3.10:11.2.202.451-0.3.10:11.2.202.457-0.3.10:1.7.0.75-0.9.10:1.10.12-0.2.10:31.5.0esr-0.7.10:31.5.0esr-0.4.2.10:9.9.6P1-0.7.10:1.4.2-0.22.25.10:4.2.4p8-1.29.36.10:11.2.202.460-0.3.10:11.2.202.466-0.6.10:11.2.202.468-0.7.10:1.4.2-0.22.31.10:4.1.6_08_3.0.101_0.7.29-0.11.10:5.3.17-0.43.10:1.4.2-0.22.27.10:0.15.1-0.29.10:1.10.14-0.3.10:5.5.43-0.9.10:5.0.96-0.8.8.10:4.4.0-6.27.10:9.9.6P1-0.27.10:1.9+git.1473844105.932298f-9.10:1.5.4-0.7.10:1.5.4-12.10:2.4.3-0.25.10:1.9+git.1443859419.95e948a-12.20:2014.2.4~a0~dev103-16.20:2014.2.4~a0~dev103-16.40:0.4-0.13.10:0.9.8j-0.91.10:2014.2.4.dev18-9.70:2014.2.4.dev18-9.110:2014.2.4.dev19-9.70:2014.2.4.dev19-9.120:2014.2.4.dev5-9.50:2014.2.4.dev5-9.70:2014.2.4.dev13-9.60:2014.2.4.dev13-9.80:2014.2.4.dev5-11.80:2014.2.4.dev5-11.120:2014.2.4.dev3-9.50:2014.2-9.20:1.3.1-9.60:1.4.0-14.20:1.2.0-2.50:1.9.0-9.20:1.9+git.1443622531.b2b2939-9.30:2014.2.4~a0~dev12-13.20:1.1.7-11.30:2014.2.4.juno-14.10:2014.2.4.juno-17.10:2014.2.4.juno-17.20:2014.2.4.juno-29.10:2.1.0-14.10:2014.2.4~a0~dev80-20.10:2.1.0-11.10:2014.2.4.juno-15.10:1.6.11-0.7.10:1.6.11-10.20:1.6.11-13.10:2.7.0-0.7.10:2.7.0-9.10:3.10-0.13.10:0.15.0-9.20:1.0.0-11.10:1.2.0-11.20:2.20.0-9.20:0.4.1-9.20:2.3.0-9.20:2.11.0-0.9.10:4.1.9-9.10:4.1.9-12.10:4.1.9-9.20:4.1.9-15.10:1.11.1-9.10:0.0.5-9.10:3.2.3-9.10:2.11.3-11.10:1.5.2-9.60:4.4.13-1.160:1.6.1-2.70:3.0+git.1456169766.1e60d19-1.10:1.9.1-58.10:1.5.14-1.40:1.4.15-1.20:2.4.14-1.280:7.0.2~a0~dev1-1.20:8.0.2~a0~dev7-2.10:11.0.2~a0~dev2-1.10:5.0.2~a0~dev9-1.40:0.0.0+git.1452795102.e53f5d3-1.10:4.2.3~a0~dev14-1.10:8.0.2~a0~dev8-1.20:7.0.4~a0~dev18-1.10:7.0.2~a0~dev63-1.10:12.0.2~a0~dev18-1.30:2.1.0-4.10:4.0.1~a0~dev2-2.10:1.6.4-0.7.30:1.8.9-1.10:2.7.3-15.10:2.7.0-1.40:1.7.2-3.10:2.3.1-1.10:2.6.1-2.20:3.0.3-1.10:3.4.4-2.200:4.2.2-2.20:4.2.2-5.10:4.2.2-2.40:1.11.1-2.20:10.32.2-3.20:10.32.2-1.340:10.32.2-1.10:10.32.2-4.20:10.32.2-1.20:0.9.16-1.10:0.5.5-1.10:1.6.4-2.30:1.0.2-7.10:2.11.3-1.20:1.0.3~a0~dev10-6.10:1.0.3~a0~dev10-6.20:4.2.5-6.10:4.2.5-6.20:7.0.5~a0~dev3-6.10:0.0.1~a0~dev238-4.10:3.0.3~a0~dev1-6.10:7.0.0-9.10:4.0.1~a0~dev19-8.10:5.0.4~a0~dev6-6.10:5.0.4~a0~dev6-6.20:7.0.3~a0~dev2-7.10:8.0.2~a0~dev34-8.10:11.0.2~a0~dev13-7.10:5.0.2~a0~dev93-9.10:5.0.2~a0~dev93-9.30:8.1.1~a0~dev13-3.10:8.1.1~a0~dev13-3.20:1.0.2~a0~dev11-9.10:1.0.2~a0~dev11-9.20:7.1.2~a0~dev29-10.10:7.1.2~a0~dev1-6.10:12.0.5~a0~dev2-7.10:1.0+git.1467079370.4f2c49d-7.10:2.1.1-6.10:1.7.2-4.10:1.2.1~a0~dev2-3.10:0.6-4.10:4.2.2-8.10:0.4.1-2.10:2.4.0-3.10:7.0.2~a0~dev30-1.30:8.0.2~a0~dev34-1.40:4.2.2-6.10:11.0.2~a0~dev7-1.10:1.0.9-2.33.113.10:48.0.1-122.30:3.24-88.10:2.4.33-8.6.10:4.4.15.8-63.10:48.0.2564.82-122.10:1.7.0.95-24.27.10:45.3.0-70.86.10:4.0.6-8.25.10:11.2.202.635-171.10:49.0.1-125.20:3.25-91.10:11.2.202.637-174.10:45.4.0-70.89.10:4.0.6-8.28.10:11.2.202.643-177.10:104-3.3.10:1.8.22-4.39.10:1.900.14-160.25.10:49.0.2-128.10:11.2.202.644-180.10:2.40-62.10:44.0-103.10:3.21-68.10:4.11-28.10:3.0.24-2.23.10:1.7.0.121-24.42.10:50.0.2-131.10:45.5.1-70.92.10:3.26.2-94.10:1.0.9-2.36.10:50.1.0-134.10:4.4.15.4-46.10:5.6.28-7.16.10:7.42.1-2.50.10:4.0.6-8.16.10:1.900.1-160.19.10:11.2.202.569-153.10:0.8.8f-17.10:0.8.8f-2.3.10:1.0.1k-11.78.10:2.7.1-2.3.10:1.7.3.1-2.6.10:3.11.0-3.11.10:38.6.0-70.74.10:2.11.3-69.20:2.11.3-69.10:2.18-4.41.20:2.18-4.41.10:2.18-4.41.40:48.0.2564.109-125.10:3.0.8-7.6.10:48.0.2564.116-129.10:44.0.2-106.10:1.0.1k-11.84.10:1.12.10-50.10:2.3-2.3.10:4.4.15.5-52.10:49.0.2623.75-135.10:4.0.0-5.7.10:3.2.1-5.3.10:45.0-109.10:3.21.1-74.10:4.12-34.10:11.2.202.577-156.10:49.0.2623.87-138.10:9.9.4P2-75.10:1.7.3.4-4.14.10:0.8.3.3-5.11.10:38.7.0-70.80.10:11.2.202.616-159.10:1.7.0.99-24.33.20:49.0.2623.110-141.20:210-46.10:4.0.6-8.22.10:6.2p2-3.7.10:4.2.4-3.54.20:1.34b-141.10:1.0.2-141.10:3.6.3-141.10:2.0.5-141.10:1.2.9-141.10:0.9.11-141.10:2.8.4-4.20.10:5.0.5-2.9.10:50.0.2661.75-144.10:1.7.0.101-24.36.20:1.0.1p-74.10:0.9.8zh-14.10:46.0-113.20:3.22.3-77.10:11.2.202.621-185.10:4.4.15.6-57.10:1.3.5b-10.10:47.0-116.10:3.23-80.10:9.9.4P2-2.23.10:11.2.202.626-165.10:51.0.2704.103-147.10:5.0.5-2.3.10:0.16.17-2.5.10:4.4.15.7-60.10:1.1.2-2.51.10:1.900.1-160.16.10:1.0.8-2.27.10:1.6-6.3.10:45.2-70.83.10:4.0.6-8.13.10:0.12-11.6.10:11.2.202.632-168.10:9.20.1-10.6.10:2016.74-2.10.10:52.0.2743.82-150.10:4.5.40-2.7.10:4.7.20-3.3.10:48.0-119.10:3.24-83.10:1.2.3-4.3.10:1.7.0.111-24.39.10:45.6.0-70.95.10:0.6.4-2.4.10:3.2.13-3.4.10:3.2.13-2.4.10:24.2.0-70.7.20:1.6.0+24.2.0-70.7.20:3.22.24.8-2.4.10:0.3.45.1-2.4.10:1.0.8-0.4.6.4.10:13.1-16.26.10:5.4.20-4.10:7.6_1.14.3.901-4.10:0-23.10:0-29.10:2013.60-2.4.10:1.5.4-4.10:1.5.5-2.4.10:3.2.4-2.5.10:3.0.3-4.5.10:6.2p2-3.4.10:3.15.3-4.20:4.10.2-4.10:11.2.202.327-14.10:4.1.0-3.8.10:1.4.4-3.5.10:1.5.0-3.6.10:1.9.3.p448-2.4.10:1.11.3-3.4.10:1.8.5-2.11.10:2.0.0.p247-3.7.10:31.0.1650.57-8.20:2.1.6-5.10:7.32.0-2.4.10:0.10.5-3.4.10:2.25b-199.4.10:3.15.3.1-8.10:4.3.1_02-4.40:4.3.1_02_k3.11.6_4-4.40:1.95-3.4.10:11.2.202.332-22.10:26.0-4.20:4.1.3-3.12.10:0.9.1-8.20:1.3.3-2.4.10:3.2.13-2.9.10:0.24.3-8.10:0.22.1-1.8.10:11.2.202.336-30.10:9.9.4P2-2.4.10:1.6.2-4.5.10:1.0.0-4.5.10:1.7.2.2-4.5.10:8-4.5.10:0.6c-4.5.10:0.13.3-2.4.10:3.11.10-7.10:3.11.10-7.30:27.0-8.10:24.3.0-70.11.10:1.6.0+24.3.0-70.11.10:3.15.4-12.10:2.24-8.10:3.5.1-3.5.10:13.1-3.4.20:1.3.0-6.4.10:2.10.9-4.12.10:0.6.0-2.5.20:0.6.0-2.5.10:13.1-2.12.10:1.69-12.4.10:0.1.28-11.4.10:0.3-6.4.10:2.7.0-6.4.10:1.17.0-4.10:0.0.1.rev624-6.4.10:1.2.1-7.4.10:1.7-7.4.10:1.2-4.4.10:2.16-6.4.10:4.0.0-4.4.10:0.8.0-5.10:32.0.1700.102-17.20:12.16-2.4.10:2.1.7-9.10:7.32.0-2.12.10:0.1.4-2.4.10:1.2.5-2.8.20:1.10.2-4.10.20:1.1.2-2.18.30:11.2.202.341-34.10:3.2.13-2.15.10:1.2-5.4.10:1.8.8-2.21.10:0.58.0-7.4.10:0.58.0-4.4.10:1.4.2-4.10:2.1.3-10.10:3.2.4-2.14.10:33.0.1750.117-21.20:2.2.7-2.10.10:2.1.7-13.20:3.2.13-2.10.10:3.2.13-2.13.10:3.2.12-1.10.10:3.2.13-3.10.10:2.2.0-7.4.10:9.2.7-4.4.10:4.1.8-4.10:0.8.12-2.5.10:2.23-4.30:1.6.6-12.10:3.2.15-31.5.10:3.2.9-31.5.10:6.8.6.9-2.12.10:6.7.8.8-4.13.10:2.1.8-21.10:0.5.5-2.8.10:5.15-4.16.10:5.11-12.12.10:0.1.1-5.10:0.9.5-2.10.10:11.2.202.346-38.10:2.7.6-8.6.10:1.10.6-8.10:0.1.4-2.8.10:1.0.4-13.4.10:2.1.1-2.4.10:2.3.1-7.4.10:5.7.2-9.4.10:4.1.6-3.18.10:1.10.2-4.14.10:1.5.21-41.4.10:1.19-2.4.10:5.15-4.20.10:5.11-12.16.10:28.0-17.10:3.15.5-16.10:4.10.4-8.10:1.4.35-2.9.10:1.4.7-3.9.10:1.0.1e-11.28.10:1.0.1e-11.9.10:4.3.2_01-12.10:4.3.2_01_k3.11.10_7-12.10:1.0.1e-11.32.10:3.3.5-5.4.10:4.13-1356.4.10:33.0.1750.152-25.20:0.1.4-2.12.10:3.5.1-3.9.10:2.3.15-2.8.10:1.1.1-117.121.10:1.3.0-2.4.10:11.2.202.350-42.10:3.3.8-2.4.20:0.10-3.4.10:1.0.1g-11.36.10:3.2.16-31.9.10:3.2.9-31.9.10:24.4.0-70.15.80:1.6.0+24.4.0-70.15.80:2.25-16.70:11.2.202.356-46.10:1.0.1g-11.40.10:1.1.7-18.4.10:0.6.2-13.4.10:1.1.2-2.26.10:7.32.0-2.23.10:34.0.1847.116-29.30:0.8.8b-4.10:0.8.8b-4.4.10:3.1.0-21.8.10:3.3.5-5.8.10:3.3.5-5.8.20:2.15-4.10:29.0-20.10:3.16-20.10:1.10.7-12.10:1.2.50-6.4.10:0.7.3-3.4.10:2.26-20.10:4.2.2_r1-2.4.10:1.0.1g-11.44.10:24.5.0-70.19.30:1.6.0+24.5.0-70.19.30:2.9.1-2.4.10:31.0.1650.63-13.70:34.0.1847.132-33.10:1.1.2-2.32.10:2.639-11.7.10:2.639_k3.11.10_11-11.7.10:7.0.2-2.7.10:7.0.2_k3.11.10_11-2.7.10:1.28-16.7.10:1.28_k3.11.10_11-16.7.10:6.19-2.7.10:6.19_k3.11.10_11-2.7.10:1.4.20.3-13.7.10:1.4.20.3_k3.11.10_11-13.7.10:3.11.10-11.10:3.11.10-11.30:1.58-7.10:1.58_k3.11.10_11-7.10:1.11.0-0.25.10:1.11.0_k3.11.10_11-0.25.10:0.44-258.7.10:0.44_k3.11.10_11-258.7.10:4.2.18-2.12.10:4.2.18_k3.11.10_11-2.12.10:4.3.2_01-15.10:4.3.2_01_k3.11.10_11-15.10:2.3-2.7.10:2.3_k3.11.10_11-2.7.10:11.2.202.359-50.10:5.1.1-4.10:1.2.6-2.12.20:6.04-2.8.10:1.4.6-2.8.10:2.3.7-5.4.10:2.9.1-2.8.10:3.2.13-2.24.10:0.2.4.22-5.8.10:1.0.1e-11.10.10:1.4.3-4.4.10:1.11.4-4.4.10:0.7.3-2.4.10:3.2.3-2.5.10:2.3.4-6.4.10:2.9.1-2.12.10:1.3.1-5.6.10:1.0.1h-11.48.10:3.2.4-2.24.10:5.4.20-8.20:1.10.2-4.6.10:35.0.1916.114-37.40:3.0+git.20130603.0f53fd3-2.6.30:3.4-2.8.10:11.2.202.378-54.10:8.14.7-92.5.20:1.07-92.5.20:4.5.34-2.4.10:1.4.32-2.5.10:9.15-6.9.10:1.9-2.4.10:30.0-29.10:3.16-23.10:4.10.6-12.10:1.7.4-4.12.20:1.6.8-2.18.10:1.7.4-4.12.10:0.9.5-320.4.10:0.9.5-317.4.10:1.10.8-16.10:2.639-11.10.10:2.639_k3.11.10_17-11.10.10:7.0.2-2.10.90:7.0.2_k3.11.10_17-2.10.90:1.28-16.10.10:1.28_k3.11.10_17-16.10.10:6.21.1-2.14.10:6.21.1_k3.11.10_17-2.14.10:1.4.20.3-13.10.10:1.4.20.3_k3.11.10_17-13.10.10:3.11.10-17.20:3.11.10-17.60:3.11.10-17.10:1.58-10.10:1.58_k3.11.10_17-10.10:0.44-258.10.10:0.44_k3.11.10_17-258.10.10:4.2.18-2.15.20:20130607-2.11.10:20130607_k3.11.10_17-2.11.10:4.2.18_k3.11.10_17-2.15.20:4.3.2_01-18.20:4.3.2_01_k3.11.10_17-18.20:2.3-2.10.10:2.3_k3.11.10_17-2.10.10:2.3-2.4.10:5.4.20-12.10:2.7.0-262.4.10:2.7.0-259.4.10:4.1.6.2-21.10:24.6.0-70.23.30:1.6.0+24.6.0-70.23.30:2.26.1-28.30:1.4.6-2.4.10:4.1.9-3.22.10:1.0.2-3.4.10:1.4.20-6.4.10:2.0.22-8.10:2.7.6-8.10.10:3.3.5-5.12.10:11.2.202.394-58.10:2.06-12.4.10:5.4.20-16.10:1.7.4-4.16.20:1.7.4-4.16.10:3.0.21-2.12.10:1.7.8-2.4.10:3.4-2.12.10:5.4.20-21.10:4.2.6p5-15.5.10:31.0-33.10:3.16.3-27.10:4.0.git.270.g9490a-12.10:4.83-6.4.10:36.0.1985.125-41.10:2.82-2.4.10:4.11.11-115.30:4.11.5-484.10:1.11.3-3.8.10:24.7.0-70.27.10:1.7-2.10:1.0.8-6.13.10:2.4.4-273.4.10:2.0-10.4.10:0.155-6.4.10:0.2.4.23-5.12.10:2.639-11.13.10:2.639_k3.11.10_21-11.13.10:7.0.2-2.13.10:7.0.2_k3.11.10_21-2.13.10:1.28-16.13.10:1.28_k3.11.10_21-16.13.10:6.21.1-2.17.10:6.21.1_k3.11.10_21-2.17.10:1.4.20.3-13.13.10:1.4.20.3_k3.11.10_21-13.13.10:3.11.10-21.10:3.11.10-21.30:1.58-13.10:1.58_k3.11.10_21-13.10:0.44-258.13.10:0.44_k3.11.10_21-258.13.10:4.2.18-2.18.10:20130607-2.14.10:20130607_k3.11.10_21-2.14.10:4.2.18_k3.11.10_21-2.18.10:4.3.2_01-21.10:4.3.2_01_k3.11.10_21-21.10:2.3-2.13.10:2.3_k3.11.10_21-2.13.10:11.2.202.400-62.10:1.10.9-20.10:1.4.4-2.4.10:2.8.0-4.4.10:2.4.6-6.27.10:2.7.6-8.14.10:3.3.5-5.16.10:1.1.17-3.4.10:4.1.11-3.26.10:2.1.1-7.4.10:1.3.0-4.4.10:0.9.21-4.4.10:1.11.3-3.12.10:1.0.1i-11.52.10:2013.2.4.dev86.gb4b09a6-4.10:0.14.0-2.4.10:0.4.2-3.4.10:0.1.10-6.4.10:2.3.4-6.10:1.4.22-2.4.10:2.6.0-2.4.10:1.3.7-16.10:1.1.1-2.4.10:1.8.10-2.29.10:1.0.0-2.4.30:13.0.0-4.4.10:0.13.1-4.4.10:4.1.14.3-8.10:1.7.2-6.10:31.1.0-42.10:3.16.4-35.10:31.1.0-70.31.10:5.7.2-9.8.10:11.2.202.406-66.10:2.18-4.21.10:2.18-4.21.20:3.22-264.6.10:4.1.6.2-25.10:4.1.6.2-25.20:1.5.10-0.2.8.10:2.4.5-20.4.10:5.4.20-30.10:7.32.0-2.27.10:3.3.13-2.10.10:5.2.2-2.4.10:37.0.2062.94-50.10:4.1.14.4-12.10:0.6.3-3.10.10:1.8.8-4.20.20:1.8.8-4.20.10:4.2-68.4.10:6.2-68.4.10:3.16.5-39.10:4.2-68.8.10:6.2-68.8.10:1.4.4-4.4.10:1.10.10-24.10:4.3.2_02-27.10:4.3.2_02_k3.11.10_21-27.10:4.1.14.5-16.10:1.1.2-2.36.10:3.10.1-3.4.10:2.7.6-8.18.10:1.6.6-8.10:7.4.7-2.20.10:4.2-68.12.10:6.2-68.12.10:4.46.0-2.4.10:2.0-3.8.10:1.0.1e-11.14.10:11.2.202.411-70.10:1.899-2.4.10:1.0.1j-11.56.10:2.9.1-2.16.10:33.0-46.20:3.17.1-43.10:4.10.7-16.10:2.30-36.20:31.2.0-70.35.20:3.10.3-24.10:4.1.14.6-20.10:38.0.2125.104-54.40:2.10.10-4.22.10:13.1-2.17.10:4.0.0-4.7.10:5.4.20-34.30:1.16-4.4.10:0.10.0-3.4.10:20130505-4.4.10:4.0.5-4.4.30:1.3.8-2.4.10:1.1.1-2.8.10:6.8.9.8-4.10:6.8.6.9-2.24.10:6.7.8.8-4.17.10:4.1.6.2-29.10:4.1.6.2-29.30:11.2.202.418-2.11.10:24.3-6.14.20:1.2.9-4.20:1.1.2-2.40.10:3.2.18-4.10:1.0.1j-2.10.10:0.30.2-2.5.10:0.9.2-12.10:6.8.9.8-8.10:6.8.6.9-2.28.10:6.7.8.8-4.21.10:2.2.2-8.4.10:2.1.3-8.4.10:1.12.2-4.10:2.10.0-2.4.10:5.19-3.4.10:5.11-12.27.10:3.2.17-3.4.10:1.5.4-12.4.10:4.2.12-4.10:0.98.5-2.5.20:11.2.202.424-78.10:34.0.5-5.40:3.17.2-4.20:4.10.7-3.10:3.4-2.28.10:2.3.3-2.12.10:1.9.3.p448-2.8.10:2.3.4-2.4.10:39.0.2171.65-4.40:0.1.6-2.4.10:11.2.202.425-2.17.10:2.11-29.5.10:1.7.0.55-24.17.10:1.3.1-30.5.10:62.1.0-30.5.10:8.0.2-30.5.10:1.0031-4.10:4.2.13.1-8.10:1.4.7-20.4.10:1.5.21-44.4.10:11.2.202.335-26.10:2.5.2.26539-14.4.10:1.900.1-163.5.10:2.31-40.20:31.3.0-4.40:4.8.5-5.9.20:4.8.5-5.9.50:4.2.6p5-25.5.10:2.639-11.16.10:2.639_k3.11.10_25-11.16.10:7.0.2-2.16.10:7.0.2_k3.11.10_25-2.16.10:1.28-16.16.10:1.28_k3.11.10_25-16.16.10:6.21.1-2.20.10:6.21.1_k3.11.10_25-2.20.10:1.4.20.3-13.16.10:1.4.20.3_k3.11.10_25-13.16.10:3.11.10-25.10:3.11.10-25.20:1.58-16.10:1.58_k3.11.10_25-16.10:0.44-258.16.10:0.44_k3.11.10_25-258.16.10:4.2.18-2.21.10:20130607-2.17.10:20130607_k3.11.10_25-2.17.10:4.2.18_k3.11.10_25-2.21.10:4.3.2_02-30.10:4.3.2_02_k3.11.10_25-30.10:2.3-2.16.10:2.3_k3.11.10_25-2.16.10:3.6.2-8.4.10:1.3.1-4.10:1.1.2-2.14.20:3.13.10-4.20:12.5-20.4.10:7.6_1.16.1-5.10:4.11.3-4.20:4.11.3-4.10:5.19-3.8.10:1.8.11-2.7.10:2.4.10-4.10:2.2.29-10.20.10:4.3.5.2-8.10:4.1.6.2-37.10:4.1.6.2-37.30:1.12.7-2.5.30:0.2.3.25-5.4.10:2.12-3.4.10:1.10.5-4.10:5.1.1-6.70:1.7.0.6-24.13.50:2.0.0.p247-3.19.10:1.900.1-160.9.10:1.2.9-12.10:1.1.2-2.48.10:4.3.3_04-34.10:4.3.3_04_k3.11.10_25-34.10:1.4.0-17.4.10:3.0.23-8.8.10:4.3.20-7.10:4.3.20_k3.16.7_7-7.10:11.2.202.442-2.33.10:6.00-26.4.10:3.3-6.7.10:3.1.1-2.4.10:7.40.0-4.10:0.4-4.4.10:2.2.1-13.4.20:4.6.2-4.10:0.98.6-2.13.10:1.0.5-8.10:1.8.16-16.10:0.59-2.4.10:5.6.1-8.10:7.6_1.16.1-9.10:2.19-16.9.10:2.19-16.9.20:4.1.17-5.10:1.0.25-19.4.10:1.5.4-21.6.10:2.2.10-212.4.10:36.0-14.20:3.17.4-9.10:0.9.4-8.4.10:3.0.2-14.9.10:1.1.2-2.44.10:5.6.1-12.10:40.0.2214.111-13.40:31.5.0-12.20:4.0.3-10.4.10:0.4-5.8.10:2.2.9-4.10:0.64-4.4.10:3.4.0~qa9-2.4.10:5.1.0-2.8.10:0.8.8c-4.4.10:11.2.202.451-2.45.10:1.12.4-12.10:41.0.2272.76-17.10:1.4.0-17.8.10:1.5.0-9.4.10:1.12.2-12.10:1.0.1k-2.20.10:3.1.2-7.5.10:2.33-12.10:4.11.5-482.60:4.11.5-488.20:4.11.5-488.30:1.5.1-3.4.30:4.8.5-5.17.10:4.8.5-5.17.20:458-6.4.10:0.2.4.26-9.10:36.0.4-18.10:0.11.2-3.4.10:1.5.0-2.4.10:4.6.2-8.10:3.1.2-4.10:3.2.18-8.10:2.5.3-2.4.10:1.8.4-2.4.10:2.33.1-17.10:2.1.0-7.5.10:2.0.36.RC1-78.4.10:5.6.1-15.10:0.21.5-2.3.10:0.19.0-2.3.10:1.8.13-2.14.10:37.0.1-23.10:31.6.0-15.30:4.10.8-6.10:0.10.0-3.7.10:5.6.1-18.10:1.11-4.4.10:41.0.2272.118-20.10:11.2.202.429-2.21.10:0.2.4.27-13.10:2.639-11.19.10:2.639_k3.11.10_29-11.19.10:7.0.2-2.19.10:7.0.2_k3.11.10_29-2.19.10:1.28-16.19.10:1.28_k3.11.10_29-16.19.10:6.21.1-2.23.10:6.21.1_k3.11.10_29-2.23.10:1.4.20.3-13.19.10:1.4.20.3_k3.11.10_29-13.19.10:3.11.10-29.10:3.11.10-29.20:1.58-19.10:1.58_k3.11.10_29-19.10:0.44-258.19.10:0.44_k3.11.10_29-258.19.10:4.2.28-2.28.10:20130607-2.20.10:20130607_k3.11.10_29-2.20.10:4.2.28_k3.11.10_29-2.28.10:4.3.3_04-37.10:4.3.3_04_k3.11.10_29-37.10:2.3-2.19.10:2.3_k3.11.10_29-2.19.10:11.2.202.457-2.48.10:1.6.7-7.3.10:5.0.2-2.3.10:2.4.0-2.11.10:4.3.4_02-41.10:4.3.4_02_k3.11.10_29-41.10:42.0.2311.90-23.30:1.7.2.4-2.3.10:37.0.2-71.10:4.2.6p5-25.12.10:7.42.0-7.10:2.25.1-9.10:2.25.1-9.20:1.7.5-3.3.10:1.6.3-4.3.10:2.2-5.4.10:5.6.1-21.10:8.37-3.5.10:42.0.2311.135-26.10:0.6.3-2.7.10:7.42.1-11.10:20150422-2.3.10:2.71-3.4.10:3.7-2.4.10:1.6.2-4.8.10:1.0.0-4.8.10:1.7.2.2-4.8.10:8-4.8.10:0.6c-4.8.10:0.98.7-2.16.10:11.2.202.460-2.51.10:31.7.0-18.10:38.0.1-30.10:3.18.1-12.10:0.10.0-3.10.10:0.16.0-2.3.10:0.15.4-2.3.10:3.0.2-14.5.10:1.10.14-39.10:2.19-16.15.10:2.19-16.15.20:20150522-2.6.10:5.1.35-3.3.10:2013.2.5.dev2.g9ee7273-4.10:1.1.3-4.10:43.0.2357.65-29.10:4.3.4_04-44.10:4.3.4_04_k3.11.10_29-44.10:3.3-4.3.10:5.6.1-24.20:35.0-9.10:1.42.8-2.8.10:2.9.4-2.3.10:4.0.5-3.9.10:1.3.5a-3.10:2.2-5.7.10:11.2.202.466-2.55.10:0.9.8-3.3.10:1.0.20100204cvs-19.3.10:1.5.4-21.9.10:5.6.1-27.10:1.16.16-8.3.10:5.1.3-4.11.10:1.22.1-3.10:4.3.4_05-47.10:4.3.4_05_k3.11.10_29-47.10:0.11.2-13.3.10:0.2.8.4-234.4.10:0.8.8d-4.7.10:7.42.1-16.10:1.0.1k-2.24.10:43.0.2357.130-34.10:11.2.202.468-2.58.10:9.20.1-12.3.10:4.2.9-7.3.10:4.2.13.3-11.10:5.6.1-30.60:11.2.202.481-2.61.10:5.6.25-2.3.10:4.0.4-10.10.10:0.2.8.4-239.7.10:10.0.20-2.9.10:3.0u-2.5.10:0.109-3.9.20:0.7.318.81ee561d-7.20:39.0-34.20:3.19.2-16.10:11.2.202.438-2.25.10:1.0.6-2.21.10:1.1-10.3.10:9.9.6P1-2.4.10:38.1.0-22.10:11.2.202.491-2.64.10:1.31-3.3.10:1.5.2-4.3.10:1.3.10-5.3.10:1.8.14-12.20:1.8.14-12.10:1.4.5-5.3.10:3.1.1-2.3.10:5.6.2-7.4.10:3.3.1-2.3.10:3.6.2-8.7.10:3.2.17-2.3.10:0.8.8e-4.10.10:1.7.0.85-10.20:1.7.0.85-10.10:44.0.2403.89-38.10:1.12.3-8.10:0.9.0-3.8.10:2.3.37-8.5.10:2.4.39-8.5.10:3.3.11-4.10:9.9.6P1-2.7.10:3.5-7.8.10:5.6.1-33.10:9.15-3.10:5.1.3-4.4.10:3.2.18-11.10:2.18-4.38.10:2.18-4.38.20:2.18-4.38.30:11.2.202.508-132.10:40.0-82.10:40-2.3.10:1.8.14-2.17.10:4.3.30-17.10:4.3.30_k3.16.7_21-17.10:3.2.1-2.3.10:38.2.0-70.60.20:40.0.3-41.20:1.6.1-8.6.10:1.5.4-2.8.10:3.2.18-14.10:5.7.3-3.10:0.2.4.27-16.10:2.0121-2.3.10:0.8-2.3.10:3.4.4-3.7.10:1.4.8-4.4.10:0.158-4.5.10:3.1.13-4.3.10:45.0.2454.85-43.10:1.6.1-8.10.10:1.5.4-2.12.10:1.5.12-0.2.11.10:9.9.6P1-2.10.10:1.6.1-6.10:1.6.1-6.20:11.2.202.521-2.70.10:2.3.19-34.3.10:5.6.26-2.9.10:5.6.1-36.10:41.0-44.10:4.4.15-14.10:38.3.0-28.10:2.38-20.20:1.12.2-3.7.10:1.4.0-17.11.10:1.12.2-3.11.10:2.8.22-2.6.10:2.4.10-28.10:0.9.34-3.3.10:1.4.2-4.4.10:2.2.0-2.5.10:2.2.0-2.4.10:2.5.0.1-2.10.10:2.5.0-2.10.10:1.0.6-9.10:45.0.2454.101-50.10:0.113-3.8.10:11.2.202.535-2.73.20:0.12.4-4.6.10:1.1.1-255.3.10:2.7.2-262.7.10:3.1.1-2.7.10:11.2.202.540-2.76.10:1.0.1k-2.16.20:1.5.12-0.2.14.10:41.0.2-47.10:46.0.2490.71-54.10:2.0.21-4.4.10:4.2.1-10.10:4.2.1-4.10:1.12.8-9.10:3.3.13-3.10:31.4.0-8.10:1.7.0.91-24.24.10:0.3.6-9.10:1.0.7-14.10:0.6.3-2.4.10:2.25-9.40:2.25.1-20.10:2.25-9.50:2.25-9.10:1.8.10p3-2.7.10:1.13-5.10:1.53-16.10:2.0-3.17.10:9.2.14-4.7.10:9.2.14-4.7.20:1.12.2-15.10:4.4.15.1-17.10:42.0-3.50:3.20.1-3.30:4.10.10-4.10:2.39-3.10:38.4.0-3.20:4.3.4_06-50.10:4.3.4_06_k3.11.10_29-50.10:2.1.4-16.20:1.8.4.5-3.11.20:11.2.202.548-2.79.10:3.1-2.3.10:1.0.25-19.7.10:0.66-6.10:11.2.202.440-2.29.10:5.33-4.10:1.12.2-18.10:1.3.1-7.10:46.0.2490.86-3.10:1.9-6.10:1.6.13-2.4.10:2.1.4-9.60:2.1.4-9.70:1.8.4.5-3.8.40:1.6.13-2.7.10:1.2.51-3.3.10:5.2.2-7.10:2.4.7-5.10:4.2.36-2.52.20:4.2.36_k3.11.10_29-2.52.20:2.0.26-2.3.10:2.3.19-34.6.10:1.5.12-0.2.17.10:0.4-5.4.10:11.2.202.554-2.82.10:38.4.0-31.10:5.6.27-8.10:1.3.10-2.4.10:5.5.46-13.10:0.16.0-2.6.10:0.15.4-2.6.10:1.2.51-3.6.10:1.6.13-2.10.10:1.0.1k-2.27.10:47.0.2526.80-7.10:1.5.1-7.10:2.32-8.20:0.12.2-7.10:47.0.2526.106-10.10:43.0-6.10:1.1.24-3.4.10:4.1.22-21.10:2.1.5-2.6.10:1.3.8-3.10:0.9.26-3.10:1.8.15-2.23.10:9.9.6P1-2.13.10:0.7.1-5.10:2.02~beta2-20.13.10:2.9.3-7.4.10:1.900.1-163.13.10:11.2.202.559-2.85.10:38.5.0-7.20:3.20.2-6.10:2.7.3-7.4.10:2.1.5-2.4.10:2014.09.22-4.4.10:3.12.0-4.10:2.639-11.32.20:2.639_k3.12.62_52-11.32.20:7.0.2-2.32.70:7.0.2_k3.12.62_52-2.32.70:1.28-16.32.20:1.28_k3.12.62_52-16.32.20:6.21.1-2.36.20:6.21.1_k3.12.62_52-2.36.20:1.4.20.3-13.32.20:1.4.20.3_k3.12.62_52-13.32.20:3.12.62-52.10:3.12.62-52.20:1.58-33.20:1.58_k3.12.62_52-33.20:1.11.0-0.39.30:1.11.0_k3.12.62_52-0.39.30:0.44-258.33.20:0.44_k3.12.62_52-258.33.20:4.2.36-2.64.40:20130607-2.32.20:20130607_k3.12.62_52-2.32.20:4.2.36_k3.12.62_52-2.64.40:4.3.4_10-65.30:4.3.4_10_k3.12.62_52-65.30:2.3-2.31.20:2.3_k3.12.62_52-2.31.20:1.12.9-14.10:2.639-11.34.10:2.639_k3.12.62_55-11.34.10:7.0.2-2.34.10:7.0.2_k3.12.62_55-2.34.10:1.28-16.34.10:1.28_k3.12.62_55-16.34.10:6.21.1-2.38.10:6.21.1_k3.12.62_55-2.38.10:1.4.20.3-13.34.10:1.4.20.3_k3.12.62_55-13.34.10:3.12.62-55.10:3.12.62-55.20:1.58-35.10:1.58_k3.12.62_55-35.10:1.11.0-0.41.10:1.11.0_k3.12.62_55-0.41.10:0.44-258.35.10:0.44_k3.12.62_55-258.35.10:4.2.36-2.66.10:20130607-2.34.10:20130607_k3.12.62_55-2.34.10:4.2.36_k3.12.62_55-2.66.10:4.3.4_10-67.10:4.3.4_10_k3.12.62_55-67.10:2.3-2.33.10:2.3_k3.12.62_55-2.33.10:2.639-11.23.20:2.639_k3.11.10_34-11.23.20:7.0.2-2.23.70:7.0.2_k3.11.10_34-2.23.70:1.28-16.23.20:1.28_k3.11.10_34-16.23.20:6.21.1-2.27.20:6.21.1_k3.11.10_34-2.27.20:1.4.20.3-13.23.20:1.4.20.3_k3.11.10_34-13.23.20:3.11.10-34.20:3.11.10-34.10:1.58-23.10:1.58_k3.11.10_34-23.10:0.44-258.23.10:0.44_k3.11.10_34-258.23.10:4.2.36-2.56.10:20130607-2.24.10:20130607_k3.11.10_34-2.24.10:4.2.36_k3.11.10_34-2.56.10:4.3.4_10-57.10:4.3.4_10_k3.11.10_34-57.10:2.3-2.23.10:2.3_k3.11.10_34-2.23.10:4.4.15.2-8.10:2.639-11.36.10:2.639_k3.12.67_58-11.36.10:7.0.2-2.36.10:7.0.2_k3.12.67_58-2.36.10:1.28-16.36.10:1.28_k3.12.67_58-16.36.10:6.21.1-2.40.10:6.21.1_k3.12.67_58-2.40.10:1.4.20.3-13.36.10:1.4.20.3_k3.12.67_58-13.36.10:3.12.67-58.10:3.12.67-58.20:1.58-37.10:1.58_k3.12.67_58-37.10:1.11.0-0.43.10:1.11.0_k3.12.67_58-0.43.10:0.44-258.37.10:0.44_k3.12.67_58-258.37.10:4.2.36-2.68.10:20130607-2.36.10:20130607_k3.12.67_58-2.36.10:4.2.36_k3.12.67_58-2.68.10:4.3.4_10-69.10:4.3.4_10_k3.12.67_58-69.10:2.3-2.35.10:2.3_k3.12.67_58-2.35.10:2.639-11.38.10:2.639_k3.12.67_61-11.38.10:7.0.2-2.38.10:7.0.2_k3.12.67_61-2.38.10:1.28-16.38.10:1.28_k3.12.67_61-16.38.10:6.21.1-2.42.10:6.21.1_k3.12.67_61-2.42.10:1.4.20.3-13.38.10:1.4.20.3_k3.12.67_61-13.38.10:3.12.67-61.10:3.12.67-61.20:1.58-39.10:1.58_k3.12.67_61-39.10:1.11.0-0.45.10:1.11.0_k3.12.67_61-0.45.10:0.44-258.39.10:0.44_k3.12.67_61-258.39.10:4.2.36-2.70.10:20130607-2.38.10:20130607_k3.12.67_61-2.38.10:4.2.36_k3.12.67_61-2.70.10:4.3.4_10-71.10:4.3.4_10_k3.12.67_61-71.10:2.3-2.37.10:2.3_k3.12.67_61-2.37.10:2.639-11.40.10:2.639_k3.12.67_64-11.40.10:7.0.2-2.40.10:7.0.2_k3.12.67_64-2.40.10:1.28-16.40.10:1.28_k3.12.67_64-16.40.10:6.21.1-2.44.10:6.21.1_k3.12.67_64-2.44.10:1.4.20.3-13.40.10:1.4.20.3_k3.12.67_64-13.40.10:3.12.67-64.10:3.12.67-64.20:1.58-41.10:1.58_k3.12.67_64-41.10:1.11.0-0.47.10:1.11.0_k3.12.67_64-0.47.10:0.44-258.41.10:0.44_k3.12.67_64-258.41.10:4.2.36-2.72.10:20130607-2.40.10:20130607_k3.12.67_64-2.40.10:4.2.36_k3.12.67_64-2.72.10:4.3.4_10-73.10:4.3.4_10_k3.12.67_64-73.10:2.3-2.39.10:2.3_k3.12.67_64-2.39.10:3.1.4-5.10:4.3.4_10-53.10:4.3.4_10_k3.11.10_29-53.10:1.3.3-7.10:1.4.4-5.10:2016.72-2.7.10:4.2.4-15.10:4.2.4-9.10:2.639-11.28.10:2.639_k3.12.57_44-11.28.10:7.0.2-2.28.40:7.0.2_k3.12.57_44-2.28.40:1.28-16.28.10:1.28_k3.12.57_44-16.28.10:6.21.1-2.32.10:6.21.1_k3.12.57_44-2.32.10:1.4.20.3-13.28.10:1.4.20.3_k3.12.57_44-13.28.10:3.12.57-44.20:3.12.57-44.10:1.58-29.10:1.58_k3.12.57_44-29.10:1.11.0-0.35.20:1.11.0_k3.12.57_44-0.35.20:0.44-258.29.10:0.44_k3.12.57_44-258.29.10:4.2.36-2.60.20:20130607-2.28.10:20130607_k3.12.57_44-2.28.10:4.2.36_k3.12.57_44-2.60.20:4.3.4_10-61.20:4.3.4_10_k3.12.57_44-61.20:2.3-2.27.10:2.3_k3.12.57_44-2.27.10:43.0.3-9.20:0.79-4.4.10:2.639-11.30.10:2.639_k3.12.59_47-11.30.10:7.0.2-2.30.10:7.0.2_k3.12.59_47-2.30.10:1.28-16.30.10:1.28_k3.12.59_47-16.30.10:6.21.1-2.34.10:6.21.1_k3.12.59_47-2.34.10:1.4.20.3-13.30.10:1.4.20.3_k3.12.59_47-13.30.10:3.12.59-47.10:3.12.59-47.20:1.58-31.10:1.58_k3.12.59_47-31.10:1.11.0-0.37.10:1.11.0_k3.12.59_47-0.37.10:0.44-258.31.10:0.44_k3.12.59_47-258.31.10:4.2.36-2.62.10:20130607-2.30.10:20130607_k3.12.59_47-2.30.10:4.2.36_k3.12.59_47-2.62.10:4.3.4_10-63.10:4.3.4_10_k3.12.59_47-63.10:2.3-2.29.10:2.3_k3.12.59_47-2.29.1