Marcus Updateinfo to OVAL Converter 5.5 2018-05-02T04:13:55 Security update for libqt5-qtbase (Moderate) openSUSE Leap 42.1 This update for libqt5-qtbase fixes the following issues: - boo#865241: disable RC4 based ciphers which are now considered insecure The following non-security bugs were fixed: - boo#957006: dolphin freeze when opening a folder containing symlinks to special files Moderate SUSE bug 865241 SUSE bug 957006 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 49.0.2623.75 to fix the following security issues: (boo#969333) - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free in Blink - CVE-2016-1635: Use-after-free in Blink - CVE-2016-1636: SRI Validation Bypass - CVE-2015-8126: Out-of-bounds access in libpng - CVE-2016-1637: Information Leak in Skia - CVE-2016-1638: WebAPI Bypass - CVE-2016-1639: Use-after-free in WebRTC - CVE-2016-1640: Origin confusion in Extensions UI - CVE-2016-1641: Use-after-free in Favicon - CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26) Important SUSE bug 969333 CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 Security update for shotwell (Moderate) openSUSE Leap 42.1 Shotwell was updated to fix the following issues: * boo#958382: Shotwell did not perform TLS certificate verification when publishing photos to external services Moderate SUSE bug 958382 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities: - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding - CVE-2016-1652: Universal XSS in extension bindings - CVE-2016-1653: Out-of-bounds write in V8 - CVE-2016-1654: Uninitialized memory read in media - CVE-2016-1655: Use-after-free related to extensions - CVE-2016-1656: Android downloaded file path restriction bypass - CVE-2016-1657: Address bar spoofing - CVE-2016-1658: Potential leak of sensitive information to malicious extensions - CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 975572 CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1656 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 51.0.2704.79 to fix a number of security issues. [boo#982719] - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 982719 CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 53.0.2785.89 to fix a number of security issues. The following vulnerabilities were fixed: (boo#996648) - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932) Important SUSE bug 995932 SUSE bug 996032 SUSE bug 99606 SUSE bug 996648 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 Security update for irssi (Moderate) openSUSE Leap 42.1 The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues. * CVE-2016-7044: The unformat_24bit_color function in the format parsing code in Irssi, when compiled with true-color enabled, allowed remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. * CVE-2016-7045: The format_send_to_gui function in the format parsing code in Irssi allowed remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. See https://irssi.org/security/irssi_sa_2016.txt for more details. * CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl See https://irssi.org/2016/09/22/buf.pl-update/ for more information. Moderate SUSE bug 1001215 SUSE bug 999199 CVE-2016-7044 CVE-2016-7045 CVE-2016-7553 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 54.0.2840.59 to fix security issues and bugs. The following security issues are fixed (bnc#1004465): - CVE-2016-5181: Universal XSS in Blink - CVE-2016-5182: Heap overflow in Blink - CVE-2016-5183: Use after free in PDFium - CVE-2016-5184: Use after free in PDFium - CVE-2016-5185: Use after free in Blink - CVE-2016-5187: URL spoofing - CVE-2016-5188: UI spoofing - CVE-2016-5192: Cross-origin bypass in Blink - CVE-2016-5189: URL spoofing - CVE-2016-5186: Out of bounds read in DevTools - CVE-2016-5191: Universal XSS in Bookmarks - CVE-2016-5190: Use after free in Internals - CVE-2016-5193: Scheme bypass The following bugs were fixed: - bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher The following packaging changes are included: - The desktop sub-packages are no obsolete - The package now uses the system variants of some bundled libraries - The hangouts extension is now built Important SUSE bug 1000019 SUSE bug 1004465 CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 Security update for Mozilla Firefox (Important) openSUSE Leap 42.1 Mozilla Firefox was updated to 49.0.2 to fix two security issues a some bugs. The following vulnerabilities were fixed: * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) * CVE-2016-5288: Web content can read cache entries (bsc#1006476) The following changes and fixes are included: * Asynchronous rendering of the Flash plugins is now enabled by default * Change D3D9 default fallback preference to prevent graphical artifacts * Network issue prevents some users from seeing the Firefox UI on startup * Web compatibility issue with file uploads * Web compatibility issue with Array.prototype.values * Diagnostic information on timing for tab switching * Fix a Canvas filters graphics issue affecting HTML5 apps Important SUSE bug 1006475 SUSE bug 1006476 SUSE bug 1304783 CVE-2016-5287 CVE-2016-5288 FastCGI on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the FastCGI Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2766 GraphicsMagick-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the GraphicsMagick-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1882 CVE-2009-3736 CVE-2012-3438 ImageMagick on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ImageMagick Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 MozillaFirefox on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the MozillaFirefox Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3079 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-2808 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1539 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1552 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 CVE-2015-0798 CVE-2015-0799 CVE-2015-0800 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0810 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 CVE-2015-2706 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4476 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4516 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7184 MozillaThunderbird on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the MozillaThunderbird Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1571 CVE-2009-3555 CVE-2010-0159 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0182 CVE-2010-0654 CVE-2010-1121 CVE-2010-1196 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1585 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3768 CVE-2010-3769 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1187 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2987 CVE-2011-2988 CVE-2011-2989 CVE-2011-2991 CVE-2011-2992 CVE-2011-3000 CVE-2011-3001 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3079 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0833 CVE-2015-0836 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4500 CVE-2015-4505 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 NetworkManager on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the NetworkManager Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-2924 a2ps on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the a2ps Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2004-1377 CVE-2014-0466 aaa_base on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the aaa_base Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0461 accountsservice on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the accountsservice Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2737 alsa on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the alsa Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0035 android-tools on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the android-tools Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-1909 ant on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ant Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1571 apache-commons-beanutils on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the apache-commons-beanutils Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3540 apache-commons-daemon on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the apache-commons-daemon Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2729 apache-commons-httpclient on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the apache-commons-httpclient Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-5783 apache2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the apache2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 apache2-mod_perl on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the apache2-mod_perl Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1667 apache2-mod_php5 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the apache2-mod_php5 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-7243 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4566 CVE-2011-4718 CVE-2011-4885 CVE-2012-0830 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-5459 CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 argyllcms on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the argyllcms Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-1616 aria2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the aria2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3617 augeas-lenses on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the augeas-lenses Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-0786 CVE-2014-8119 autofs on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the autofs Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8169 automake on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the automake Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-4029 avahi on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the avahi Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 bash on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the bash Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 bind on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the bind Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 binutils on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the binutils Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 bogofilter-common on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the bogofilter-common Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2494 CVE-2012-5468 bsdtar on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the bsdtar Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-0211 CVE-2015-2304 busybox on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the busybox Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-9645 bzip2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the bzip2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0405 cifs-utils on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cifs-utils Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 clamav on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the clamav Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 claws-mail on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the claws-mail Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4507 CVE-2014-3566 colord on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the colord Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-4349 coreutils on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the coreutils Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2015-4041 CVE-2015-4042 cpio on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cpio Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0624 CVE-2014-9112 cpp48 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cpp48 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-5044 crash-kmp-default on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the crash-kmp-default Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-2524 cron on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cron Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-2607 CVE-2010-0424 ctags on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ctags Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-7204 cups on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cups Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 cups-filters on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cups-filters Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 cups-pk-helper on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cups-pk-helper Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4510 curl on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the curl Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 cvs on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cvs Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-0804 cyradm on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cyradm Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3235 CVE-2011-3372 cyrus-sasl on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the cyrus-sasl Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0688 dbus-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the dbus-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 dbus-1-glib on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the dbus-1-glib Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1172 CVE-2013-0292 dhcp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the dhcp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 dia on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the dia Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-5984 dnsmasq on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the dnsmasq Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-3294 dracut on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the dracut Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4453 e2fsprogs on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the e2fsprogs Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-0247 CVE-2015-1572 elfutils on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the elfutils Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0172 CVE-2014-9447 emacs on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the emacs Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 empathy on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the empathy Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3635 evince on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the evince Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 exif on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the exif Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2845 expat on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the expat Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 fetchmail on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the fetchmail Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 file on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the file Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 flac on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the flac Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8962 CVE-2014-9028 freerdp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the freerdp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0250 CVE-2014-0791 freetype2-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the freetype2-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 ft2demos on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ft2demos Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 fuse on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the fuse Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 gcab on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gcab Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-0552 gd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-2497 CVE-2014-9709 gdk-pixbuf-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gdk-pixbuf-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2485 CVE-2015-4491 gdk-pixbuf-loader-rsvg on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gdk-pixbuf-loader-rsvg Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3146 CVE-2013-1881 gdm on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gdm Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1709 gimp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gimp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 git on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the git Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2186 CVE-2014-9390 glib2-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the glib2-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-4316 CVE-2012-3524 glibc on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the glibc Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-5029 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2015-1472 CVE-2015-1781 gnome-games on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gnome-games Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4003 gnome-keyring on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gnome-keyring Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-3466 gnome-online-accounts on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gnome-online-accounts Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-0240 CVE-2013-1799 gnome-shell on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gnome-shell Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4000 gnutls on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gnutls Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 gpg2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gpg2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 gpgme on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gpgme Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3564 groff on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the groff Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 gstreamer-0_10-plugins-bad on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gstreamer-0_10-plugins-bad Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-0797 gv on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gv Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-3386 gvim on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gvim Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0316 gzip on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the gzip Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2624 CVE-2010-0001 hardlink on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the hardlink Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 hplip on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the hplip Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 htmldoc on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the htmldoc Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3050 hyper-v on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the hyper-v Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2669 CVE-2012-5532 ibus-chewing on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ibus-chewing Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4509 icedtea-web-javadoc on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the icedtea-web-javadoc Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2013-1926 CVE-2013-1927 CVE-2013-4349 CVE-2015-5234 CVE-2015-5235 id3lib on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the id3lib Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2007-4460 ipsec-tools on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ipsec-tools Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-4047 iputils on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the iputils Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2529 irssi on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the irssi Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1959 CVE-2010-1154 CVE-2010-1155 jakarta-commons-fileupload on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the jakarta-commons-fileupload Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2186 CVE-2014-0050 java-1_8_0-openjdk on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the java-1_8_0-openjdk Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 jhead on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the jhead Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-4575 CVE-2008-4641 kbd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the kbd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0460 kdebase4-workspace-libs on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the kdebase4-workspace-libs Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0436 kdelibs4 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the kdelibs4 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3494 kdenetwork4-filesharing on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the kdenetwork4-filesharing Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1000 kernel-default on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the kernel-default Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0711 CVE-2011-0712 CVE-2011-1020 CVE-2011-1180 CVE-2011-1577 CVE-2011-1581 CVE-2011-2203 CVE-2011-4604 CVE-2012-0056 CVE-2012-3412 CVE-2012-3520 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2014-0038 CVE-2014-00691 CVE-2014-0196 CVE-2014-8133 CVE-2015-1333 CVE-2015-7872 CVE-2015-7884 CVE-2015-7885 kio-extras5 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the kio-extras5 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8600 klogd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the klogd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3634 konversation on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the konversation Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8483 krb5 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the krb5 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 lftp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the lftp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0139 libFS6 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libFS6 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1996 libHX28 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libHX28 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2947 libIlmImf-Imf_2_1-21 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libIlmImf-Imf_2_1-21 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1720 CVE-2009-1721 libImlib2-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libImlib2-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0991 libQt5Concurrent-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libQt5Concurrent-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-0295 libX11-6 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libX11-6 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 libXRes1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXRes1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1988 libXcursor-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXcursor-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2003 libXext-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXext-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1982 libXfixes-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXfixes-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1983 libXfont-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXfont-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 libXi-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXi-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 libXinerama-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXinerama-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1985 libXp-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXp-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2062 libXrandr-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXrandr-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1986 libXrender-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXrender-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1987 libXt-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXt-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2002 CVE-2013-2005 libXtst-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXtst-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2063 libXv-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXv-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1989 CVE-2013-2066 libXvMC-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXvMC-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1990 CVE-2013-1999 libXxf86dga-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXxf86dga-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1991 CVE-2013-2000 libXxf86vm-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libXxf86vm-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2001 libapr-util1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libapr-util1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 libapr1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libapr1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 libblkid-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libblkid-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 libbotan-1_10-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libbotan-1_10-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-5726 CVE-2015-5727 libdcerpc-binding0-32bit on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libdcerpc-binding0-32bit Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 libdirectfb-1_7-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libdirectfb-1_7-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-2977 CVE-2014-2978 libdmx-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libdmx-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-1992 libecpg6 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libecpg6 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 libevent-2_0-5 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libevent-2_0-5 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-6272 libexif-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libexif-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 libexiv2-14 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libexiv2-14 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-9449 libfbembed2_5 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libfbembed2_5 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2492 libfreebl3 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libfreebl3 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-2721 CVE-2015-4000 libgadu-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgadu-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-6487 CVE-2014-3775 libgc1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgc1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2673 libgcrypt-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgcrypt-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 libgnomesu on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgnomesu Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1946 libgssglue-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgssglue-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2709 libgudev-1_0-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgudev-1_0-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-1174 CVE-2013-4288 libgypsy0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libgypsy0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0523 CVE-2011-0524 libicu-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libicu-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-9654 libid3tag0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libid3tag0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-2109 libimobiledevice-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libimobiledevice-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2142 libjasper-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libjasper-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 libjavascriptcoregtk-1_0-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libjavascriptcoregtk-1_0-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 libjbig2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libjbig2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-6369 libjpeg-turbo on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libjpeg-turbo Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-9092 libjson-c2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libjson-c2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-6370 CVE-2013-6371 libksba8 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libksba8 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-9087 liblcms-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the liblcms-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0793 CVE-2013-4276 liblightdm-gobject-1-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the liblightdm-gobject-1-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3153 CVE-2011-3349 CVE-2011-4105 CVE-2012-1111 libltdl7 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libltdl7 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3736 liblua5_2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the liblua5_2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-5461 liblzo2-2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the liblzo2-2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-4607 libmikmod3 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmikmod3 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 libminiupnpc10 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libminiupnpc10 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3985 libmms-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmms-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-2892 libmodplug1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmodplug1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 libmono-2_0-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmono-2_0-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4225 CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 libmpfr4 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmpfr4 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-9474 libmspack0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmspack0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 libmusicbrainz-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmusicbrainz-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-4197 libmysqlclient-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libmysqlclient-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 libneon27 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libneon27 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2473 CVE-2009-2474 libnewt0_52 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libnewt0_52 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2905 libopenjpeg1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libopenjpeg1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-5030 CVE-2012-3358 CVE-2012-3535 CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 libopenssl-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libopenssl-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 libpango-1_0-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpango-1_0-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0020 CVE-2011-0064 libpcsclite1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpcsclite1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0407 CVE-2010-4531 libpgf6 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpgf6 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-6673 libpng12-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpng12-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 libpng16-16 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpng16-16 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 libpolkit0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpolkit0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 libpoppler-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpoppler-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 libproxy-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libproxy-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4504 libpulse-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpulse-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3970 libpurple on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpurple Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 libpython2_7-1_0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpython2_7-1_0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 libpython3_4m1_0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libpython3_4m1_0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 libqt4-32bit on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libqt4-32bit Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 libraptor2-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libraptor2-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-0037 libraw-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libraw-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2126 CVE-2013-2127 libreoffice on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libreoffice Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-9093 librsync2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the librsync2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8242 libruby2_1-2_1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libruby2_1-2_1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8080 CVE-2014-8090 libserf-1-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libserf-1-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3504 libsmi on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libsmi Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2891 libsndfile-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libsndfile-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 libsnmp30-32bit on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libsnmp30-32bit Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 libsoup-2_4-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libsoup-2_4-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2054 libspice-client-glib-2_0-8 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libspice-client-glib-2_0-8 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4425 libspice-server1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libspice-server1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 libssh-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libssh-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 CVE-2014-8132 CVE-2015-3146 libssh2-1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libssh2-1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-1782 libsss_idmap0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libsss_idmap0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 libtag-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libtag-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2396 libtasn1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libtasn1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 libthunarx-2-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libthunarx-2-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1588 libtidy-0_99-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libtidy-0_99-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-5522 CVE-2015-5523 libtiff-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libtiff-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 libudisks2-0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libudisks2-0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0004 libupsclient1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libupsclient1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2944 libvdpau1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libvdpau1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 libvirt on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libvirt Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 libvorbis-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libvorbis-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 libvte9 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libvte9 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2738 libwmf-0_2-7 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libwmf-0_2-7 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 libxcb-composite0 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libxcb-composite0 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-2064 libxerces-c-3_1 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libxerces-c-3_1 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1885 CVE-2015-0252 libxml2-2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libxml2-2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 libyaml-0-2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libyaml-0-2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 libzip-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the libzip-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 links on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the links Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4929 log4net on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the log4net Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-0743 logrotate on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the logrotate Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 lynx on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the lynx Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-7234 CVE-2008-4690 CVE-2012-4929 mailman on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the mailman Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0707 CVE-2015-2775 mailx on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the mailx Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2004-2771 CVE-2014-7844 monitoring-tools on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the monitoring-tools Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-6096 CVE-2013-7107 CVE-2013-7108 CVE-2014-2386 mosh on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the mosh Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2385 mozilla-nspr on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the mozilla-nspr Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-1545 mutt on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the mutt Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0467 CVE-2014-9116 nagios on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the nagios Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1523 CVE-2013-2214 nano on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the nano Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1160 CVE-2010-1161 nbd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the nbd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-0847 nspluginwrapper on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the nspluginwrapper Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2486 ntp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ntp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 obs-service-set_version on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the obs-service-set_version Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0593 openconnect on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the openconnect Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-3291 CVE-2012-6128 CVE-2013-7098 openldap2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the openldap2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-1545 CVE-2015-1546 openslp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the openslp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-3609 openssh on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the openssh Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 openvpn on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the openvpn Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8104 opie on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the opie Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2489 CVE-2011-2490 osc on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the osc Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-1095 CVE-2015-0778 p7zip on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the p7zip Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-1038 pam on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the pam Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 pam-modules on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the pam-modules Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3172 pam_krb5 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the pam_krb5 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-3825 CVE-2009-1384 pam_ssh on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the pam_ssh Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1273 patch on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the patch Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-4651 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 perl-32bit on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-32bit Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 perl-Capture-Tiny on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-Capture-Tiny Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-1875 perl-Config-IniFiles on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-Config-IniFiles Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2451 perl-HTML-Parser on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-HTML-Parser Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-3627 perl-LWP-Protocol-https on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-LWP-Protocol-https Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3230 perl-XML-LibXML on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-XML-LibXML Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-3451 perl-YAML-LibYAML on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the perl-YAML-LibYAML Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 pigz on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the pigz Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-1191 plasma5-desktop on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the plasma5-desktop Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8651 ppp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ppp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3158 privoxy on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the privoxy Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-1030 CVE-2015-1031 CVE-2015-1201 CVE-2015-1380 CVE-2015-1381 CVE-2015-1382 procmail on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the procmail Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3618 pwgen on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the pwgen Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4440 CVE-2013-4442 python on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4238 python-Pillow on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python-Pillow Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3589 CVE-2014-3598 python-cupshelpers on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python-cupshelpers Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-4405 python-libxml2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python-libxml2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 python-pyOpenSSL on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python-pyOpenSSL Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4314 python-pycrypto on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python-pycrypto Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-2417 CVE-2013-1445 python3-pip on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python3-pip Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-5123 CVE-2014-8991 CVE-2015-2296 python3-requests on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the python3-requests Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-1829 CVE-2014-1830 qemu on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the qemu Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 qemu-linux-user on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the qemu-linux-user Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2015-1779 CVE-2015-4037 CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 quagga on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the quagga Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1674 CVE-2010-1675 CVE-2013-2236 radvd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the radvd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3602 rpcbind on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the rpcbind Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-7236 rpm-32bit on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the rpm-32bit Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-6435 CVE-2014-8118 rsync on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the rsync Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1097 CVE-2014-2855 CVE-2014-8242 rsyslog on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the rsyslog Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3200 CVE-2013-4758 CVE-2013-6370 CVE-2013-6371 CVE-2014-3634 CVE-2014-3683 rtkit on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the rtkit Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4326 ruby on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the ruby Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 rxvt-unicode on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the rxvt-unicode Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-1142 CVE-2014-3121 sblim-sfcb on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the sblim-sfcb Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-5185 sddm on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the sddm Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-7271 CVE-2014-7272 CVE-2015-0856 shim on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the shim Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 squashfs on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the squashfs Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-4024 CVE-2012-4025 subversion on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the subversion Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 CVE-2013-4131 CVE-2013-4246 CVE-2013-4262 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 sudo on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the sudo Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 sysconfig on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the sysconfig Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-4182 sysvinit-tools on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the sysvinit-tools Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2483 tar on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the tar Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-0624 tcpdump on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the tcpdump Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 telepathy-gabble on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the telepathy-gabble Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1000 CVE-2013-1431 telepathy-idle on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the telepathy-idle Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2007-6746 tftp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the tftp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2199 tigervnc on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the tigervnc Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0011 CVE-2014-8240 CVE-2015-0255 tnftp on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the tnftp Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8517 transmission-common on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the transmission-common Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-4909 unixODBC on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the unixODBC Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1145 unzip on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the unzip Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 viewvc on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the viewvc Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-3356 CVE-2012-3357 vino on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the vino Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 virtualbox on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the virtualbox Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0224 CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0377 CVE-2015-0418 CVE-2015-0427 CVE-2015-3456 vorbis-tools on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the vorbis-tools Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2008-1686 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 vsftpd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the vsftpd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2015-1419 w3m on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the w3m Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2074 CVE-2012-4929 wget on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the wget Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2252 CVE-2012-4929 CVE-2014-4877 wireshark on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the wireshark Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 CVE-2015-3808 CVE-2015-3809 CVE-2015-3810 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-3815 CVE-2015-4651 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 wpa_supplicant on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the wpa_supplicant Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-3686 CVE-2015-0210 CVE-2015-1863 xalan-j2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xalan-j2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-0107 xen on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xen Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-3124 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 xf86-video-intel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xf86-video-intel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2014-4910 xinetd on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xinetd Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2012-0862 CVE-2013-4342 xlockmore on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xlockmore Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2013-4143 xorg-x11 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xorg-x11 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-0465 xorg-x11-devel on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xorg-x11-devel Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2895 xorg-x11-server on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the xorg-x11-server Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2015-3164 yast2 on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the yast2 Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-3177 yast2-core on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the yast2-core Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2011-2483 CVE-2011-3177 zoo on GA media (Moderate) openSUSE Leap 42.1 These are all security issues found in the zoo Package on the GA media of openSUSE Leap 42.1. Moderate CVE-2006-0855 CVE-2007-1669 Security update for nodejs (Important) openSUSE Leap 42.1 nodejs was updated to version 4.2.1 to fix one security issue. This security issue was fixed: - CVE-2015-7384: HTTP Denial of Service Vulnerability (bsc#948602). Various other issues were fixed, please see the changelog. Important SUSE bug 948045 SUSE bug 948602 CVE-2015-7384 Security update for libressl (Moderate) openSUSE Leap 42.1 libressl was updated to fix two security issues. These security issues were fixed: - CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707) - CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708) Moderate SUSE bug 950707 SUSE bug 950708 CVE-2015-5333 CVE-2015-5334 Security update for wireshark (Moderate) openSUSE Leap 42.1 wireshark was updated to version 1.12.8 to fix ten security issues. These security issues were fixed: - CVE-2015-6247: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 did not validate a certain offset value, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6246: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 used incorrect integer data types, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6244: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6243: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions (bsc#941500). - CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 did not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allowed remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet (bsc#941500). - CVE-2015-6241: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 did not properly terminate a data structure after a failure to locate a number within a string, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437). - CVE-2015-6249: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 did not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 did not check whether the expected amount of data is available, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). Moderate SUSE bug 941500 SUSE bug 950437 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-7830 Security update for squid (Moderate) openSUSE Leap 42.1 squid was updated to fix one security issue. This security issue was fixed: - CVE-2014-9749: Nonce replay vulnerability in Digest authentication (bsc#949942). Moderate SUSE bug 949942 CVE-2014-9749 Security update for sudo (Moderate) openSUSE Leap 42.1 sudo was updated to fix one security issue. This security issue was fixed: - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806). Moderate SUSE bug 917806 CVE-2014-9680 Security update for audiofile (Low) openSUSE Leap 42.1 audiofile was updated to fix one security issue. This security issue was fixed: - CVE-2015-7747: Overflow when changing both number of channels and sample format (bsc#949399). Low SUSE bug 949399 CVE-2015-7747 Security update for util-linux (Moderate) openSUSE Leap 42.1 util-linux was updated to fix one security issue. This security issue was fixed: - CVE-2015-5218: Prevent colcrt buffer overflow (bsc#949754). This non-security issue was fixed: - bsc#903440: Calendar "cal" crash with segmentation fault when execute in background. Moderate SUSE bug 903440 SUSE bug 949754 CVE-2015-5218 Security update for potrace (Moderate) openSUSE Leap 42.1 potrace was updated to fix one security issue. This security issue was fixed: - CVE-2013-7437: Multiple integer overflows in potrace 1.11 allowed remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow (bsc#924904). Moderate SUSE bug 924904 CVE-2013-7437 Security update for bouncycastle (Important) openSUSE Leap 42.1 bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed: - CVE-2015-7940: Invalid curve attack (bsc#951727). Important SUSE bug 951727 CVE-2015-7940 Security update for polkit (Moderate) openSUSE Leap 42.1 polkit was updated to the 0.113 release, fixing security issues and bugs. Security issues fixed: * Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future, authentication agents are encouraged to use PolkitAgentSession instead of using the D-Bus agent response API directly. (bsc#935119) * Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (bsc#943816) * Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. Thanks to Laurent Bigonville for reporting this issue. (bsc#939246) * Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922) Other issues fixed: * On systemd-213 and later, the "active" state is shared across all sessions of an user, instead of being tracked separately. * pkexec, when not given a program to execute, runs the users shell by default. * Fixed shutdown problems on powerpc64le (bsc#950114) * polkit had a memory leak (bsc#912889) Moderate SUSE bug 912889 SUSE bug 933922 SUSE bug 935119 SUSE bug 939246 SUSE bug 943816 SUSE bug 950114 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 Security update for phpMyAdmin (Low) openSUSE Leap 42.1 phpMyAdmin was updated to fix one security issue. This security issue was fixed: - CVE-2015-7873: The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allowed remote attackers to spoof content via the url parameter (bsc#951960). Low SUSE bug 951960 CVE-2015-7873 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey (Important) openSUSE Leap 42.1 Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. Seamonkey was updated to 2.39. New features in Mozilla Firefox: * Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites * Control Center that contains site security and privacy controls * Login Manager improvements * WebRTC improvements * Indicator added to tabs that play audio with one-click muting * Media Source Extension for HTML5 video available for all sites Security fixes: * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) mozilla-nspr was updated to 4.10.10: * MFSA 2015-133/CVE-2015-7183 (bmo#1205157) memory corruption issues This update includes the update to version 4.10.9 * bmo#1021167: Leak of |poll_list| on failure in _MW_PollInternal * bmo#1030692: Make compiling nspr on windows possible again. * bmo#1088790: dosprint() doesn't support %zu and other size formats * bmo#1130787: prtime.h does not compile with MSVC's /Za (ISO C/C++ conformance) option * bmo#1153610: MIPS64: Add support for n64 ABI * bmo#1156029: Teach clang-analyzer about PR_ASSERT * bmo#1160125: MSVC version detection is broken CC is set to a wrapper (like sccache) * bmo#1163346: Add NSPR support for FreeBSD mips/mips64 * bmo#1169185: Add support for OpenRISC (or1k) * bmo:1174749: Remove configure block for iOS that uses MACOS_SDK_DIR * bmo#1174781: PR_GetInheritedFD can use uninitialized variables mozilla-nss was updated to 3.20.1: * requires NSPR 4.10.10 * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) memory corruption issues - Install the static libfreebl.a that is needed in order to link Sun elliptical curves provider in Java 7. This includes the update of Mozilla NSS to NSS 3.20 New functionality: * The TLS library has been extended to support DHE ciphersuites in server applications. New Functions: * SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group parameters that can be used by NSS for a server socket. * SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group parameters that are smaller than the library default's minimum size. New Types: * SSLDHEGroupType - Enumerates the set of DHE parameters embedded in NSS that can be used with function SSL_DHEGroupPrefSet. New Macros: * SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable DHE ciphersuites for a server socket. Notable Changes: * For backwards compatibility reasons, the server side implementation of the TLS library keeps all DHE ciphersuites disabled by default. They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE and the SSL_OptionSet or the SSL_OptionSetDefault API. * The server side implementation of the TLS implementation does not support session tickets when using a DHE ciphersuite (see bmo#1174677). * Support for the following ciphersuites has been added: - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 * By default, the server side TLS implementation will use DHE parameters with a size of 2048 bits when using DHE ciphersuites. * NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and 8192 bits, which were copied from version 08 of the Internet-Draft "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS", Appendix A. * A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a server application to select one or multiple of the embedded DHE parameters as the preferred parameters. The current implementation of NSS will always use the first entry in the array that is passed as a parameter to the SSL_DHEGroupPrefSet API. In future versions of the TLS implementation, a TLS client might signal a preference for certain DHE parameters, and the NSS TLS server side implementation might select a matching entry from the set of parameters that have been configured as preferred on the server side. * NSS optionally supports the use of weak DHE parameters with DHE ciphersuites to support legacy clients. In order to enable this support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each time this API is called for the first time in a process, a fresh set of weak DHE parameters will be randomly created, which may take a long amount of time. Please refer to the comments in the header file that declares the SSL_EnableWeakDHEPrimeGroup API for additional details. * The size of the default PQG parameters used by certutil when creating DSA keys has been increased to use 2048 bit parameters. * The selfserv utility has been enhanced to support the new DHE features. * NSS no longer supports C compilers that predate the ANSI C standard (C89). It also includes the update to NSS 3.19.3; certstore updates only * The following CA certificates were removed - Buypass Class 3 CA 1 - T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı - SG TRUST SERVICES RACINE - TC TrustCenter Universal CA I - TC TrustCenter Class 2 CA II * The following CA certificate had the Websites trust bit turned off - ComSign Secured CA * The following CA certificates were added - T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 - T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 - Certinomis - Root CA * The version number of the updated root CA list has been set to 2.5 - Install blapi.h and algmac.h that are needed in order to build Sun elliptical curves provider in Java 7 Important SUSE bug 952810 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Security update for roundcubemail (Moderate) openSUSE Leap 42.1 This update of roundcubemail fixes one security issue and one bug. - roundcubemail was updated to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail previously allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). This update comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. - This update also fixes an issue that causes apache2 not to start because "mod_version.c" is not loaded. Moderate SUSE bug 938840 SUSE bug 952006 Security update for gcc48 (Moderate) openSUSE Leap 42.1 This update for GCC 4.8 provides the following fixes: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) - Fix linker segmentation fault when building SLOF on ppc64le. (bsc#949000) - Fix no_instrument_function attribute handling on PPC64 with -mprofile-kernel. (bsc#947791) - Fix internal compiler error with aarch64 target using PCH and builtin functions. (bsc#947772) - Fix libffi issues on aarch64. (bsc#948168) Moderate SUSE bug 945842 SUSE bug 947772 SUSE bug 947791 SUSE bug 948168 SUSE bug 949000 CVE-2015-5276 Security update for xen (Moderate) openSUSE Leap 42.1 Xen was updated to fix 6 security issues. These security issues were fixed: - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705 bsc#950703). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). Moderate SUSE bug 877642 SUSE bug 932267 SUSE bug 950367 SUSE bug 950703 SUSE bug 950705 SUSE bug 950706 SUSE bug 951845 CVE-2014-0222 CVE-2015-4037 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 CVE-2015-7972 Security update for java-1_7_0-openjdk (Important) openSUSE Leap 42.1 java-1_7_0-openjdk was updated to version 7u91 to fix 17 security issues. These security issues were fixed: - CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JAXP (bsc#951376). - CVE-2015-4840: Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bsc#951376). - CVE-2015-4872: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect integrity via unknown vectors related to Security (bsc#951376). - CVE-2015-4860: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883 (bsc#951376). - CVE-2015-4844: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (bsc#951376). - CVE-2015-4883: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860 (bsc#951376). - CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911 (bsc#951376). - CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893 (bsc#951376). - CVE-2015-4882: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect availability via vectors related to CORBA (bsc#951376). - CVE-2015-4881: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835 (bsc#951376). - CVE-2015-4734: Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to JGSS (bsc#951376). - CVE-2015-4806: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries (bsc#951376). - CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization (bsc#951376). - CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allowed remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911 (bsc#951376). - CVE-2015-4835: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881 (bsc#951376). - CVE-2015-4903: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allowed remote attackers to affect confidentiality via vectors related to RMI (bsc#951376). Important SUSE bug 951376 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 Security update for krb5 (Important) openSUSE Leap 42.1 krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952188). - CVE-2015-2696: Applications which call gss_inquire_context() on a partially-established IAKERB context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952189). - CVE-2015-2697: Incorrect string handling in build_principal_va can lead to DOS (bsc#952190). Important SUSE bug 948011 SUSE bug 952188 SUSE bug 952189 SUSE bug 952190 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 Security update for putty (Moderate) openSUSE Leap 42.1 PuTTY was updated to 0.66 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-5309: Malicious ECH control sequences could have caused an integer overflow, buffer underrun in terminal emulator bnc#954191 Also contains all bug fixes up to the 0.66 release. Moderate SUSE bug 954191 CVE-2015-5309 Security update for ntp (Moderate) openSUSE Leap 42.1 This ntp update provides the following security and non security fixes: - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. Moderate SUSE bug 951608 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 Security update for xscreensaver (Moderate) openSUSE Leap 42.1 Xscreensaver was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-8025: xscreensaver could be bypassed by disconnecting HDMI cable (bsc#952062). Moderate SUSE bug 952062 CVE-2015-8025 Security update for Chromium (Moderate) openSUSE Leap 42.1 Chromium was updated to 46.0.2490.86 to fix one security issue and bugs. The following vulnerability was fixed: * CVE-2015-1302: Information leak in PDF viewer (boo#954579) The following bug fix udpates are included: * boo#950957: Change the default homepage based on the new landing page for the openSUSE Project. Moderate SUSE bug 950957 SUSE bug 954579 CVE-2015-1302 Security update for miniupnpc (Moderate) openSUSE Leap 42.1 MiniUPnP was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-6031: XML parser buffer overflow (boo#950759) Moderate SUSE bug 950759 CVE-2015-6031 Security update for docker (Moderate) openSUSE Leap 42.1 Docker was updated to version 1.9.0, bringing features and bugfixes (bnc#954812): * Runtime: - `docker stats` now returns block IO metrics (#15005) - `docker stats` now details network stats per interface (#15786) - Add `ancestor=<image>` filter to `docker ps --filter` flag to filter containers based on their ancestor images (#14570) - Add `label=<somelabel>` filter to `docker ps --filter` to filter containers based on label (#16530) - Add `--kernel-memory` flag to `docker run` (#14006) - Add `--message` flag to `docker import` allowing to specify an optional message (#15711) - Add `--privileged` flag to `docker exec` (#14113) - Add `--stop-signal` flag to `docker run` allowing to replace the container process stopping signal (#15307) - Add a new `unless-stopped` restart policy (#15348) - Inspecting an image now returns tags (#13185) - Add container size information to `docker inspect` (#15796) - Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json` (#17275) - Remove the deprecated `/container/ps` endpoint from the API (#15972) - Send and document correct HTTP codes for `/exec/<name>/start` (#16250) - Share shm and mqueue between containers sharing IPC namespace (#15862) - Event stream now shows OOM status when `--oom-kill-disable` is set (#16235) - Ensure special network files (/etc/hosts etc.) are read-only if bind-mounted with `ro` option (#14965) - Improve `rmi` performance (#16890) - Do not update /etc/hosts for the default bridge network, except for links (#17325) - Fix conflict with duplicate container names (#17389) - Fix an issue with incorrect template execution in `docker inspect` (#17284) - DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run (#16271) * Client: - Allow `docker import` to import from local files (#11907) * Builder: - Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different stop-signal for the container process (#15307) - Add an `ARG` Dockerfile instruction and a `--build-arg` flag to `docker build` that allows to add build-time environment variables (#15182) - Improve cache miss performance (#16890) * Storage: - devicemapper: Implement deferred deletion capability (#16381) * Networking: - `docker network` exits experimental and is part of standard release (#16645) - New network top-level concept, with associated subcommands and API (#16645) WARNING: the API is different from the experimental API - Support for multiple isolated/micro-segmented networks (#16645) - Built-in multihost networking using VXLAN based overlay driver (#14071) - Support for third-party network plugins (#13424) - Ability to dynamically connect containers to multiple networks (#16645) - Support for user-defined IP address management via pluggable IPAM drivers (#16910) - Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in nodes discovery (#16229) - Add `--cluster-store-opt` for setting up TLS settings (#16644) - Add `--dns-opt` to the daemon (#16031) - DEPRECATE following container `NetworkSettings` fields in API v1.21: `EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`. Those are now specific to the `bridge` network. Use `NetworkSettings.Networks` to inspect the networking settings of a container per network. * Volumes: - New top-level `volume` subcommand and API (#14242) - Move API volume driver settings to host-specific config (#15798) - Print an error message if volume name is not unique (#16009) - Ensure volumes created from Dockerfiles always use the local volume driver (#15507) - DEPRECATE auto-creating missing host paths for bind mounts (#16349) * Logging: - Add `awslogs` logging driver for Amazon CloudWatch (#15495) - Add generic `tag` log option to allow customizing container/image information passed to driver (e.g. show container names) (#15384) - Implement the `docker logs` endpoint for the journald driver (#13707) - DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384) * Distribution: - `docker search` now works with partial names (#16509) - Push optimization: avoid buffering to file (#15493) - The daemon will display progress for images that were already being pulled by another client (#15489) - Only permissions required for the current action being performed are requested (#) - Renaming trust keys (and respective environment variables) from `offline` to `root` and `tagging` to `repository` (#16894) - DEPRECATE trust key environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894) * Security: - Add SELinux profiles to the rpm package (#15832) - Fix various issues with AppArmor profiles provided in the deb package (#14609) - Add AppArmor policy that prevents writing to /proc (#15571) * Change systemd unit file to no longer use the deprecated "-d" option (bnc#954737) - Also docker was updated to the 1.8.3 version that fixes security issues: * Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660) * Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179) * Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry Moderate SUSE bug 949660 SUSE bug 954737 SUSE bug 954812 CVE-2014-8178 CVE-2014-8179 Security update for strongswan (Moderate) openSUSE Leap 42.1 The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Moderate SUSE bug 953817 CVE-2015-8023 Security update for libsndfile (Moderate) openSUSE Leap 42.1 The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519). Moderate SUSE bug 953516 SUSE bug 953519 SUSE bug 953521 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 Security update for ffmpeg (Moderate) openSUSE Leap 42.1 The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues: - CVE-2015-8216: Fixed the ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c which could cause a denial of service (out-of-bounds array access) (bnc#955346). - CVE-2015-8217: Fixed the ff_hevc_parse_sps function in libavcodec/hevc_ps.c which could cause a denial of service (out-of-bounds array access) (bnc#955347). - CVE-2015-8218: Fixed the decode_uncompressed function in libavcodec/faxcompr.c which could cause a denial of service (out-of-bounds array access) (bnc#955348). - CVE-2015-8219: Fixed the init_tile function in libavcodec/jpeg2000dec.c which could cause a denial of service (out-of-bounds array access) (bnc#955350). - Update to new upstream release 2.8.2 * various fixes in the aac_fixed decoder * various fixes in softfloat * swresample/resample: increase precision for compensation * lavf/mov: add support for sidx fragment indexes * avformat/mxfenc: Only store user comment related tags when needed * ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format. * apng: use correct size for output buffer * jvdec: avoid unsigned overflow in comparison * avcodec/jpeg2000dec: Clip all tile coordinates * avcodec/microdvddec: Check for string end in 'P' case * avcodec/dirac_parser: Fix undefined memcpy() use * avformat/xmv: Discard remainder of packet on error * avformat/xmv: factor return check out of if/else * avcodec/mpeg12dec: Do not call show_bits() with invalid bits * avcodec/faxcompr: Add missing runs check in decode_uncompressed() * libavutil/channel_layout: Check strtol*() for failure * avformat/mpegts: Only start probing data streams within probe_packets * avcodec/hevc_ps: Check chroma_format_idc * avcodec/ffv1dec: Check for 0 quant tables * avcodec/mjpegdec: Reinitialize IDCT on BPP changes * avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it * avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet * avformat/hls: update cookies on setcookie response * opusdec: Don't run vector_fmul_scalar on zero length arrays * avcodec/opusdec: Fix extra samples read index * avcodec/ffv1: Initialize vlc_state on allocation * avcodec/ffv1dec: update progress in case of broken pointer chains * avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons * rtsp: Allow $ as interleaved packet indicator before a complete response header * videodsp: don't overread edges in vfix3 emu_edge. * avformat/mp3dec: improve junk skipping heuristic * concatdec: fix file_start_time calculation regression * avcodec: loongson optimize h264dsp idct and loop filter with mmi * avcodec/jpeg2000dec: Clear properties in jpeg2000_dec_cleanup() too * avformat/hls: add support for EXT-X-MAP * avformat/hls: fix segment selection regression on track changes of live streams * configure: Require libkvazaar < 0.7. * avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup - Drop ffmpeg-mov-sidx-fragment.patch, fixed upstream. - Update to new upstream release 2.8.1 * Minor bugfix release * Includes all changes from. Ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28 - Add ffmpeg-mov-sidx-fragment.patch to add sidx fragment indexes. Needed for new mpv release. Moderate SUSE bug 955346 SUSE bug 955347 SUSE bug 955348 SUSE bug 955350 CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 Security update for libpng16 (Moderate) openSUSE Leap 42.1 The libpng16 package was updated to fix the following security issue: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). Moderate SUSE bug 954980 CVE-2015-8126 Security update for libpng12 (Moderate) openSUSE Leap 42.1 The libpng12 package was updated to fix the following security issues: - CVE-2015-8126: Fixed a buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (bsc#954980). - CVE-2015-7981: Fixed an out-of-bound read (bsc#952051). Moderate SUSE bug 952051 SUSE bug 954980 CVE-2015-7981 CVE-2015-8126 security update for ppp (Moderate) openSUSE Leap 42.1 The ppp package was updated to fix one security issue. - CVE-2015-3310: Fixed buffer overflow in radius plug-ins rc_mksid() (bnc#927841). Moderate SUSE bug 927841 CVE-2015-3310 security update for cyrus-imapd (Moderate) openSUSE Leap 42.1 The cyrus-imapd package was updated to fix two security issues. - CVE-2015-8077: Integer overflow in range checks (bnc#954200) - CVE-2015-8078: Integer overflow in index_urlfetch (bnc#954201) Moderate SUSE bug 954200 SUSE bug 954201 CVE-2015-8077 CVE-2015-8078 Security update for libksba (Moderate) openSUSE Leap 42.1 The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Moderate SUSE bug 926826 Security update for znc (Low) openSUSE Leap 42.1 Znc was updated to 1.6.2 to fix one security issue. The following vulnerability was fixed: * CVE-2014-9403: Remote unauthenticated users could cause denial of service via channel creation. [boo#956254] Also contains all bug fixes in the 1.6.2 release. Low SUSE bug 956254 CVE-2014-9403 Recommended update for dracut (Moderate) openSUSE Leap 42.1 This update for dracut fixes the following issues: - Skip ibft setup via dhcp if dhcp ip is 0.0.0.0 (boo#953361) Added 0312-iscsi-skip-ibft-invalid-dhcp.patch - Modify 0169-enabled-warning-for-failed-kernel-modules-per-defaul.patch - Add notice (boo#952491) - Refresh patches with line offsets: M 0146-dracut.sh-corrected-logfile-check.patch M 0182-fix_add_drivers_hang.patch M 0183-kernel-modules-Fix-storage-module-selection-for-sdhc.patch - Modify 0181-load-xhci-pci.patch: - Add hid-logitech-hidpp - Ignore errors for xhci-pci, ehci-platform and hid-logitech-hidpp - Boo#952491, boo#935563 and boo#953035 - Add 0311-less_pointless_module_errors.patch (boo#952491 and boo#935563) - Don't warn if installing built-in modules fails - Don't print the error message twice - Modify 0144-90crypt-fixed-crypttab_contains-to-also-work-with-de.patch and 0169-Enabled-Warning-for-failed-kernel-modules-per-defaul.patch - Fixes boo#935338 - Use mktemp instead of hardcoded filenames, possible vulnerability Moderate SUSE bug 935338 SUSE bug 935563 SUSE bug 952491 SUSE bug 953035 SUSE bug 953361 Security update for LibVNCServer (Moderate) openSUSE Leap 42.1 The LibVNCServer package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. - bsc#854151: Restrict the SSL cipher suite. Moderate SUSE bug 854151 SUSE bug 897031 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 The MozillaThunderbird package was updated to fix the following security and non security issues: - update to Thunderbird 38.4.0 (bnc#952810) * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) - requires NSPR 4.10.10 and NSS 3.19.2.1 - added explicit appdata provides (bnc#952325) Moderate SUSE bug 952325 SUSE bug 952810 CVE-2015-4513 CVE-2015-4514 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Security update for the Linux Kernel (Moderate) openSUSE Leap 42.1 The Linux Kernel was updated to 4.1.13 and fixes the following issues: Security issues fixed: - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. - CVE-2015-7990: A local denial of service due to an incomplete fix of CVE-2015-6937 could lead to crashes (local denial of service). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. Bugs fixed: - alsa: hda - apply hp headphone fixups more generically (boo#954876). - alsa: hda - add fixup for acer aspire one cloudbook 14 (boo#954876). - alsa: hda - fix headphone noise after dell xps 13 resume back from S3 (boo#954876). - alsa: hda - fix noise on dell latitude e6440 (boo#954876). - alsa: hda/hdmi - apply skylake fix-ups to broxton display codec (boo#954647). - alsa: hda - add codec id for broxton display audio codec (boo#954647). - alsa: hda/realtek - dell xps one alc3260 speaker no sound after resume back (boo#954647). - alsa: hda - yet another fix for dell headset mic with alc3266 (boo#954647). - alsa: hda - fix dell laptop for internal mic/headset mic (boo#954647). - alsa: hda - remove no physical connection pins from pin_quirk table (boo#954647). - alsa: hda - add pin quirk for the headset mic jack detection on Dell laptop (boo#954647). - alsa: hda - fix the headset mic that will not work on dell desktop machine (boo#954647). - alsa: hda - remove one pin from alc292_standard_pins (boo#954647). - alsa: hda - add dock support for thinkpad w541 (17aa:2211) (boo#954647). - alsa: hda/realtek: enable hp amp and mute led on hp folio 9480m [v3] (boo#954647). - alsa: hda/realtek - support dell headset mode for alc298 (boo#954647). - alsa: hda/realtek - support headset mode for alc298 (boo#954647). - x86/evtchn: make use of physdevop_map_pirq. - blktap: also call blkif_disconnect() when frontend switched to closed (boo#952976). - blktap: refine mm tracking (boo#952976). - update xen patches to linux 4.1.13. - Backport arm64 patches from sle12-sp1-arm. - Backport pci-ea patches - Enable drm_ast driver - Fix thunderx edac store function - Update arm64 config files. Align arm64 vanilla configuration with default. - rtlwifi: rtl8821ae: fix lockups on boot (boo#944978). - ethernet/atheros/alx: add killer e2400 device id (boo#955363). - drm/i915: don't override output type for ddi hdmi (boo#955190). - drm/i915: set best_encoder field of connector_state also when disabling (boo#955190). - drm/i915: add hotplug activation period to hotplug update mask (boo#955365). - drm/i915: avoid race of intel_crt_detect_hotplug() with hpd interrupt, v2 (boo#955365). - drm/i915: shut up gen8+ sde irq dmesg noise (boo#954757). - ipv6: fix tunnel error handling (boo#952579). - Update config files (boo#951533). - iwlwifi: add new pci ids for the 8260 series (boo#954421). - iwlwifi: edit the 3165 series and 8000 series pci ids (boo#954421). - x86/efi-bgrt: switch pr_err() to pr_debug() for invalid bgrt (boo#953559). - x86/tsc: let high latency pit fail fast in quick_pit_calibrate() (boo#953717). - Backport arm64 patches from sle12-sp1-arm branch Backports to fix Seattle xgbe driver. Fix EL2 page table for systems with high amount of memory. Needed for KVM to work. Convert WARN_ON in numa implementation to pr_warn. - input: elantech - add fujitsu lifebook u745 to force crc_enabled (boo#883192). Moderate SUSE bug 883192 SUSE bug 944978 SUSE bug 945825 SUSE bug 948758 SUSE bug 949936 SUSE bug 951533 SUSE bug 952384 SUSE bug 952579 SUSE bug 952976 SUSE bug 953527 SUSE bug 953559 SUSE bug 953717 SUSE bug 954404 SUSE bug 954421 SUSE bug 954647 SUSE bug 954757 SUSE bug 954876 SUSE bug 955190 SUSE bug 955363 SUSE bug 955365 SUSE bug 956856 CVE-2015-5307 CVE-2015-6937 CVE-2015-7799 CVE-2015-7990 CVE-2015-8104 Security update for gpg2 (Moderate) openSUSE Leap 42.1 The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring (bsc#918089). - CVE-2015-1607: Fixed memcpy with overlapping ranges (bsc#918090). - bsc#955753: Fixed a regression of "gpg --recv" due to keyserver import filter (also boo#952347). Moderate SUSE bug 918089 SUSE bug 918090 SUSE bug 952347 SUSE bug 955753 CVE-2015-1606 CVE-2015-1607 Security update to MySQL 5.6.27 (Important) openSUSE Leap 42.1 MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally: * CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962] Important SUSE bug 924663 SUSE bug 928962 SUSE bug 951391 CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-3152 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 Security update for xen (Moderate) openSUSE Leap 42.1 This update fixes the following security issues: - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970 xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch Moderate SUSE bug 947165 SUSE bug 950704 SUSE bug 954018 SUSE bug 954405 CVE-2015-3259 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5307 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7970 CVE-2015-8104 Security update for mbedtls (Important) openSUSE Leap 42.1 This update for mbedtls fixes the following security and non-security issues: - Update to 1.3.15 * Fix potential double free if ssl_set_psk() is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. * Fix potential heap corruption on windows when x509_crt_parse_path() is passed a path longer than 2GB. Cannot be triggered remotely. Found by Guido Vranken, Intelworks. * Fix potential buffer overflow in some asn1_write_xxx() functions. Cannot be triggered remotely unless you create X.509 certificates based on untrusted input or write keys of untrusted origin. Found by Guido Vranken, Intelworks. * The x509 max_pathlen constraint was not enforced on intermediate certificates. Found by Nicholas Wilson, fix and tests provided by Janos Follath. #280 and #319 * Self-signed certificates were not excluded from pathlen counting, resulting in some valid X.509 being incorrectly rejected. Found and fix provided by Janos Follath. #319 * Fix bug causing some handshakes to fail due to some non-fatal alerts not begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 * Fix build error with configurations where ecdhe-psk is the only key exchange. Found and fix provided by Chris Hammond. #270 * Fix failures in mpi on sparc(64) due to use of bad assembly code. Found by Kurt Danielson. #292 * Fix typo in name of the extkeyusage oid. found by inestlerode, #314 * Fix bug in asn.1 encoding of booleans that caused generated ca certificates to be rejected by some applications, including OS X Keychain. Found and fixed by Jonathan Leroy, Inikup. * Fix "destination buffer is too small" error in cert_write program. Found and fixed by Jonathan Leroy, Inikup. - Update to 1.3.14 * Added fix for CVE-2015-5291 (boo#949380) to prevent heap corruption due to buffer overflow of the hostname or session ticket. Found by Guido Vranken, Intelworks. * Fix stack buffer overflow in pkcs12 decryption (used by mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by Guido Vranken, Intelworks. Not triggerable remotely. * Fix potential buffer overflow in mbedtls_mpi_read_string(). Found by Guido Vranken, Intelworks. Not exploitable remotely in the context of TLS, but might be in other uses. On 32 bit machines, requires reading a string of close to or larger than 1GB to exploit; on 64 bit machines, would require reading a string of close to or larger than 2^62 bytes. * Fix potential random memory allocation in mbedtls_pem_read_buffer() on crafted PEM input data. Found and fix provided by Guido Vranken, Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you accept PEM data from an untrusted source. * Fix potential double-free if ssl_set_psk() is called repeatedly on the same ssl_context object and some memory allocations fail. Found by Guido Vranken, Intelworks. Can not be forced remotely. * Fix possible heap buffer overflow in base64_encode() when the input buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken, Intelworks. Found by Guido Vranken. Not trigerrable remotely in TLS. * Fix potential heap buffer overflow in servers that perform client authentication against a crafted CA cert. Cannot be triggered remotely unless you allow third parties to pick trust CAs for client auth. Found by Guido Vranken, Intelworks. * Fix compile error in net.c with musl libc. found and patch provided by zhasha (#278). * Fix macroization of 'inline' keywork when building as c++. (#279) * Added checking of hostname length in ssl_set_hostname() to ensure domain names are compliant with RFC 1035. - Changes for 1.3.13 * Fix possible client-side null pointer dereference (read) when the client tries to continue the handshake after it failed (a misuse of the API). (Found and patch provided by Fabian Foerg, Gotham Digital Science using afl-fuzz.) * Add countermeasure against lenstra's rsa-crt attack for pkcs#1 v1.5 signatures. (Found by Florian Weimer, Red Hat.) https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ * Setting ssl_min_dhm_bytes in config.h had no effect (overriden in ssl.h) (found by Fabio Solari) (#256) * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input (found by Fredrik Axelsson) (#257) * Fix -wshadow warnings (found by hnrkp) (#240) * Fix unused function warning when using mbedtls_mdx_alt or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) * Fix memory corruption in pkey programs (found by yankuncheng) (#210) * Fix memory corruption on client with overlong psk identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by Aleksandrs Saveljevs) (#238) * Fix off-by-one error in parsing supported point format extension that caused some handshakes to fail. * When verifying a certificate chain, if an intermediate certificate is trusted, no later cert is checked. (suggested by hannes-landeholm) (#220). - Changes for 1.3.12 * Increase the minimum size of diffie-hellman parameters accepted by the client to 1024 bits, to protect against Logjam attack. * Increase the size of default diffie-hellman parameters on the server to 2048 bits. This can be changed with ssl_set_dh_params(). * Fix thread-safety issue in ssl debug module (found by edwin van vliet). * Some example programs were not built using make, not included in visual Studio projects (found by Kristian Bendiksen). * Fix build error with cmake and pre-4.5 versions of gcc (found by hugo Leisink). * Fix missing -static-ligcc when building shared libraries for windows with make. * Fix compile error with armcc5 --gnu. * Add ssl_min_dhm_bytes configuration parameter in config.h to choose the minimum size of Diffie-Hellman parameters accepted by the client. * The pem parser now accepts a trailing space at end of lines (#226). Important SUSE bug 949380 CVE-2015-5291 Security update for openssl (Moderate) openSUSE Leap 42.1 This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed: - Improve S/390 performance on IBM z196 and z13 (bsc#954256) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 954256 SUSE bug 957812 SUSE bug 957813 SUSE bug 957815 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 47.0.2526.80 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-6788: Type confusion in extensions * CVE-2015-6789: Use-after-free in Blink * CVE-2015-6790: Escaping issue in saved pages * CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives The following vulnerabilities were fixed in 47.0.2526.73: * CVE-2015-6765: Use-after-free in AppCache * CVE-2015-6766: Use-after-free in AppCache * CVE-2015-6767: Use-after-free in AppCache * CVE-2015-6768: Cross-origin bypass in DOM * CVE-2015-6769: Cross-origin bypass in core * CVE-2015-6770: Cross-origin bypass in DOM * CVE-2015-6771: Out of bounds access in v8 * CVE-2015-6772: Cross-origin bypass in DOM * CVE-2015-6764: Out of bounds access in v8 * CVE-2015-6773: Out of bounds access in Skia * CVE-2015-6774: Use-after-free in Extensions * CVE-2015-6775: Type confusion in PDFium * CVE-2015-6776: Out of bounds access in PDFium * CVE-2015-6777: Use-after-free in DOM * CVE-2015-6778: Out of bounds access in PDFium * CVE-2015-6779: Scheme bypass in PDFium * CVE-2015-6780: Use-after-free in Infobars * CVE-2015-6781: Integer overflow in Sfntly * CVE-2015-6782: Content spoofing in Omnibox * CVE-2015-6783: Signature validation issue in Android Crazy Linker. * CVE-2015-6784: Escaping issue in saved pages * CVE-2015-6785: Wildcard matching issue in CSP * CVE-2015-6786: Scheme bypass in CSP * CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23) Important SUSE bug 957519 SUSE bug 958481 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6783 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 CVE-2015-6787 CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 Security update for libXfont (Moderate) openSUSE Leap 42.1 This update for libXfont fixes the following issue: - A negative DWIDTH is legal. This was broken by the security fix for CVE-2015-1804. (boo#958383). Moderate SUSE bug 958383 CVE-2015-1804 Security update for libressl (Moderate) openSUSE Leap 42.1 LibreSSL was updated to fix two security issues inherited from OpenSSL. The following vulnerabilities were fixed: * CVE-2015-3194: NULL pointer dereference in client side certificate validation * CVE-2015-3195: Memory leak in PKCS7 - not reachable from TLS/SSL Moderate SUSE bug 958768 CVE-2015-3194 CVE-2015-3195 Security update for quassel (Moderate) openSUSE Leap 42.1 Quassel was updated to fix a remote DoS security issue. The following vulnerability was fixed: * CVE-2015-8547: Remote DoS in Quassel core Moderate SUSE bug 958928 CVE-2015-8547 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 47.0.2525.106 to fix security issues. Vulnerabilities were fixed under the following collective identifier: * CVE-2015-6792: Fixes from internal audits and fuzzing. [boo#959458] Important SUSE bug 959458 CVE-2015-6792 Security update for compat-openssl098 (Moderate) openSUSE Leap 42.1 This update for compat-openssl098 fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) Non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 952099 SUSE bug 957812 CVE-2015-3195 Security update for MozillaFirefox (Moderate) openSUSE Leap 42.1 This update for MozillaFirefox fixes the following security issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs Moderate SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 Security update for ldb, samba, talloc, tdb, tevent (Important) openSUSE Leap 42.1 This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs: The Samba LDB was updated to version 1.1.24: - Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325) - Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599) - Move ldb_(un)pack_data into ldb_module.h for testing - Fix installation of _ldb_text.py - Fix propagation of ldb errors through tdb - Fix bug triggered by having an empty message in database during search Samba was updated to fix these issues: - Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). - Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). - Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). - No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). - Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). - Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Changing log level of two entries to from 1 to 3; (bso#9912). - vfs_gpfs: Re-enable share modes; (bso#11243). - wafsamba: Also build libraries with RELRO protection; (bso#11346). - ctdb: Strip trailing spaces from nodes file; (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - async_req: Fix non-blocking connect(); (bso#11564). - auth: gensec: Fix a memory leak; (bso#11565). - lib: util: Make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). - manpage: Correct small typo error; (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Cleanup and enhance the pidl sub package. - s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). - kerberos: Make sure we only use prompter type when available; (bso#11038). - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316). - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - s3: smbd: Fix mkdir race condition; (bso#11486). - pam_winbind: Fix a segfault if initialization fails; (bso#11502). - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). - net: Fix a crash with 'net ads keytab create'; (bso#11528). - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). - Prevent null pointer access in samlogon fallback when security credentials are null; (bnc#949022). - Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038). talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660). - Test that talloc magic differs between processes. - Increment minor version due to added talloc_test_get_magic. - Provide tests access to talloc_magic. - Test magic protection measures. tdb was updated to version 1.3.8; (bsc#954658). - Improved python3 bindings tevent was updated to 0.9.26; (bsc#954658). - New tevent_thread_proxy api - Minor build fixes This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 949022 SUSE bug 951660 SUSE bug 954658 SUSE bug 958581 SUSE bug 958582 SUSE bug 958583 SUSE bug 958584 SUSE bug 958585 SUSE bug 958586 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-8467 Security update for subversion (Moderate) openSUSE Leap 42.1 This update fixes the following security issues: * CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300) * CVE-2015-3184: mod_authz_svn information leak information in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514) * CVE-2015-3187: hidden paths leaked by path-based authz (bsc#939517) Moderate SUSE bug 939514 SUSE bug 939517 SUSE bug 958300 CVE-2015-3184 CVE-2015-3187 CVE-2015-5343 Security update for bind (Important) openSUSE Leap 42.1 This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 958861 CVE-2015-8000 Security update for Qt 5 (Moderate) openSUSE Leap 42.1 Qt 5 was updated to the 5.5.1 release to deliver upstream improvements and fixes to Qt functionality. The following Security fixes are contained in QtWebEngineCore: * ICU: CVE-2014-8146, CVE-2014-8147 * Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292 * Skia: CVE-2015-1294 * V8: CVE-2015-1290 The following packages were rebuilt because they use private headers: * calibre * fcitx-qt5 * frameworkintegration * kwayland * kwin5, * lxqt-powermanagement * lxqt-qtplugin Moderate SUSE bug 954149 SUSE bug 959178 CVE-2014-8146 CVE-2014-8147 CVE-2015-1284 CVE-2015-1290 CVE-2015-1291 CVE-2015-1292 CVE-2015-1294 Security update for gummi (Moderate) openSUSE Leap 42.1 This update for gummi fixes the following issues: - CVE-2015-7758: Fix an exploitable issue caused by gummi setting predictable file names in /tmp; patch taken from debian patch tracker and submitted upstream (bnc#949682). Moderate SUSE bug 949682 CVE-2015-7758 Security update for krb5 (Moderate) openSUSE Leap 42.1 The krb5 package was updated to fix the following security issue: - CVE-2015-2698: Fixed a memory corruption regression introduced by resolving of CVE-2015-2698 (bsc#954204). Moderate SUSE bug 954204 CVE-2015-2698 Security update for ffmpeg (Moderate) openSUSE Leap 42.1 This update to ffmpeg 2.8.3 fixes the following security issues: * CVE-2015-8363: Check for duplicate SIZ marker / asan_heap-oob [boo#957114] * CVE-2015-8364: Check image dimensions / integer overflow [boo#957115] * CVE-2015-8365: out of array access / asan_heap-oob [boo#957116] Moderate SUSE bug 957114 SUSE bug 957115 SUSE bug 957116 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 Security update for xulrunner (Important) openSUSE Leap 42.1 Xulrunner was updated to 38.5.0 to fix several security issues. The following vulnerabilities were fixed (boo#959277): * CVE-2015-7201: Miscellaneous memory safety hazards * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7214: Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Security update for Mozilla Thunderbird (Important) openSUSE Leap 42.1 Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues. The following vulnerabilities were fixed: (boo#959277) * CVE-2015-7201: Miscellaneous memory safety hazards * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7214: Cross-site reading attack through data and view-source URIs Important SUSE bug 959277 CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Security update for mozilla-nss (Moderate) openSUSE Leap 42.1 This update to mozilla-nss 3.20.2 fixes the following issues: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (boo#952810) Moderate SUSE bug 959888 CVE-2015-7575 Security update for claws-mail (Moderate) openSUSE Leap 42.1 This update for claws-mail fixes the following security issue: * CVE-2015-8614: buffer overrun issues in Japanese character set conversion code could allow an adversary to remotely crash claws and potentially have further unspecified impact (boo#959993) Moderate SUSE bug 959993 CVE-2015-8614 Security update for grub2 (Important) openSUSE Leap 42.1 - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Check MS-DOS header to find PE file header. (bsc#954126) - Use dirname for copying Xen kernel and initrd to esp. (bsc#955493) - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519) - Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition in default setup. (bsc#917427, bsc#955609) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 774666 SUSE bug 917427 SUSE bug 946148 SUSE bug 952539 SUSE bug 954126 SUSE bug 954519 SUSE bug 955493 SUSE bug 955609 SUSE bug 956631 CVE-2015-8370 Security update for typo3-cms-4_7 (Moderate) openSUSE Leap 42.1 This update for typo3-cms-4_7 fixes the following issues: - CVE-2014-3941: Multiple vulnerabilities (TYPO3-CORE-SA-2014-001) - CVE-2013-4701: Multiple vulnerabilities (TYPO3-CORE-SA-2014-002) - CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004) - other security fixes, e.g. preventing XSS attacks. The package was updated to last upstream version (discontinued) 4.7.20 Moderate SUSE bug 974993 SUSE bug 975949 CVE-2013-4701 CVE-2013-7073 CVE-2014-3941 Security update for pdns (Moderate) openSUSE Leap 42.1 This update for pdns fixes the following issues: - CVE-2016-6172: malicious primary DNS servers can crash secondaries through large transfers (boo#987872) As mitigation, the xfr-max-received-mbytes config option was added, defaulting to to 100 (MB). Moderate SUSE bug 987872 CVE-2016-6172 Security update for apache2-mod_fcgid (Moderate) openSUSE Leap 42.1 This update for apache2-mod_fcgid fixes the following issues: - CVE-2016-1000104 / CVE-2016-5387: A remote attacker could have set the HTTP_PROXY environment variable of CGI scripts (boo#988488) Moderate SUSE bug 988488 CVE-2016-1000104 CVE-2016-5387 Security update for iperf (Moderate) openSUSE Leap 42.1 iperf was updated to the the following vulnerability: - CVE-2016-4303: A malicious client could have triggered a buffer overflow / heap corruption issue by sending a specially crafted JSON string, and possibly execute arbitrary code (boo#984453) Moderate SUSE bug 984453 CVE-2016-4303 Security update for tiff (Moderate) openSUSE Leap 42.1 This update to tiff 4.0.6 fixes the following issues: - CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact (bsc#960341) - bsc#942690: potential out-of-bound write in NeXTDecode() (#2508) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 942690 SUSE bug 960341 CVE-2015-7554 Security update for libidn (Moderate) openSUSE Leap 42.1 This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 923241 SUSE bug 990189 SUSE bug 990190 SUSE bug 990191 CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 Security update for ImageMagick (Moderate) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: - security update: * CVE-2016-6520: buffer overflow [bsc#991872] * CVE-2016-5010: Out-of-bounds read in CopyMagickMemory [bsc#991444] * CVE-2016-6491: Out-of-bounds read when processing crafted tiff files [bsc#991445] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 991444 SUSE bug 991445 SUSE bug 991872 CVE-2016-5010 CVE-2016-6491 CVE-2016-6520 Security update for phpMyAdmin (Important) openSUSE Leap 42.1 phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the following issues: - Upstream changelog for 4.4.15.8: * Improve session cookie code for openid.php and signon.php example files * Full path disclosure in openid.php and signon.php example files * Unsafe generation of BlowfishSecret (when not supplied by the user) * Referrer leak when phpinfo is enabled * Use HTTPS for wiki links * Improve SSL certificate handling * Fix full path disclosure in debugging code * Administrators could trigger SQL injection attack against users - other fixes * Remove Swekey support - Security fixes: https://www.phpmyadmin.net/security/ * Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661) * PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661) * Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661) * SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661) * Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661) * Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661) * Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661) * SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661) * Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661) * Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661) * SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661) * Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661) * Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661) * Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661) * Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661) * Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661) * Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661) * Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661) * ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661) * Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661) * Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661) * Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661) * Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661) Important SUSE bug 994313 CVE-2016-6606 CVE-2016-6607 CVE-2016-6608 CVE-2016-6609 CVE-2016-6610 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6614 CVE-2016-6615 CVE-2016-6616 CVE-2016-6617 CVE-2016-6618 CVE-2016-6619 CVE-2016-6620 CVE-2016-6621 CVE-2016-6622 CVE-2016-6623 CVE-2016-6624 CVE-2016-6625 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-6633 Security update for typo3-cms-4_5 (Moderate) openSUSE Leap 42.1 This update for typo3-cms-4_5 fixes the following issues: - CVE-2015-2047: Authentication Bypass (TYPO3-CORE-SA-2015-001) - CVE-2014-9508: Link spoofing and cache poisoning (TYPO3-CORE-SA-2014-003) - TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities - CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004) This update contains the last upstream release 4.5.40, LTS discontinued since 04.2015. Moderate CVE-2013-7073 CVE-2014-9508 CVE-2015-2047 Security update for MozillaFirefox, mozilla-nss (Moderate) openSUSE Leap 42.1 This update for MozillaFirefox, mozilla-nss fixes the following issues: Changes in MozillaFirefox: - Mozilla Firefox 48.0.1: * Fixed an audio regression impacting some major websites (bmo#1295296) * Fix a top crash in the JavaScript engine (bmo#1290469) * Fix a startup crash issue caused by Websense (bmo#1291738) * Fix a different behavior with e10s / non-e10s on <select> and mouse events (bmo#1291078) * Fix a top crash caused by plugin issues (bmo#1264530) * Fix a shutdown issue (bmo#1276920) * Fix a crash in WebRTC - added upstream patch so system plugins/extensions are correctly loaded again on x86-64 (bmo#1282843) - CVE-2016-6354: Fix for possible buffer overrun (boo#990856) Changes in mozilla-nss: - also sign libfreeblpriv3.so to allow FIPS mode again (boo#992236) Moderate SUSE bug 990856 SUSE bug 992236 CVE-2016-6354 Security update for libqt4 (Moderate) openSUSE Leap 42.1 This update for libqt4 fixes the following issues: Various unsafe SSL ciphers have been disabled in the standard SSL classes. Also the RC4 based ciphers have been disabled. (bsc#865241) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 865241 Security update for openldap2 (Important) openSUSE Leap 42.1 This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs: - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment This update adds the following functionality: - fate#319300: SHA2 password hashing module that can be loaded on-demand. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 937766 SUSE bug 945582 SUSE bug 955210 CVE-2015-4000 CVE-2015-6908 Security update for cracklib (Moderate) openSUSE Leap 42.1 This update for cracklib fixes the following issues: - Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 992966 CVE-2016-6318 Security update for dosfstools (Moderate) openSUSE Leap 42.1 dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). This non-security issue was fixed: - bsc#912607: Attempt to rename root dir in fsck due to uninitialized fields. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 912607 SUSE bug 980364 SUSE bug 980377 CVE-2015-8872 CVE-2016-4804 Security update for xerces-c (Moderate) openSUSE Leap 42.1 xerces-c was updated to fix one security issue. This security issue was fixed: - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). - CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 979208 SUSE bug 985860 CVE-2016-2099 CVE-2016-4463 Security update for eog (Moderate) openSUSE Leap 42.1 This update for eog fixes the following issues: - Update to version 3.16.5 (boo#994819, CVE-2016-6855): + Bug fixes: - bgo#770143: CVE-2016-6855 out-of-bounds write in eog 3.10.2. - bgo#770197: eog leaks error message if loading an SVG fails. Moderate SUSE bug 994819 CVE-2016-6855 Security update for tomcat (Moderate) openSUSE Leap 42.1 This update for tomcat fixes the following issues: - CVE-2016-3092: Usage of vulnerable FileUpload package can result in denial of service. (bsc#986359) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header. (bsc#988489) This update was imported from the SUSE:SLE-12-SP1:Update project. Moderate SUSE bug 986359 SUSE bug 988489 CVE-2016-3092 CVE-2016-5388 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update for MozillaThunderbird fixes the following issues: - update to Thunderbird 45.3.0 (boo#991809) * Disposition-Notification-To could not be used in mail.compose.other.header * "edit as new message" on a received message pre-filled the sender as the composing identity. * Certain messages caused corruption of the drafts summary database. security fixes: * MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file - Fix for possible buffer overrun (boo#990856) CVE-2016-6354 (bmo#1292534) [mozilla-flex_buffer_overrun.patch] - add a screenshot to appdata.xml Moderate SUSE bug 990856 SUSE bug 991809 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Security update for java-1_8_0-openjdk (Critical) openSUSE Leap 42.1 java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Includes the following fixes from the October 2015 update: (bsc#951376) - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4805: A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE-2015-4806: A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data - CVE-2015-4835: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4842: A remote user can exploit a flaw in the Embedded JAXP component to partially access data - CVE-2015-4843: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4844: A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges - CVE-2015-4860: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4872: A remote user can exploit a flaw in the JRockit Security component to partially modify data []. - CVE-2015-4881: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4882: A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions - CVE-2015-4883: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4893: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4902: A remote user can exploit a flaw in the Java SE Deployment component to partially modify data - CVE-2015-4903: A remote user can exploit a flaw in the Embedded RMI component to partially access data - CVE-2015-4911: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4810: A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges - CVE-2015-4840: A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE-2015-4868: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4901: A remote user can exploit a flaw in the JavaFX component to gain elevated privileges - CVE-2015-4906: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4908: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4916: A remote user can exploit a flaw in the JavaFX component to partially access data Critical SUSE bug 951376 SUSE bug 960996 SUSE bug 962743 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Security update for libstorage (Moderate) openSUSE Leap 42.1 This update for libstorage fixes the following issues: - Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 986971 CVE-2016-5746 Security update for libsrtp (Moderate) openSUSE Leap 42.1 This update for libsrtp fixes the following issues: - Update to 1.5.4: * Use BE byte ordering of RTCP trailer. * Allow zero length payload on unprotect. - Update to new upstream release 1.5.3 * Maintenance release, including fix for CVE-2015-6360 boo#957376 Moderate SUSE bug 957376 CVE-2015-6360 Security update for libtcnative-1-0 (Moderate) openSUSE Leap 42.1 This update for libtcnative-1-0 fixes the following issues: - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 (bsc#938945) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 938945 CVE-2015-4000 Security update for krb5 (Moderate) openSUSE Leap 42.1 This update for krb5 fixes the following issues: - CVE-2016-3120: KDC NULL Pointer Dereference Denial Of Service Vulnerability (bsc#991088) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 991088 CVE-2016-3120 Security update for wget (Moderate) openSUSE Leap 42.1 This update for wget fixes the following issues: - Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971). - Work around a libidn vulnerability (bsc#937096, CVE-2015-2059). - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 937096 SUSE bug 958342 SUSE bug 984060 CVE-2015-2059 CVE-2016-4971 Security update for mariadb (Moderate) openSUSE Leap 42.1 This update for mariadb fixes the following issues: - CVE-2016-3477: Unspecified vulnerability in subcomponent parser [bsc#991616] - CVE-2016-3521: Unspecified vulnerability in subcomponent types [bsc#991616] - CVE-2016-3615: Unspecified vulnerability in subcomponent dml [bsc#991616] - CVE-2016-5440: Unspecified vulnerability in subcomponent rbr [bsc#991616] - mariadb failing test main.bootstrap [bsc#984858] - left over "openSUSE" comments in MariaDB on SLE12 GM and SP1 [bsc#985217] - remove unnecessary conditionals from specfile - add '--ignore-db-dir=lost+found' option to rc.mysql-multi in order not to misinterpret the lost+found directory as a database [bsc#986251] This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 984858 SUSE bug 985217 SUSE bug 986251 SUSE bug 991616 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 Security update for fontconfig (Low) openSUSE Leap 42.1 This update for fontconfig fixes the following issues: - security update: * CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534] This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 992534 CVE-2016-5384 Security update for gdk-pixbuf (Moderate) openSUSE Leap 42.1 gdk-pixbuf was updated to 2.32.3 to fix the following issues: Update to version 2.32.3: + Fix two crashes in the bmp loader (bgo#747605, bgo#758991) + ico: integer overflow fixes + Avoid some integer overflow possibilities in scaling code + Make relocations optional + Fix a crash due to overflow when scaling + Drop loaders for some rare image formats: wbmp, ras, pcx + Prevent testsuite failures due to lack of memory + Fix animation loading (bgo#755269) + More overflow fixes in the scaling code (bgo#754387) + Fix a crash in the tga loader + Fix several integer overflows (bgo#753908, bgo#753569) + Port animations to GTask + Translation updates - Add fixes for some crashes, taken from upstream git (boo#988745 boo#991450 CVE-2016-6352): Moderate SUSE bug 988745 SUSE bug 991450 CVE-2016-6352 Security update for ocaml (Moderate) openSUSE Leap 42.1 This update for ocaml fixes the following issue: Security issue fixed: - CVE-2015-8869: Prevent buffer overflow and information leak. (bsc#977990) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 977990 CVE-2015-8869 Recommended update for libtorrent-rasterbar (Moderate) openSUSE Leap 42.1 This update for libtorrent-rasterbar fixes the following issues: - Update to version 1.0.10: * Fix inverted priority of incoming piece suggestions. * Fix a crash on invalid input in http_parser. * Add a new "preformatted" type to bencode entry variant type. * Fix division by zero in super-seeding logic Moderate SUSE bug 983228 CVE-2016-5301 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4557: The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel did not properly maintain an fd data structure, which allowed local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor (bnc#979018). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation (bnc#981058). - CVE-2015-8787: The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604 (bnc#963931). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-6828: A use after free in tcp_xmit_retransmit_queue() was fixed that could be used by local attackers to crash the kernel (bsc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 986365 990058). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570). The following non-security bugs were fixed: - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - KVM: arm/arm64: Handle forward time correction gracefully (bnc#974266). - Linux 4.1.29. Refreshed patch: patches.xen/xen3-fixup-xen Deleted patches: patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.patch patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.patch patches.rpmify/Revert-mm-swap.c-flush-lru-pvecs-on-compound-page-ar patches.rpmify/Revert-powerpc-Update-TM-user-feature-bits-in-scan_f - Revert "mm/swap.c: flush lru pvecs on compound page arrival" (boo#989084). - Revert "powerpc: Update TM user feature bits in scan_features()". Fix the build error of 4.1.28 on ppc. - Revive i8042_check_power_owner() for 4.1.31 kabi fix. - USB: OHCI: Do not mark EDs as ED_OPER if scheduling fails (bnc#987886). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch (bsc#986570 CVE-2016-1237). - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE-2016-1237). - netfilter: x_tables: fix 4.1 stable backport (bsc#989176). - nfsd: check permissions when setting ACLs (bsc#986570). - posix_acl: Add set_posix_acl (bsc#986570). - ppp: defer netns reference release for ppp channel (bsc#980371). - series.conf: Move a kABI patch to its own section - supported.conf: enable i2c-designware driver (bsc#991110) - tcp: enable per-socket rate limiting of all "challenge acks" (bsc#989152). Important SUSE bug 963931 SUSE bug 970948 SUSE bug 971126 SUSE bug 971360 SUSE bug 974266 SUSE bug 978821 SUSE bug 978822 SUSE bug 979018 SUSE bug 979213 SUSE bug 979879 SUSE bug 980371 SUSE bug 981058 SUSE bug 981267 SUSE bug 986362 SUSE bug 986365 SUSE bug 986570 SUSE bug 987886 SUSE bug 989084 SUSE bug 989152 SUSE bug 989176 SUSE bug 990058 SUSE bug 991110 SUSE bug 991608 SUSE bug 991665 SUSE bug 994296 SUSE bug 994520 CVE-2015-8787 CVE-2016-1237 CVE-2016-2847 CVE-2016-3134 CVE-2016-3156 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4951 CVE-2016-4997 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 Security update for mysql-connector-java (Moderate) openSUSE Leap 42.1 mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues. - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981) Please see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 927981 CVE-2015-2575 Recommended update for chromium (Important) openSUSE Leap 42.1 Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access - CVE-2016-5174: Popup not correctly suppressed - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. The following upstream fixes are included: - SPDY crasher fixes - Disable NV12 DXGI video on AMD - Forward --password-store switch to os_crypt - Tell the kernel to discard USB requests when they time out. - disallow WKBackForwardListItem navigations for pushState pages - arc: bluetooth: Fix advertised uuid - fix conflicting PendingIntent for stop button and swipe away The widevine plugin was re-enabled (boo#998328). Important SUSE bug 998328 SUSE bug 998743 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 Security update for perl (Moderate) openSUSE Leap 42.1 This update for Perl fixes the following issues: - CVE-2016-6185: Xsloader looking at a "(eval)" directory. (bsc#988311) - CVE-2016-1238: Searching current directory for optional modules. (bsc#987887) - CVE-2015-8853: Regular expression engine hanging on bad utf8. (bsc) - CVE-2016-2381: Environment dup handling bug. (bsc#967082) - "Insecure dependency in require" error in taint mode. (bsc#984906) - Memory leak in 'use utf8' handling. (bsc#928292) - Missing lock prototype to the debugger. (bsc#932894) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 928292 SUSE bug 932894 SUSE bug 967082 SUSE bug 984906 SUSE bug 987887 SUSE bug 988311 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 Security update for opera (Moderate) openSUSE Leap 42.1 NonFree This update to opera 39.0.2256.71 fixes the following issues: - Deadlock when closing a bubble opened by touch - Crash in opera::FreedomProxyConfigurationImpl::RetrieveProxyServers - No temporary or permanent error when unable to connect to API server - Some requests bypass the proxy on startup (again) - Hints are cut off if they fall outside the main window - SE-Proxy-Authorization header revealed for HTTPS - Whitelist some AV software certificates - Store custom user agent postfix in registry The bundled Chromium was updated to 52.0.2743.116. Moderate Security update for tiff (Moderate) openSUSE Leap 42.1 This update for tiff fixes the following issues: * CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) * CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340). * CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat (bsc#987351) * CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (bsc#984837) * CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function (bsc#984831) * CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so (bsc#984842) * CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (bsc#984808) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 964225 SUSE bug 973340 SUSE bug 984808 SUSE bug 984831 SUSE bug 984837 SUSE bug 984842 SUSE bug 987351 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-3186 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 Security update for openssh (Moderate) openSUSE Leap 42.1 This update for openssh fixes the following issues: - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) Bug fixes: - avoid complaining about unset DISPLAY variable (bsc#981654) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 948902 SUSE bug 981654 SUSE bug 989363 SUSE bug 992533 CVE-2016-6210 CVE-2016-6515 Security update for file-roller (Moderate) openSUSE Leap 42.1 This update for file-roller fixes the following issue: - CVE-2016-7162: Do not follow symlinks when deleting a folder recursively. (boo#997822, bgo#698554) Moderate SUSE bug 997822 CVE-2016-7162 Security update for opera (Moderate) openSUSE Leap 42.1 NonFree This update to Opera 40.0.2308.54 contains feature updates and bug fixes. - runs Chromium 53.0.2785.101 (bsc#996648) - built-in VPN service - Various video playback improvements - Support for DHE-based TLS ciphers has been removed Moderate SUSE bug 996648 Security update for pdns (Moderate) openSUSE Leap 42.1 This update for pdns fixes the following issues: - CVE-2016-5426, CVE-2016-5427: Fix case where crafted queries can cause unexpected backend load. (boo#998159) Moderate SUSE bug 998159 CVE-2016-5426 CVE-2016-5427 Security update for wpa_supplicant (Moderate) openSUSE Leap 42.1 This update for wpa_supplicant fixes the following issues: - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077) - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (bnc#930078) - CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079) - CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254) - CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 930077 SUSE bug 930078 SUSE bug 930079 SUSE bug 937419 SUSE bug 952254 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5310 CVE-2015-8041 Security update for gd (Moderate) openSUSE Leap 42.1 This update for gd fixes the following issues: * CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436] * CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577] * CVE-2016-6128: Invalid color index not properly handled [bsc#991710] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176] * CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 982176 SUSE bug 987577 SUSE bug 988032 SUSE bug 991436 SUSE bug 991622 SUSE bug 991710 SUSE bug 995034 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 Security update for samba (Moderate) openSUSE Leap 42.1 This update for samba provides the following fixes: - CVE-2016-2119: Prevent client-side SMB2 signing downgrade. (bsc#986869) - Fix possible ctdb crash when opening sockets with htons(IPPROTO_RAW). (bsc#969522) - Honor smb.conf socket options in winbind. (bsc#975131) - Fix ntlm-auth segmentation fault with squid. (bsc#986228) - Implement new "--no-dns-updates" option in "net ads" command. (bsc#991564) - Fix population of ctdb sysconfig after source merge. (bsc#981566) This update was imported from the SUSE:SLE-12-SP1:Update project. Moderate SUSE bug 969522 SUSE bug 975131 SUSE bug 981566 SUSE bug 986228 SUSE bug 986869 SUSE bug 991564 CVE-2016-2119 Security update for gtk2 (Moderate) openSUSE Leap 42.1 This gtk2 update to version 2.24.31 fixes the following issues: Security issues fixed: - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed: - Changes from version 2.24.31: + Backport many file chooser entry fixes and cleanups. + Don't crash if invisible files are deleted. + Bugs fixed: bgo#555087, bgo#586367, bgo#635287, bgo#640698, bgo#648419, bgo#672271, bgo#679333, bgo#687196, bgo#703220 (CVE-2013-7447), bgo#720330, bgo#729927, bgo#737777, bgo#752707, bgo#756450, bgo#765120, bgo#765193, bgo#768163, bgo#764996, bgo#769126. GTK2 Engine and branding packages were rebuilt to match the updated gtk2 package (boo#999375). Moderate SUSE bug 966682 SUSE bug 999375 CVE-2013-7447 Security update for MozillaFirefox, mozilla-nss (Important) openSUSE Leap 42.1 This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to version 49.0 (boo#999701) - New features * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. * Added features to Reader Mode that make it easier on the eyes and the ears * Improved video performance for users on systems that support SSE3 without hardware acceleration * Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed * Improvements in about:memory reports for tracking font memory usage - Security related fixes * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 - requires NSS 3.25 - Mozilla Firefox 48.0.2: * Mitigate a startup crash issue caused on Windows (bmo#1291738) mozilla-nss was updated to NSS 3.25. New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. * Several functions have been added to the public API of the NSS Cryptoki Framework. New functions: * NSSCKFWSlot_GetSlotID * NSSCKFWSession_GetFWSlot * NSSCKFWInstance_DestroySessionHandle * NSSCKFWInstance_FindSessionHandle Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 Important SUSE bug 999701 CVE-2016-2827 CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 Security update for curl (Moderate) openSUSE Leap 42.1 This update for curl fixes the following issues: Security issues fixed: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-5421: use of connection struct after free (bsc#991391) - CVE-2016-7141: Fixed incorrect reuse of client certificates with NSS (bsc#997420) Also the following bug was fixed: - fixing a performance issue (bsc#991746) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 991389 SUSE bug 991390 SUSE bug 991391 SUSE bug 991746 SUSE bug 997420 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 Security update for freerdp (Moderate) openSUSE Leap 42.1 This update for freerdp fixes the following issues: Security issues fixed: - CVE-2013-4118: Add a NULL pointer check to fix a server crash (boo#829013). - CVE-2014-0791: The remaining length in the stream is checked before doing some malloc(), which could have lead to crashes. (boo#857491). Moderate SUSE bug 829013 SUSE bug 857491 CVE-2013-4118 CVE-2014-0791 Security update for bind (Critical) openSUSE Leap 42.1 The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) This update was imported from the SUSE:SLE-12-SP1:Update update project. Critical SUSE bug 1000362 CVE-2016-2776 Security update for openssl (Important) openSUSE Leap 42.1 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * allow >= 64GB AESGCM transfers (bsc#988591) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 979475 SUSE bug 982575 SUSE bug 982745 SUSE bug 983249 SUSE bug 988591 SUSE bug 990419 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Security update for libgcrypt (Moderate) openSUSE Leap 42.1 This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 994157 CVE-2016-6313 Security update for openjpeg (Moderate) openSUSE Leap 42.1 This update for openjpeg fixes the following issues: - CVE-2016-7445: Avoid a crash (NULL pointer dereference) when convertng images. (boo#999817, CVE-2016-7445). Moderate SUSE bug 999817 CVE-2016-7445 Security update for chromium (Moderate) openSUSE Leap 42.1 This update Chromium 53.0.2785.143 fixes the following issues (boo#1002140) - CVE-2016-5177: Use after free in V8 - CVE-2016-5178: Various fixes from internal audits The following bugfix changes are included: - Export GDK_BACKEND=x11 before starting chromium, ensuring that it's started as an Xwayland client (boo#1001135). - Changes to Sandbox to fix crashers on tumbleweed (boo#999091) Moderate SUSE bug 1001135 SUSE bug 1002140 SUSE bug 999091 CVE-2016-5177 CVE-2016-5178 Security update for java-1_7_0-openjdk (Critical) openSUSE Leap 42.1 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed: - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package This update was imported from the SUSE:SLE-12:Update update project. Critical SUSE bug 939523 SUSE bug 960996 SUSE bug 962743 CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Security update for mariadb (Important) openSUSE Leap 42.1 This update for mariadb to 10.0.27 fixes the following issues: Security issue fixed: * CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) * release notes: * https://kb.askmonty.org/en/mariadb-10027-release-notes * changelog: * https://kb.askmonty.org/en/mariadb-10027-changelog Bugs fixed: - Make ORDER BY optimization functions take into account multiple equalities. (bsc#949520) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 949520 SUSE bug 998309 CVE-2016-6662 Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso (Moderate) openSUSE Leap 42.1 Various packages included vulnerable parsers generated by "flex". This update provides a fixed "flex" package and also rebuilds of packages that might have security issues caused by the auto generated code. Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354) Packages that were rebuilt with the fixed flex: - at - libbonobo - netpbm - openslp - sgmltool - virtuoso Some more packages might also need to be rebuild to receive a new flex parser, but will be released later. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 990856 CVE-2016-6354 Security update for php5 (Important) openSUSE Leap 42.1 This update for php5 fixes the following security issues: * CVE-2016-6128: Invalid color index not properly handled [bsc#987580] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422] * CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7134: Heap overflow in the function curl_escape This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 987530 SUSE bug 987580 SUSE bug 988032 SUSE bug 991422 SUSE bug 991424 SUSE bug 991426 SUSE bug 991427 SUSE bug 991428 SUSE bug 991429 SUSE bug 991430 SUSE bug 991433 SUSE bug 991434 SUSE bug 991437 SUSE bug 997206 SUSE bug 997207 SUSE bug 997208 SUSE bug 997210 SUSE bug 997211 SUSE bug 997220 SUSE bug 997225 SUSE bug 997230 SUSE bug 997248 SUSE bug 997257 CVE-2014-3587 CVE-2016-3587 CVE-2016-5399 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7134 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed: - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439). - ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - ALSA: hda - Flush the pending probe work at remove (boo#960710). - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439). - Add Cavium Thunderx network enhancements - Add RHEL to kernel-obs-build - Backport amd xgbe fixes and features - Backport arm64 patches from SLE12-SP1-ARM. - Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178). - Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178). - Documentation: nousb is a module parameter (bnc#954324). - Driver for IBM System i/p VNIC protocol. - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't be built as a module. - Fix PCI generic host controller - Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263). - HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532). - HID: multitouch: fix input mode switching on some Elan panels (boo#954532). - Implement enable/disable for Display C6 state (boo#960021). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - Linux 4.1.15 (boo#954647 bsc#955422). - Move kabi patch to patches.kabi directory - Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers. - PCI: generic: Pass starting bus number to pci_scan_root_bus(). - Revert "block: remove artifical max_hw_sectors cap" (boo#961263). - Set system time through RTC device - Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel. - Update config files: CONFIG_IBMVNIC=m - block/sd: Fix device-imposed transfer length limits (boo#961263). - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263). - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021). - drm/i915/skl: Add DC6 Trigger sequence (boo#960021). - drm/i915/skl: Add support to load SKL CSR firmware (boo#960021). - drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021). - drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021). - drm/i915/skl: Fix DMC API version in firmware file name (boo#960021). - drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021). - drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021). - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021). - drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021). - drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021). - drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021). - drm/i915/skl: add F0 stepping ID (boo#960021). - drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021). - drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021). - drm/i915: Fix CSR MMIO address check (boo#960021). - drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021). - drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021). - ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - group-source-files: mark module.lds as devel file ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory - hwrng: core - sleep interruptible in read (bnc#962597). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - kABI fixes for linux-4.1.15. - rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere. - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors. - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs. - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259 - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file - rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs. - rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096) - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now. - thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152). - usb: make "nousb" a clear module parameter (bnc#954324). - usbvision fix overflow of interfaces array (bnc#950998). - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996). - x86/microcode/amd: Extract current patch level read to a function (bsc#913996). - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). - xhci: refuse loading if nousb is used (bnc#954324). Important SUSE bug 865096 SUSE bug 865259 SUSE bug 913996 SUSE bug 950178 SUSE bug 950998 SUSE bug 952621 SUSE bug 954324 SUSE bug 954532 SUSE bug 954647 SUSE bug 955422 SUSE bug 956708 SUSE bug 957152 SUSE bug 957988 SUSE bug 957990 SUSE bug 958439 SUSE bug 958463 SUSE bug 958504 SUSE bug 958510 SUSE bug 958886 SUSE bug 958951 SUSE bug 959190 SUSE bug 959399 SUSE bug 960021 SUSE bug 960710 SUSE bug 961263 SUSE bug 961509 SUSE bug 962075 SUSE bug 962597 CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2016-0728 Security update for ffmpeg (Moderate) openSUSE Leap 42.1 ffmpeg was updated to 2.8.8 to fix the following issues, both bugs and security issues: * avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame * avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg * avformat/oggparseopus: Check that granule pos is within the supported range * avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id() * ffmpeg: Check that r_frame_rate is set before attempting to use it * avformat/utils: Do not compute the bitrate from duration == 0 * avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id() * avformat/avidec: Detect index with too short entries * avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c * avformat/allformats: Making av_register_all() thread-safe. * avcodec/vp9_parser: Check the input frame sizes for being consistent * avformat/oggdec: Fix integer overflow with invalid pts * avcodec/ffv1enc: Fix assertion failure with non zero bits per sample * avcodec/diracdec: Check numx/y * avformat/avidec: Fix infinite loop in avi_read_nikon() Moderate SUSE bug 998636 Security update for postgresql94 (Important) openSUSE Leap 42.1 This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). This non-security issue was fixed: - bsc#973660: Added "Requires: timezone" to Service Pack For additional non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 973660 SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues: - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. (MFSA 2016-86, boo#999701) The following bugs were fixed in this release: - Display name was truncated if no separating space before email address - Recipient addresses were shown in wrong color in some circumstances - Additional spaces were inserted when drafts were edited. - Mail saved as template copied In-Reply-To and References from original email. - Threading broken when editing message draft, due to loss of Message-ID - "Apply columns to..." did not honor special folders Moderate SUSE bug 999701 Security update for xen (Important) openSUSE Leap 42.1 This update for xen fixes the following issues: These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (boo#994761) - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (boo#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676) - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (boo#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676) - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982224) - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286) - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982024) - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982025) - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982026) - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670) - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620) - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111) - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) These non-security issues were fixed: - boo#991934: xen hypervisor crash in csched_acct - boo#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen - boo#955104: Virsh reports error "one or more references were leaked after disconnect from hypervisor" when "virsh save" failed due to "no response from client after 6 keepalive messages" - boo#959552: Migration of HVM guest leads into libvirt segmentation fault - boo#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor - boo#959330: Guest migrations using virsh results in error "Internal error: received hangup / error event on socket" - boo#990500: VM virsh migration fails with keepalive error: ":virKeepAliveTimerInternal:143 : No response from client" - boo#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - boo#953518: xen_platform: unplug also SCSI disks in qemu-xen - boo#971949: Support (by ignoring) xl migrate --live. xl migrations are always live - boo#970135: New virtualization project clock test randomly fails on Xen - boo#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - boo#985503: vif-route broken - boo#961100: Migrate a fv guest from sles12 to sles12sp1 fails remove patch because it can not fix the bug - boo#978413: PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. - boo#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) init.50-hvm-xen_conf - boo#900418: Dump cannot be performed on SLES12 XEN - boo#953339, boo#953362, boo#953518, boo#984981: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - boo#954872: script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) block-dmmd - boo#982695: xen-4.5.2 qemu fails to boot HVM guest from xvda - boo#958848: HVM guest crash at /usr/src/packages/BUILD/ xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - boo#949889: Fail to install 32-bit paravirt VM under SLES12SP1Beta3 XEN - boo#954872: script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) block-dmmd - boo#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - boo#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - boo#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - boo#961100: Migrate a fv guest from sles12 to sles12sp1 on xen fails for "Domain is not running on destination host". qemu-ignore-kvm-tpr-opt-on-migration.patch - boo#973631: AWS EC2 kdump issue - boo#964427: Discarding device blocks: failed - Input/output error Important SUSE bug 900418 SUSE bug 949889 SUSE bug 953339 SUSE bug 953362 SUSE bug 953518 SUSE bug 954872 SUSE bug 955104 SUSE bug 958848 SUSE bug 959330 SUSE bug 959552 SUSE bug 961100 SUSE bug 961600 SUSE bug 963161 SUSE bug 964427 SUSE bug 970135 SUSE bug 971949 SUSE bug 973188 SUSE bug 973631 SUSE bug 974038 SUSE bug 975130 SUSE bug 975138 SUSE bug 975907 SUSE bug 976058 SUSE bug 976111 SUSE bug 978164 SUSE bug 978295 SUSE bug 978413 SUSE bug 979620 SUSE bug 979670 SUSE bug 980716 SUSE bug 980724 SUSE bug 981264 SUSE bug 981276 SUSE bug 982024 SUSE bug 982025 SUSE bug 982026 SUSE bug 982224 SUSE bug 982225 SUSE bug 982286 SUSE bug 982695 SUSE bug 982960 SUSE bug 983973 SUSE bug 983984 SUSE bug 984981 SUSE bug 985503 SUSE bug 986586 SUSE bug 988675 SUSE bug 988676 SUSE bug 990500 SUSE bug 990843 SUSE bug 990923 SUSE bug 990970 SUSE bug 991934 SUSE bug 992224 SUSE bug 993665 SUSE bug 994421 SUSE bug 994625 SUSE bug 994761 SUSE bug 994772 SUSE bug 994775 SUSE bug 995785 SUSE bug 995789 SUSE bug 995792 CVE-2014-3615 CVE-2014-3672 CVE-2015-7512 CVE-2015-8504 CVE-2015-8558 CVE-2015-8568 CVE-2015-8613 CVE-2015-8743 CVE-2016-1714 CVE-2016-1981 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 Security update for kde-cli-tools5 (Moderate) openSUSE Leap 42.1 This update for kde-cli-tools5 fixes the following vulnerability: * CVE-2016-7787: user could sneak an unicode string terminator in the kdesu invocation (boo#1001916) Moderate SUSE bug 1001916 CVE-2016-7787 Security update for nodejs (Important) openSUSE Leap 42.1 This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: * Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() Important SUSE bug 1001652 SUSE bug 985201 CVE-2016-1669 CVE-2016-2178 CVE-2016-2183 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 Security update for python-suds-jurko (Moderate) openSUSE Leap 42.1 This update for python-suds-jurko fixes the following issues: - CVE-2013-2217: A temporary directory was used in an insecure fashion when initializing file-based URL cache. (boo#827568) Moderate SUSE bug 827568 CVE-2013-2217 Security update for giflib (Moderate) openSUSE Leap 42.1 This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) - bsc#949160: Fix a memory leak This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 949160 SUSE bug 960319 CVE-2015-7555 Security update for tiff (Moderate) openSUSE Leap 42.1 This update for tiff fixes the following security issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3991: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via the tiffcrop tool (bsc#975070) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 974449 SUSE bug 974614 SUSE bug 974618 SUSE bug 975069 SUSE bug 975070 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 Security update for compat-openssl098 (Important) openSUSE Leap 42.1 This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * update expired S/MIME certs (bsc#979475) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 979475 SUSE bug 982575 SUSE bug 983249 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Security update for ecryptfs-utils (Moderate) openSUSE Leap 42.1 This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 920160 SUSE bug 962052 CVE-2014-9687 CVE-2016-1572 Security update for libreoffice (Low) openSUSE Leap 42.1 LibreOffice was updated to version 5.1.5.2, bringing enhancements and bug fixes. - CVE-2016-4324: Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents could be constructed which dereference an iterator to the first entry of an empty STL container. (bsc#987553) - Don't use "nullable" for introspection, as it isn't available on SLE 12's version of gobject-introspection. This prevents a segmentation fault in gnome-documents. (bsc#1000102) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1000102 SUSE bug 987553 CVE-2016-4324 Security update for php5 (Important) openSUSE Leap 42.1 This update for php5 fixes the following security issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 999679 SUSE bug 999680 SUSE bug 999682 SUSE bug 999684 SUSE bug 999685 SUSE bug 999819 SUSE bug 999820 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Security update for systemd (Important) openSUSE Leap 42.1 This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make manager_dispatch_notify_fd() return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writable, this could have allowed a local user to perform a denial-of-service attack against systemd. (bsc#1001765) Additionally, the following non-security fixes are included: - Fix HMAC calculation when appending a data object to journal. (bsc#1000435) - Never accept file descriptors from file systems with mandatory locking enabled. (bsc#954374) - Do not warn about missing install info with "preset". (bsc#970293) - Save /run/systemd/users/UID before starting user@.service. (bsc#996269) - Make sure that /var/lib/systemd/sysv-convert/database is always initialized. (bsc#982211) - Remove daylight saving time handling and tzfile parser. (bsc#990074) - Make sure directory watch is started before cryptsetup. (bsc#987173) - Introduce sd_pid_notify() and sd_pid_notifyf() APIs. (bsc#987857) - Set KillMode=mixed for our daemons that fork worker processes. - Add nosuid and nodev options to tmp.mount. - Don't start console-getty.service when /dev/console is missing. (bsc#982251) - Correct segmentation fault in udev/path_id due to missing NULL check. (bsc#982210) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1000435 SUSE bug 1001765 SUSE bug 954374 SUSE bug 970293 SUSE bug 982210 SUSE bug 982211 SUSE bug 982251 SUSE bug 987173 SUSE bug 987857 SUSE bug 990074 SUSE bug 996269 CVE-2016-7796 Security update for wireshark (Low) openSUSE Leap 42.1 Wireshark was updated to 1.12.9 to fix a number of crashes in protocol dissectors. [boo#960382] * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Low SUSE bug 960382 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 Security update for kcoreaddons (Moderate) openSUSE Leap 42.1 This update for kcoreaddons fixes the following issues: - CVE-2016-7966: HTML injection in plain text viewer (boo#1002977) Moderate SUSE bug 1002977 CVE-2016-7966 Security update for ffmpeg (Moderate) openSUSE Leap 42.1 This update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806) These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution. - CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files - CVE-2016-7502: out-of-bounds array write via incorrect block values - CVE-2016-7905: null-point-exception when decoding avi files with crafted 'gab2' structs - CVE-2016-7555: memory leak when decoding avi files with crafted 'strh' struct - CVE-2016-7785: assert fault via avi files with crafted 'strh' struct Moderate SUSE bug 1003806 CVE-2016-7502 CVE-2016-7555 CVE-2016-7562 CVE-2016-7785 CVE-2016-7905 Security update for roundcubemail (Moderate) openSUSE Leap 42.1 This update for roundcubemail to 1.1.6 fixes several issues (boo#1001856). These security issues were fixed: - Fix XSS issue in href attribute on area tag - Wash position:fixed style in HTML mail for better security These non-security issues were fixed: - Searching in both contacts and groups when LDAP addressbook with group_filters option is used - Use contact_search_name format in popup on results in compose contacts search - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH - Fix handling of blockquote tags with mixed case on html2text conversion - Fix message list multi-select/deselect issue - Fix bug where contact search menu fields where always unchecked in Larry skin - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting - Don't create multipart/alternative messages with empty text/plain part - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified Moderate SUSE bug 1001856 Security update for ghostscript-library (Important) openSUSE Leap 42.1 This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, bsc#1001951) - An incorrect reference count was found in .setdevice. This issue lead to a use-after-free scenario, which could have been exploited for denial-of-service or, possibly, arbitrary code execution attacks. (CVE-2016-7978, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1001951 CVE-2013-5653 CVE-2016-7978 CVE-2016-7979 Security update for squidGuard (Moderate) openSUSE Leap 42.1 squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 985612 CVE-2015-8936 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and security issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). The following non-security bugs were fixed: - 9p: use file_dentry() (bsc#1005101). - af_unix: Do not set err in unix_stream_read_generic unless there was an error (bsc#1005101). - alsa: hda - Fix superfluous HDMI jack repoll (bsc#1005101). - alsa: hda - Turn off loopback mixing as default (bsc#1001462). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm: orion5x: Fix legacy get_irqnr_and_base (bsc#1005101). - batman-adv: Fix memory leak on tt add with invalid vlan (bsc#1005101). - batman-adv: replace WARN with rate limited output on non-existing VLAN (bsc#1005101). - blacklist.conf: add some commits (bsc#1005101) - blacklist.conf: add unaplicable IB/uverbs commit (bsc#1005101) - blacklist.conf: Blacklist unsupported architectures - blkfront: fix an error path memory leak (luckily none so far). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - cgroup: add seq_file forward declaration for struct cftype (bsc#1005101). - do "fold checks into iterate_and_advance()" right (bsc#972460). - drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL (bsc#1005101). - drm/rockchip: unset pgoff when mmap'ing gems (bsc#1005101). - fold checks into iterate_and_advance() (bsc#972460). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681, bsc#1000907). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - hid: multitouch: force retrieving of Win8 signature blob (bsc#1005101). - input: ALPS - add touchstick support for SS5 hardware (bsc#987703). - input: ALPS - allow touchsticks to report pressure (bsc#987703). - input: ALPS - handle 0-pressure 1F events (bsc#987703). - input: ALPS - set DualPoint flag for 74 03 28 devices (bsc#987703). - ipip: Properly mark ipip GRO packets as encapsulated (bsc#1001486). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bsc#1005101). - kabi: hide name change of napi_gro_cb::udp_mark (bsc#1001486). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#1005101). - memcg: fix thresholds for 32b architectures (bsc#1005101). - msi-x: fix an error path (luckily none so far). - netback: fix flipping mode (bsc#996664). - netback: fix flipping mode (bsc#996664). - netem: fix a use after free (bsc#1005101). - net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration (bsc#1005101). - netfront: linearize SKBs requiring too many slots (bsc#991247). - netlink: not trim skb for mmaped socket when dump (bsc#1005101). - net_sched: fix pfifo_head_drop behavior vs backlog (bsc#1005101). - net_sched: keep backlog updated with qlen (bsc#1005101). - nfs: use file_dentry() (bsc#1005101). - ovl: fix open in stacked overlay (bsc#1005101). - pci: Prevent out of bounds access in numa_node override (bsc#1005101). - perf/core: Do not leak event in the syscall error path (bsc#1005101). - perf: Fix PERF_EVENT_IOC_PERIOD deadlock (bsc#1005101). - Revive iov_iter_fault_in_multipages_readable() for 4.1.34. - sch_drr: update backlog as well (bsc#1005101). - sch_hfsc: always keep backlog updated (bsc#1005101). - sch_prio: update backlog as well (bsc#1005101). - sch_qfq: keep backlog updated with qlen (bsc#1005101). - sch_red: update backlog as well (bsc#1005101). - sch_sfb: keep backlog updated with qlen (bsc#1005101). - sch_tbf: update backlog as well (bsc#1005101). - tpm: fix: return rc when devm_add_action() fails (bsc#1005101). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - Update blacklisting documentation to contain path-blacklisting - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - x86/LDT: Print the real LDT base address (bsc#1005101). - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#1005101). - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily none so far). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - xen: Linux 4.1.28. Important SUSE bug 1000287 SUSE bug 1000304 SUSE bug 1000907 SUSE bug 1001462 SUSE bug 1001486 SUSE bug 1004418 SUSE bug 1004462 SUSE bug 1005101 SUSE bug 799133 SUSE bug 881008 SUSE bug 909994 SUSE bug 911687 SUSE bug 922634 SUSE bug 963655 SUSE bug 972460 SUSE bug 978094 SUSE bug 979681 SUSE bug 987703 SUSE bug 991247 SUSE bug 991665 SUSE bug 993890 SUSE bug 993891 SUSE bug 996664 SUSE bug 999600 SUSE bug 999932 CVE-2016-5195 CVE-2016-7039 CVE-2016-7425 CVE-2016-8658 Security update for X Window System client libraries (Moderate) openSUSE Leap 42.1 This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11: - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes: - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi: - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst: - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv: - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC: - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender: - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr: - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1002991 SUSE bug 1002995 SUSE bug 1002998 SUSE bug 1003000 SUSE bug 1003002 SUSE bug 1003012 SUSE bug 1003017 SUSE bug 1003023 CVE-2016-5407 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 Security update for kdump (Moderate) openSUSE Leap 42.1 This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214) - Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214) - Improve network setup in the kdump environment by reading configuration from wicked by default (system configuration files are used as a fallback). (bsc#980328) - Use the last mount entry in kdump_get_mountpoints(). (bsc#951844) - Remove 'notsc' from the kdump kernel command line. (bsc#973213) - Handle dump files with many program headers. (bsc#932339, bsc#970708) - Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206) - Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862) - Use the exit code of kexec, not that of "local". (bsc#984799) - Convert sysroot to a bind mount in kdump initrd. (bsc#976864) - Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the latter can run on bare metal. (bsc#974270) - CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 927451 SUSE bug 932339 SUSE bug 943214 SUSE bug 951844 SUSE bug 964206 SUSE bug 970708 SUSE bug 973213 SUSE bug 974270 SUSE bug 976864 SUSE bug 980328 SUSE bug 984799 SUSE bug 987862 SUSE bug 989972 SUSE bug 990200 CVE-2016-5759 Security update for tor (Moderate) openSUSE Leap 42.1 This update for tor fixes the following security issue: - TROVE-2016-10-001: Remote DoS vulnerability triggered by specially crafted data (boo#1005292) Moderate SUSE bug 1005292 Security update for dbus-1 (Moderate) openSUSE Leap 42.1 This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952) - Add locking to DBusCounter's reference count and notify function (fdo#89297) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021) - Correctly initialize all fields of DBusTypeReader (fdo#90021) - Fix some missing \n in verbose (debug log) messages (fdo#90004) - Clean up some memory leaks in test code (fdo#90021) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1003898 Security update for GraphicsMagick (Moderate) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following issues: - security update: * CVE-2016-8684 [boo#1005123] * CVE-2016-8682 [boo#1005125] * CVE-2016-8683 [boo#1005127] - security update: * CVE-2016-7529 [boo#1000399] * CVE-2016-7528 [boo#1000434] * CVE-2016-7515 [boo#1000689] * CVE-2016-7446 [boo#999673] * CVE-2016-7447 [boo#999673] * CVE-2016-7448 [boo#999673] * CVE-2016-7449 [boo#999673] * CVE-2016-7517 [boo#1000693] * CVE-2016-7519 [boo#1000695] * CVE-2016-7522 [boo#1000698] * CVE-2016-7524 [boo#1000700] * CVE-2016-7531 [boo#1000704] * CVE-2016-7533 [boo#1000707] * CVE-2016-7537 [boo#1000711] * CVE-2016-6823 [boo#1001066] * CVE-2016-7101 [boo#1001221] * do not divide by zero in WriteTIFFImage [boo#1002206] * fix buffer overflow [boo#1002209] * CVE-2016-7800 [boo#1002422] * CVE-2016-7996, CVE-2016-7997 [boo#1003629] Moderate SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000689 SUSE bug 1000693 SUSE bug 1000695 SUSE bug 1000698 SUSE bug 1000700 SUSE bug 1000704 SUSE bug 1000707 SUSE bug 1000711 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002206 SUSE bug 1002209 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 999673 CVE-2016-5688 CVE-2016-6823 CVE-2016-7101 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2016-7515 CVE-2016-7517 CVE-2016-7519 CVE-2016-7522 CVE-2016-7524 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 Security update for guile1 (Low) openSUSE Leap 42.1 This update for guile1 fixes the following issue: - CVE-2016-8605: Thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 Security update for quagga (Important) openSUSE Leap 42.1 This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. (bsc#1005258). Important SUSE bug 1005258 CVE-2016-1245 Security update for qemu (Important) openSUSE Leap 42.1 qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012) - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013) - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018) - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017) - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019) - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285) - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222) - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982) - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959) - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080) - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466) - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994771) - CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (bsc#994774) - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441) - CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (bsc#994760) - CVE-2016-7155: In the VMWARE PVSCSI paravirtual SCSI bus a OOB access and/or infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997858) - CVE-2016-7156: In the VMWARE PVSCSI paravirtual SCSI bus a infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997859) This non-security issue was fixed: - bsc#1000048: Fix migration failure where target host is a soon to be released SLES 12 SP2. Qemu's spice code gets an assertion. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1000048 SUSE bug 967012 SUSE bug 967013 SUSE bug 982017 SUSE bug 982018 SUSE bug 982019 SUSE bug 982222 SUSE bug 982223 SUSE bug 982285 SUSE bug 982959 SUSE bug 983961 SUSE bug 983982 SUSE bug 991080 SUSE bug 991466 SUSE bug 994760 SUSE bug 994771 SUSE bug 994774 SUSE bug 996441 SUSE bug 997858 SUSE bug 997859 CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 Security update for sssd (Moderate) openSUSE Leap 42.1 This update for sssd fixes one security issue and three bugs. The following vulnerability was fixed: - CVE-2014-0249: Incorrect expansion of group membership when encountering a non-POSIX group. (bsc#880245) The following non-security fixes were also included: - Prevent crashes of statically linked binaries using getpwuid when sssd is used and nscd is turned off or has caching disabled. (bsc#993582) - Add logrotate configuration to prevent log files from growing too large when running with debug mode enabled. (bsc#1004220) - Order sudo rules by the same logic used by the native LDAP support from sudo. (bsc#1002973) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1002973 SUSE bug 1004220 SUSE bug 880245 SUSE bug 993582 CVE-2014-0249 Security update for ghostscript (Moderate) openSUSE Leap 42.1 This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1004237 CVE-2016-8602 Security update for libxml2 (Moderate) openSUSE Leap 42.1 This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005544 CVE-2016-4658 Security update for seamonkey (Moderate) openSUSE Leap 42.1 Seamonkey was updated to 2.40 (boo#959277) to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards * CVE-2015-7204: Crash with JavaScript variable assignment with unboxed objects * CVE-2015-7207: Same-origin policy violation using perfomance.getEntries and history navigation * CVE-2015-7208: Firefox allows for control characters to be set in cookies * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7215: Cross-origin information leak through web workers error events * CVE-2015-7211: Hash in data URI is incorrectly parsed * CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames in HTTP/2 * CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes on malformed images due to flaws in Jasper library * CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer overflows found through code inspection * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7223: Privilege escalation vulnerabilities in WebExtension APIs * CVE-2015-7214: Cross-site reading attack through data and view-source URIs Moderate SUSE bug 959277 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 CVE-2015-7575 Security update for openslp (Moderate) openSUSE Leap 42.1 This update for openslp fixes two security issues and two bugs. The following vulnerabilities were fixed: - CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722) - CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600) The following bugfix changes are included: - bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code - bsc#974655: Removed no longer needed slpd init file This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1001600 SUSE bug 974655 SUSE bug 980722 SUSE bug 994989 CVE-2016-4912 CVE-2016-7567 Security update for libraw (Moderate) openSUSE Leap 42.1 This update for libraw fixes the following issues: - CVE-2015-8367: Memory objects are not intialized properly (boo#957517). Moderate SUSE bug 957517 CVE-2015-8367 Security update for chromium (Important) openSUSE Leap 42.1 This update to Chromium 54.0.2840.90: fixes the following security issues: - CVE-2016-5198: out of bounds memory access in v8 (boo#1008274) Important SUSE bug 1008274 CVE-2016-5198 Security update for xulrunner (Important) openSUSE Leap 42.1 XULRunner was updated to 38.6.0 to fix two security issues. The following vulnerabilities were fixed: * CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632) * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) Important SUSE bug 963632 SUSE bug 963635 CVE-2016-1930 CVE-2016-1935 Security update for bind (Important) openSUSE Leap 42.1 This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 Security update for nodejs (Moderate) openSUSE Leap 42.1 This update for nodejs fixes the following issues: - New upstream LTS version 4.6.1 * c-ares: + CVE-2016-5180: fix for single-byte buffer overwrite - Fix nodejs-libpath.patch so ppc doesn't fail to build Moderate CVE-2016-5180 Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr (Important) openSUSE Leap 42.1 This update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed: * CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards (boo#963633) * CVE-2016-1933: Out of Memory crash when parsing GIF format images (boo#963634) * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) * CVE-2015-7208/CVE-2016-1939: Firefox allows for control characters to be set in cookie names (boo#963637) * CVE-2016-1937: Missing delay following user click events in protocol handler dialog (boo#963641) * CVE-2016-1938: Errors in mp_div and mp_exptmod cryptographic functions in NSS (boo#963731) * CVE-2016-1942/CVE-2016-1943: Addressbar spoofing attacks (boo#963643) * CVE-2016-1944/CVE-2016-1945/CVE-2016-1946: Unsafe memory manipulation found through code inspection (boo#963644) * CVE-2016-1947: Application Reputation service disabled in Firefox 43 (boo#963645) The following change from Mozilla Firefox 43.0.4 is included: * Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections Important SUSE bug 963633 SUSE bug 963634 SUSE bug 963635 SUSE bug 963637 SUSE bug 963641 SUSE bug 963643 SUSE bug 963644 SUSE bug 963645 SUSE bug 963731 CVE-2015-7208 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 Security update for curl (Important) openSUSE Leap 42.1 This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8622: URL unescape heap overflow via integer truncation (bsc#1005643) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8620: glob parser write/read out of bounds (bsc#1005640) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1005633 SUSE bug 1005634 SUSE bug 1005635 SUSE bug 1005637 SUSE bug 1005638 SUSE bug 1005640 SUSE bug 1005642 SUSE bug 1005643 SUSE bug 1005645 SUSE bug 1005646 SUSE bug 998760 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 Security update for gd (Important) openSUSE Leap 42.1 This update for gd fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1001900 SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Security update for ImageMagick (Moderate) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) - CVE-2016-7540: writing to RGF format aborts (bsc#1000394) - CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715) - CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7532: fix handling of corrupted psd file (bsc#1000706) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: Out-of-bound access in wpg file coder: (bsc#1000436) - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697) - CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696) - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686) - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2015-8959: dOS due to corrupted DDS files (bsc#1000713) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - Divide by zero in WriteTIFFImage (bsc#1002206) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1000394 SUSE bug 1000399 SUSE bug 1000434 SUSE bug 1000436 SUSE bug 1000686 SUSE bug 1000688 SUSE bug 1000689 SUSE bug 1000690 SUSE bug 1000691 SUSE bug 1000692 SUSE bug 1000693 SUSE bug 1000694 SUSE bug 1000695 SUSE bug 1000696 SUSE bug 1000697 SUSE bug 1000698 SUSE bug 1000699 SUSE bug 1000700 SUSE bug 1000701 SUSE bug 1000702 SUSE bug 1000703 SUSE bug 1000704 SUSE bug 1000706 SUSE bug 1000707 SUSE bug 1000708 SUSE bug 1000709 SUSE bug 1000711 SUSE bug 1000712 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1000715 SUSE bug 1001066 SUSE bug 1001221 SUSE bug 1002206 SUSE bug 1002209 SUSE bug 1002421 SUSE bug 1002422 SUSE bug 1003629 SUSE bug 1005123 SUSE bug 1005125 SUSE bug 1005127 SUSE bug 1005328 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 Security update for mysql-community-server (Important) openSUSE Leap 42.1 mysql-community-server was updated to 5.6.34 to fix the following issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html * fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 * fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append "--ignore-db-dir=lost+found" to the mysqld options in "mysql-systemd-helper" script if "lost+found" directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string "@sysconfdir@" with "/etc" in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling Important SUSE bug 1005555 SUSE bug 1005557 SUSE bug 1005558 SUSE bug 1005560 SUSE bug 1005561 SUSE bug 1005562 SUSE bug 1005563 SUSE bug 1005566 SUSE bug 1005567 SUSE bug 1005569 SUSE bug 1005570 SUSE bug 1005581 SUSE bug 1005582 SUSE bug 1005583 SUSE bug 1005586 SUSE bug 971456 SUSE bug 977614 SUSE bug 983938 SUSE bug 986251 SUSE bug 989911 SUSE bug 989913 SUSE bug 989914 SUSE bug 989915 SUSE bug 989919 SUSE bug 989921 SUSE bug 989922 SUSE bug 989925 SUSE bug 989926 SUSE bug 990890 SUSE bug 998309 SUSE bug 999666 CVE-2016-2105 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3492 CVE-2016-3501 CVE-2016-3521 CVE-2016-3614 CVE-2016-3615 CVE-2016-5439 CVE-2016-5440 CVE-2016-5507 CVE-2016-5584 CVE-2016-5609 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5626 CVE-2016-5627 CVE-2016-5629 CVE-2016-5630 CVE-2016-6304 CVE-2016-6662 CVE-2016-7440 CVE-2016-8283 CVE-2016-8284 CVE-2016-8288 Recommended update for opera (Moderate) openSUSE Leap 42.1 NonFree This update to Opera 41.0.2353.56 fixes the following issues: - Crash on refreshing of tooltip text when deleting a bookmarks bar bookmark in folder menu - Crash if host player closed right after opening detached video - Various minor UI issues - XSS in Personalized Newsreader - Chromium has been updated to the 54.0.2840.87 version Moderate Security update for Chromium (Important) openSUSE Leap 42.1 This update to Chromium 54.0.2840.100 fixes the following vulnerabilities: - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892) - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893) - CVE-2016-5201: info leak in extensions (boo#1009894) - CVE-2016-5202: various fixes from internal audits (boo#1009895) Important SUSE bug 1009892 SUSE bug 1009893 SUSE bug 1009894 SUSE bug 1009895 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 phpMyAdmin was updated to 4.4.15.2 to fix one security issue and one non-security bug. The following vulnerability was fixed: * CVE-2015-8669: It was possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed (boo#960282) The following bug was fixed: * boo#960854: dependency of php-json was missing Moderate SUSE bug 960282 SUSE bug 960854 CVE-2015-8669 Security update for privoxy (Low) openSUSE Leap 42.1 This update to Privoxy 3.0.24 fixes two minor security issues. The vulnerabilities should not be exploitable in the binary as compiled in openSUSE. * CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read (boo#963151) * CVE-2016-1983: Empty Host headers in client requests could result in invalid reads (boo#963152) This update also contains general bug fixes and improvements as well as white and blacklist updates. Low SUSE bug 963151 SUSE bug 963152 CVE-2016-1982 CVE-2016-1983 Security update for jasper (Moderate) openSUSE Leap 42.1 This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839) For additional change description please have a look at the changelog. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2014-8158 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 Security update for GraphicsMagick (Moderate) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following security issue: * CVE-2016-8862: A memory allocation failure in AcquireMagickMemory could lead to denial of service. (boo#1007245) Moderate SUSE bug 1007245 CVE-2016-8862 Security update for memcached (Moderate) openSUSE Leap 42.1 This update for memcached fixes the following security issues: - CVE-2016-8704: Server append/prepend remote code execution (boo#1007871) - CVE-2016-8705: Server update remote code execution (boo#1007870) - CVE-2016-8706: Server ASL authentication remote code execution (boo#1007869) Moderate SUSE bug 1007869 SUSE bug 1007870 SUSE bug 1007871 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Security update for util-linux (Moderate) openSUSE Leap 42.1 This update for util-linux fixes a number of bugs and one minor security issue. The following minor vulnerability was fixed: - CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition (bsc#988361) The following bugs were fixed: - bsc#987176: When mounting a subfolder of a CIFS share, mount -a would show the mount as busy - bsc#947494: mount -a would fail to recognize btrfs already mounted, address loop re-use in libmount - bsc#966891: Conflict in meaning of losetup -L. This switch in SLE12 SP1 and SP2 continues to carry the meaning of --logical-blocksize instead of upstream --nooverlap - bsc#994399: Package would trigger conflicts with sysvinit-tools - bsc#983164: mount uid= and gid= would reject valid non UID/GID values - bsc#978993: cfdisk would mangle some text output - bsc#982331: libmount: ignore redundant slashes This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 947494 SUSE bug 966891 SUSE bug 978993 SUSE bug 982331 SUSE bug 983164 SUSE bug 987176 SUSE bug 988361 SUSE bug 994399 CVE-2016-5011 Security update for php5 (Important) openSUSE Leap 42.1 This update for php5 fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1001900 SUSE bug 1004924 SUSE bug 1005274 CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Security update for ghostscript (Moderate) openSUSE Leap 42.1 This update for ghostscript fixes the following issues: - bsc#1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn't be opened in okular/evince (kde#371887). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1006592 CVE-2013-5653 Security update for MozillaFirefox, mozilla-nss (Important) openSUSE Leap 42.1 This update to Mozilla Firefox 50.0 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89): - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) - CVE-2016-5292: URL parsing causes crash (bmo#1288482) - CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) - CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" (bmo#1289273) - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976) - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777) - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003) - CVE-2016-5289: Memory safety bugs fixed in Firefox 50 - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 The following vulnerabilities were fixed in Mozilla NSS 3.26.1: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2. New features in Mozilla Firefox: - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R - Added option to Find in page that allows users to limit search to whole words only - Added download protection for a large number of executable file types on Windows, Mac and Linux - Fixed rendering of dashed and dotted borders with rounded corners (border-radius) - Added a built-in Emoji set for operating systems without native Emoji fonts - Blocked versions of libavcodec older than 54.35.1 - additional locale mozilla-nss was updated to 3.26.2, incorporating the following changes: - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT - The following CA certificate was added: CN = ISRG Root X1 - NPN is disabled and ALPN is enabled by default - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored Important SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010399 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010410 SUSE bug 1010420 SUSE bug 1010421 SUSE bug 1010422 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1010427 CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 Security update for monit (Moderate) openSUSE Leap 42.1 This update for monit fixes the following issues: - CVE-2016-7067: A malicious attacker could have used a cross-site request forgery vulnerability to trick an authenticated user to perform monit actions. Monit was updated to 5.20, containing all upstream improvements and bug fixes. The following tracked packaging bugs were fixed: - disable sslv3 according to RFC7568 (boo#974763) - fixed pid file directory (boo#971647) Moderate SUSE bug 1007455 SUSE bug 971647 SUSE bug 974763 CVE-2014-3566 CVE-2016-7067 Security update for dovecot22 (Moderate) openSUSE Leap 42.1 This update for dovecot22 fixes the following issues: - dovecot insecure SSL/TLS key and certificate file creation (CVE-2016-4983, bnc#984639) Moderate SUSE bug 984639 CVE-2016-4983 Security update for gnuchess (Low) openSUSE Leap 42.1 This update for gnuchess fixes a security issue: - CVE-2015-8972: specially crafted user input may have caused gnuchess to crash (boo#1010143) Low SUSE bug 1010143 CVE-2015-8972 Security update for bash (Moderate) openSUSE Leap 42.1 This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396) - CVE-2014-6277: More troubles with functions (bsc#898812, bsc#1001759) - CVE-2014-6278: Code execution after original 6271 fix (bsc#898884) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1001759 SUSE bug 898812 SUSE bug 898884 CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543 Security update for libtcnative-1-0 (Moderate) openSUSE Leap 42.1 This update for libtcnative-1-0 fixes the following issues: - Upgrade to libtcnative-1.1.34 (bugfix release) (bsc#1004455) See https://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html * Unconditionally disable export Ciphers. * Improve ephemeral key handling for DH and ECDH. Parameter strength is by default derived from the certificate key strength. * APIs SSL.generateRSATempKey() and SSL.loadDSATempKey() are no longer supported. * Various bugfixes. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1004455 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 42.1 OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues: * Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries * Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app's Java pid. + S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads + S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object + S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected. + S8041781: Need new regression tests for PBE keys + S8041787: Need new regressions tests for buffer handling for PBE algorithms + S8043836: Need new tests for AES cipher + S8044199: Tests for RSA keys and key specifications + S8044772: TempDirTest.java still times out with -Xcomp + S8046339: sun.rmi.transport.DGCAckHandler leaks memory + S8047031: Add SocketPermission tests for legacy socket types + S8048052: Permission tests for setFactory + S8048138: Tests for JAAS callbacks + S8048147: Privilege tests with JAAS Subject.doAs + S8048356: SecureRandom default provider tests + S8048357: PKCS basic tests + S8048360: Test signed jar files + S8048362: Tests for doPrivileged with accomplice + S8048596: Tests for AEAD ciphers + S8048599: Tests for key wrap and unwrap operations + S8048603: Additional tests for MAC algorithms + S8048604: Tests for strong crypto ciphers + S8048607: Test key generation of DES and DESEDE + S8048610: Implement regression test for bug fix of 4686632 in JCE + S8048617: Tests for PKCS12 read operations + S8048618: Tests for PKCS12 write operations. + S8048619: Implement tests for converting PKCS12 keystores + S8048624: Tests for SealedObject + S8048819: Implement reliability test for DH algorithm + S8048820: Implement tests for SecretKeyFactory + S8048830: Implement tests for new functionality provided in JEP 166 + S8049237: Need new tests for X509V3 certificates + S8049321: Support SHA256WithDSA in JSSE + S8049429: Tests for java client server communications with various TLS/SSL combinations. + S8049432: New tests for TLS property jdk.tls.client.protocols + S8049814: Additional SASL client-server tests + S8050281: New permission tests for JEP 140 + S8050370: Need new regressions tests for messageDigest with DigestIOStream + S8050371: More MessageDigest tests + S8050374: More Signature tests + S8050427: LoginContext tests to cover JDK-4703361 + S8050460: JAAS login/logout tests with LoginContext + S8050461: Tests for syntax checking of JAAS configuration file + S8054278: Refactor jps utility tests + S8055530: assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined + S8055844: [TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used + S8059677: Thread.getName() instantiates Strings + S8061464: A typo in CipherTestUtils test + S8062536: [TESTBUG] Conflicting GC combinations in jdk tests + S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently + S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures + S8066871: java.lang.VerifyError: Bad local variable type - local final String + S8068427: Hashtable deserialization reconstitutes table with wrong capacity + S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 + S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac + S8071125: Improve exception messages in URLPermission + S8072081: Supplementary characters are rejected in comments + S8072463: Remove requirement that AKID and SKID have to match when building certificate chain + S8072725: Provide more granular levels for GC verification + S8073400: Some Monospaced logical fonts have a different width + S8073872: Schemagen fails with StackOverflowError if element references containing class + S8074931: Additional tests for CertPath API + S8075286: Additional tests for signature algorithm OIDs and transformation string + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display + S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr + S8079138: Additional negative tests for XML signature processing + S8081512: Remove sun.invoke.anon classes, or move / co-locate them with tests + S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument + S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy + S8130150: Implement BigInteger.montgomeryMultiply intrinsic + S8130242: DataFlavorComparator transitivity exception + S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain + S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata + S8133023: ParallelGCThreads is not calculated correctly + S8134111: Unmarshaller unmarshalls XML element which doesn't have the expected namespace + S8135259: InetAddress.getAllByName only reports "unknown error" instead of actual cause + S8136506: Include sun.arch.data.model as a property that can be queried by jtreg + S8137068: Tests added in JDK-8048604 fail to compile + S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. + S8139581: AWT components are not drawn after removal and addition to a container + S8141243: Unexpected timezone returned after parsing a date + S8141420: Compiler runtime entries don't hold Klass* from being GCed + S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file + S8141551: C2 can not handle returns with inccompatible interface arrays + S8143377: Test PKCS8Test.java fails + S8143647: Javac compiles method reference that allows results in an IllegalAccessError + S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection + S8144593: Suppress not recognized property/feature warning messages from SAXParser + S8144957: Remove PICL warning message + S8145039: JAXB marshaller fails with ClassCastException on classes generated by xjc + S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole + S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images + S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter + S8146035: Windows - With LCD antialiasing, some glyphs are not rendered correctly + S8146192: Add test for JDK-8049321 + S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn + S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches + S8147645: get_ctrl_no_update() code is wrong + S8147807: crash in libkcms.so on linux-sparc + S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications + S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms + S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier) + S8148926: Call site profiling fails on braces-wrapped anonymous function + S8149017: Delayed provider selection broken in RSA client key exchange + S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks + S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary + S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements + S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F + S8149411: PKCS12KeyStore cannot extract AES Secret Keys + S8149417: Use final restricted flag + S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception + S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F + S8149543: range check CastII nodes should not be split through Phi + S8149743: JVM crash after debugger hotswap with lambdas + S8149744: fix testng.jar delivery in Nashorn build.xml + S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE + S8150002: Check for the validity of oop before printing it in verify_remembered_set + S8150470: JCK: api/xsl/conf/copy/copy19 test failure + S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) + S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently. + S8150704: XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees + S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError + S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently + S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java + S8151352: jdk/test/sample fails with "effective library path is outside the test suite" + S8151431: DateFormatSymbols triggers this.clone() in the constructor + S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13 + S8151731: Add new jtreg keywords to jdk 8 + S8151998: VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found + S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported + S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist + S8153531: Improve exception messaging for RSAClientKeyExchange + S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump + S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S8154304: NullpointerException at LdapReferralException.getReferralContext + S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails + S8157078: 8u102 L10n resource file updates + S8157838: Personalized Windows Font Size is not taken into account in Java8u102 * Import of OpenJDK 8 u111 build 14 + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S8049171: Additional tests for jarsigner's warnings + S8063086: Math.pow yields different results upon repeated calls + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8153399: Constrain AppCDS behavior (back port) + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8158994: Service Menu services + S8159684: (tz) Support tzdata2016f + S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde + S8160934: isnan() is not available on older MSVC compilers + S8161141: correct bugId for JDK-8158994 fix push + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S8078628, PR3208: Zero build fails with pre-compiled headers disabled + S8141491, PR3159, G592292: Unaligned memory access in Bits.c + S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only) + S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation * Bug fixes + PR3123: Some object files built without -fPIC on x86 only + PR3126: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3127, G590348: Only apply PaX markings by default on running PaX kernels + PR3199: Invalid nashorn URL + PR3201: Update infinality configure test + PR3218: PR3159 leads to build failure on clean tree * AArch64 port + S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic + S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter + S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered + S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt + S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64. * Shenandoah + PR3224: Shenandoah broken when building without pre-compiled headers - Build against system kerberos - Build against system pcsc and sctp - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 SUSE bug 988651 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Security update for vim (Important) openSUSE Leap 42.1 This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability (bsc#1010685) Important SUSE bug 1010685 CVE-2016-1248 Security update for MozillaFirefox (Important) openSUSE Leap 42.1 MozillaFirefox is updated to version 50.0.2 which fixes the following issues: * Firefox crashed with 3rd party Chinese IME when using IME text (fixed in version 50.0.1) * Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078) * Maliciously crafted SVG animations could cause remote code execution (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079) Important SUSE bug 1012807 SUSE bug 1012964 CVE-2016-9078 CVE-2016-9079 Security update for Mozilla Thunderbird (Important) openSUSE Leap 42.1 This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066) Important SUSE bug 1012964 CVE-2016-9079 Security update for pitivi (Low) openSUSE Leap 42.1 This update for pitivi fixes the following issues: * CVE-2015-0855: 'Insecure use of os.system()' (boo#960339) Low SUSE bug 960339 CVE-2015-0855 Security update for containerd, docker, runc (Moderate) openSUSE Leap 42.1 This update for containerd, docker, runc fixes the following issues: Security issues fixed: - CVE-2016-8867: Fix ambient capability usage in containers (bsc#1007249). Bugfixes: - boo#1006368: Fixed broken docker/containerd installation when installed by SuSE Studio in an appliance. - boo#1004490: Update docker to 1.12.2 - boo#977394: Fix go version to 1.5. - boo#999582: Change the internal mountpoint name to not use ":" as that character can be considered a special character by other tools. - Update docker to 1.12.3 * https://github.com/docker/docker/releases/tag/v1.12.3 This update changes the runc versioning scheme to prevent version downgrades (boo#1009961). Moderate SUSE bug 1004490 SUSE bug 1006368 SUSE bug 1007249 SUSE bug 1009961 SUSE bug 977394 SUSE bug 999582 CVE-2016-8867 Security update for tar (Moderate) openSUSE Leap 42.1 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration issue (bsc#913058) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007188 SUSE bug 913058 CVE-2016-6321 Security update for sudo (Moderate) openSUSE Leap 42.1 This update for sudo fixes the following security issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] - Fix unsafe handling of TZ environment variable. [CVE-2014-9680, bsc#917806] Additionally, these non-security fixes are included in the update: - Fix "ignoring time stamp from the future" message after each boot with !tty_tickets. [bsc#899252] - Enable support for SASL-based authentication. [bsc#979531] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007501 SUSE bug 1007766 SUSE bug 899252 SUSE bug 917806 SUSE bug 979531 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 Security update for libarchive (Moderate) openSUSE Leap 42.1 This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005070 SUSE bug 1005072 SUSE bug 1005076 SUSE bug 986566 SUSE bug 989980 SUSE bug 998677 CVE-2015-2304 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60) - Username matching weaknesses with allow/deny rules (PMASA-2016-61) - Possible to bypass logout timeout (PMASA-2016-62) - Full path disclosure (FPD) weaknesses (PMASA-2016-63) - Multiple XSS weaknesses (PMASA-2016-64) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66) - BBCode injection to login page (PMASA-2016-67) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68) - Multiple SQL injection vulnerabilities (PMASA-2016-69 ) - Incorrect serialized string parsing (PMASA-2016-70) - CSRF token not stripped from the URL (PMASA-2016-71) The following bugfix changes are included: - Fix for expanding in navigation pane - Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies) - Fix editing of ENUM/SET/DECIMAL field structures - Improvements to the parser Moderate SUSE bug 1012271 Security update for GraphicsMagick (Moderate) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following security issues: - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130) - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136) Moderate SUSE bug 1011130 SUSE bug 1011136 CVE-2016-9556 CVE-2016-9559 Security update for mariadb (Important) openSUSE Leap 42.1 This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes: - mysql_install_db can't find data files (bsc#1006539) - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Remove useless mysql@default.service (bsc#1004477) - Replace all occurrences of the string "@sysconfdir@" with "/etc" as it wasn't expanded properly (bsc#990890) - Notable changes: * XtraDB updated to 5.6.33-79.0 * TokuDB updated to 5.6.33-79.0 * Innodb updated to 5.6.33 * Performance Schema updated to 5.6.33 - Release notes and upstream changelog: * https://kb.askmonty.org/en/mariadb-10028-release-notes * https://kb.askmonty.org/en/mariadb-10028-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1001367 SUSE bug 1003800 SUSE bug 1004477 SUSE bug 1005555 SUSE bug 1005558 SUSE bug 1005562 SUSE bug 1005564 SUSE bug 1005566 SUSE bug 1005569 SUSE bug 1005581 SUSE bug 1005582 SUSE bug 1006539 SUSE bug 1008318 SUSE bug 990890 CVE-2016-3492 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440 CVE-2016-8283 Security update for roundcubemail (Important) openSUSE Leap 42.1 roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 * A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) * A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) * Avoid HTML styles that could cause potential click jacking (boo#1001856) - Update to 1.1.5 * Fixed security issue in DBMail driver of password plugin (CVE-2015-2181, boo#976988) Important SUSE bug 1001856 SUSE bug 1012493 SUSE bug 976988 SUSE bug 982003 CVE-2015-2181 CVE-2016-5103 Security update for X Window System client libraries (Moderate) openSUSE Leap 42.1 This update for X Window System client libraries fixes a class of privilege escalation issues. A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. The following libraries have been fixed: libX11: - plugged a memory leak (boo#1002991, CVE-2016-7942). - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942). libXi: - Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945). - Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946). libXrandr: - Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948). Moderate SUSE bug 1002991 SUSE bug 1002998 SUSE bug 1003000 CVE-2016-7942 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-9794: A use-after-free in ALSA pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9178: The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel did not initialize a certain integer variable, which allowed local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call (bnc#1008650). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-8630: The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel, when KVM is enabled, allowed local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction (bnc#1009222). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). The following non-security bugs were fixed: - ata: ahci_xgene: dereferencing uninitialized pointer in probe (bsc#1006580). - blacklist.conf: add some commits (bsc#1006580) - bna: Add synchronization for tx ring (bsc#993739). - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: fix extent tree corruption due to relocation (bsc#990384). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - ext4: fix data exposure after a crash (bsc#1012876). - ext4: fix reference counting bug on block allocation error (bsc#1012876). - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - isofs: Do not return EACCES for unknown filesystems (bsc#1012876). - jbd2: fix checkpoint list cleanup (bsc#1012876). - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#1010909). - locking/static_key: Fix concurrent static_key_slow_inc() (bsc#1006580). - mmc: Fix kabi breakage of mmc-block in 4.1.36 (stable-4.1.36). - posix_acl: Added fix for f2fs. - Revert "kbuild: add -fno-PIE" (stable-4.1.36). - Revert "x86/mm: Expand the exception table logic to allow new handling options" (stable-4.1.36). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - vmxnet3: Wake queue from reset work (bsc#999907). Important SUSE bug 1001171 SUSE bug 1001486 SUSE bug 1003925 SUSE bug 1004517 SUSE bug 1006580 SUSE bug 1007197 SUSE bug 1007615 SUSE bug 1007653 SUSE bug 1008650 SUSE bug 1008833 SUSE bug 1009222 SUSE bug 1010040 SUSE bug 1010150 SUSE bug 1010478 SUSE bug 1010501 SUSE bug 1010502 SUSE bug 1010507 SUSE bug 1010909 SUSE bug 1011685 SUSE bug 1012754 SUSE bug 1012876 SUSE bug 1013533 SUSE bug 934067 SUSE bug 990384 SUSE bug 993739 SUSE bug 995968 SUSE bug 999577 SUSE bug 999907 CVE-2015-8956 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-7042 CVE-2016-7097 CVE-2016-7913 CVE-2016-8630 CVE-2016-8633 CVE-2016-8646 CVE-2016-8655 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9555 CVE-2016-9794 Security update for pdns (Moderate) openSUSE Leap 42.1 This update for pdns fixes the following issues: - maliciously crafted packets could cause pdns to trigger an assertion and thus lead to DoS (CVE-2015-5311, boo#954402) Moderate SUSE bug 954402 CVE-2015-5311 Security update for the openSUSE Leap 42.1 kernel. (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel has been updated to fix a security issue: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). Important SUSE bug 1013604 CVE-2016-9576 Security update for libass (Moderate) openSUSE Leap 42.1 This update for libass fixes the following issues: - Fixed situations that could cause uninitialised memory to be used, leading to undefined behaviour. (boo#1002982, CVE-2016-7969, CVE-2016-7972) Moderate SUSE bug 1002982 CVE-2016-7969 CVE-2016-7972 Security update for ImageMagick (Moderate) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245] - update incomplete patch of CVE-2016-6823 [bsc#1001066] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1001066 SUSE bug 1007245 CVE-2016-6823 CVE-2016-8862 Security update for java-1_7_0-openjdk (Moderate) openSUSE Leap 42.1 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.8 - OpenJDK 7u121 * Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S7090158: Networking Libraries don't build with javac -Werror + S7125055: ContentHandler.getContent API changed in error + S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows + S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test + S8000626: Implement dead key detection for KeyEvent on Linux + S8003890: corelibs test scripts should pass TESTVMOPTS + S8005629: javac warnings compiling java.awt.EventDispatchThread and sun.awt.X11.XIconWindow + S8010297: Missing isLoggable() checks in logging code + S8010782: clean up source files containing carriage return characters + S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux + S8015265: revise the fix for 8007037 + S8016747: Replace deprecated PlatformLogger isLoggable(int) with isLoggable(Level) + S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo + S8024756: method grouping tabs are not selectable + S8026741: jdk8 l10n resource file translation update 5 + S8048147: Privilege tests with JAAS Subject.doAs + S8048357: PKCS basic tests + S8049171: Additional tests for jarsigner's warnings + S8059177: jdk8u40 l10n resource file translation update 1 + S8075584: test for 8067364 depends on hardwired text advance + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387 + S8080628: No mnemonics on Open and Save buttons in JFileChooser + S8083601: jdk8u60 l10n resource file translation update 2 + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8143134: L10n resource file translation update + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8159684: (tz) Support tzdata2016f + S8160934: isnan() is not available on older MSVC compilers + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices fails SOMETIMES for Cups + S6907252, PR3162: ZipFileInputStream Not Thread-Safe + S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on 7u45 Embedded linux-ppc* + S8028479, PR3162: runNameEquals still cannot precisely detect if a usable native krb5 is available + S8034057, PR3162: Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win) + S8038491, PR3162: Improve synchronization in ZipFile.read() + S8038502, PR3162: Deflater.needsInput() should use synchronization + S8059411, PR3162: RowSetWarning does not correctly chain warnings + S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable + S8066188, PR3162: BaseRowSet returns the wrong default value for escape processing + S8072466, PR3162: Deadlock when initializing MulticastSocket and DatagramSocket + S8075118, PR3162: JVM stuck in infinite loop during verification + S8076579, PR3162: Popping a stack frame after exception breakpoint sets last method param to exception + S8078495, PR3162: End time checking for native TGT is wrong + S8078668, PR3162: jar usage string mentions unsupported option '-n' + S8080115, PR3162: (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads + S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone parsing problem + S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing the LDAP context + S8130136, PR3162: Swing window sometimes fails to repaint partially when it becomes exposed + S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal + S8132551, PR3162: Initialize local variables before returning them in p11_convert.c + S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after changes for JDK-8080115 + S8133666, PR3162: OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux + S8135002, PR3162: Fix or remove broken links in objectMonitor.cpp comments + S8137121, PR3162: (fc) Infinite loop FileChannel.truncate + S8137230, PR3162: TEST_BUG: java/nio/channels/FileChannel/LoopingTruncate.java timed out + S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout + S8140249, PR3162: JVM Crashing During startUp If Flight Recording is enabled + S8141491, PR3160, G592292: Unaligned memory access in Bits.c + S8144483, PR3162: One long Safepoint pause directly after each GC log rotation + S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory * Bug fixes + S8078628, PR3151: Zero build fails with pre-compiled headers disabled + PR3128: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3131: PaX marking fails on filesystems which don't support extended attributes + PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a typo in add-tzdata dependency + PR3141: Pass $(CC) and $(CXX) to OpenJDK build + PR3166: invalid zip timestamp handling leads to error building bootstrap-javac + PR3202: Update infinality configure test + PR3212: Disable ARM32 JIT by default * CACAO + PR3136: CACAO is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * JamVM + PR3134: JamVM is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * AArch64 port + S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter + S8168888: Port 8160591: Improve internal array handling to AArch64. + PR3211: AArch64 build fails with pre-compiled headers disabled - Changed patch: * java-1_7_0-openjdk-gcc6.patch + Rediff to changed context - Disable arm32 JIT, since its build broken (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Security update for pacemaker (Moderate) openSUSE Leap 42.1 This update for pacemaker fixes the following issues: - remote: Allow cluster and remote LRM API versions to diverge (bsc#1009076) - libcrmcommon: fix CVE-2016-7035 (improper IPC guarding) (bsc#1007433) - sysconfig: minor tweaks (typo, wording) - spec: more robust check for systemd being in use - spec: defines instead of some globals + error suppression - various: issues discovered via valgrind and coverity - attrd_updater: fix usage of HAVE_ATOMIC_ATTRD - crmd: cl#5185 - Record pending operations in the CIB before they are performed (bsc#1003565) - ClusterMon: fix to avoid matching other process with the same PID - mcp: improve comments for sysconfig options - remove openssl-devel and libselinux-devel as build dependencies - tools: crm_standby --version/--help should work without cluster - libpengine: only log startup-fencing warning once - pacemaker.service: do not mistakenly suggest killing fenced - libcrmcommon: report errors consistently when waiting for data on connection (bsc#986644) - remote: Correctly calculate the remaining timeouts when receiving messages (bsc#986644) - libfencing: report added node ID correctly - crm_mon: Do not call setenv with null value - pengine: Do not fence a maintenance node if it shuts down cleanly (bsc#1000743) - ping: Avoid temporary files for fping check (bsc#987348) - all: clarify licensing and copyrights - crmd: Resend the shutdown request if the DC forgets - ping: Avoid temp files in fping_check (bsc#987348) - crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down - crmd: clear remote node operation history only when it comes up - libcib,libfencing,libtransition: handle memory allocation errors without CRM_CHECK() - tools: make crm_mon XML schema handle resources with multiple active - pengine: set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources - pengine: avoid null dereference in new same-node ordering option - lrmd,libcluster: ensure g_hash_table_foreach() is never passed a null table - crmd: don't log warning if abort_unless_down() can't find down event - lib: Correction of the deletion of the notice registration. - stonithd: Correction of the wrong connection process name. - crmd: Keep a state of LRMD in the DC node latest. - pengine: avoid transition loop for start-then-stop + unfencing - libpengine: allow pe_order_same_node option for constraints - cts: Restart systemd-journald with "systemctl restart systemd-journald.socket" (bsc#995365) - libcrmcommon: properly handle XML comments when comparing v2 patchset diffs - crmd: don't abort transitions for CIB comment changes - libcrmcommon: log XML comments correctly - libcrmcommon: remove extraneous format specifier from log message - remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767, CVE-2016-7797) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1000743 SUSE bug 1002767 SUSE bug 1003565 SUSE bug 1007433 SUSE bug 1009076 SUSE bug 967388 SUSE bug 986644 SUSE bug 987348 SUSE bug 995365 CVE-2016-7035 CVE-2016-7797 Security update for pcre (Moderate) openSUSE Leap 42.1 This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed: - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed: - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 906574 SUSE bug 924960 SUSE bug 933288 SUSE bug 933878 SUSE bug 936227 SUSE bug 942865 SUSE bug 957566 SUSE bug 957567 SUSE bug 957598 SUSE bug 957600 SUSE bug 960837 SUSE bug 971741 SUSE bug 972127 CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: - CVE-2016-9137: Use After Free in unserialize() (bsc#1008029) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC (bsc#986247) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1008029 SUSE bug 986247 CVE-2016-5773 CVE-2016-9137 Security update for qemu (Important) openSUSE Leap 42.1 This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1 - Change package post script udevadm trigger calls to be device specific (bsc#1002116) - Address various security/stability issues * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151) * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345) * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) - Fix case of disk corruption with migration due to improper internal state tracking (bsc#996524) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1000345 SUSE bug 1001151 SUSE bug 1002116 SUSE bug 1002550 SUSE bug 1002557 SUSE bug 1003878 SUSE bug 1003893 SUSE bug 1003894 SUSE bug 1004702 SUSE bug 1004707 SUSE bug 1006536 SUSE bug 1006538 SUSE bug 1007391 SUSE bug 1007450 SUSE bug 1007454 SUSE bug 1007493 SUSE bug 1007494 SUSE bug 1007495 SUSE bug 996524 SUSE bug 998516 SUSE bug 999661 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7466 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Security update for Chromium (Important) openSUSE Leap 42.1 This update to Chromium 55.0.2883.75 fixes the following vulnerabilities: - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink - CVE-2016-5204: Universal XSS in Blink - CVE-2016-5209: Out of bounds write in Blink - CVE-2016-5203: Use after free in PDFium - CVE-2016-5210: Out of bounds write in PDFium - CVE-2016-5212: Local file disclosure in DevTools - CVE-2016-5211: Use after free in PDFium - CVE-2016-5213: Use after free in V8 - CVE-2016-5214: File download protection bypass - CVE-2016-5216: Use after free in PDFium - CVE-2016-5215: Use after free in Webaudio - CVE-2016-5217: Use of unvalidated data in PDFium - CVE-2016-5218: Address spoofing in Omnibox - CVE-2016-5219: Use after free in V8 - CVE-2016-5221: Integer overflow in ANGLE - CVE-2016-5220: Local file access in PDFium - CVE-2016-5222: Address spoofing in Omnibox - CVE-2016-9650: CSP Referrer disclosure - CVE-2016-5223: Integer overflow in PDFium - CVE-2016-5226: Limited XSS in Blink - CVE-2016-5225: CSP bypass in Blink - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives The default bookmarks override was removed. The following packaging changes are included: - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available. - Chromium now requires harfbuzz >= 1.3.0 Important SUSE bug 1013236 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 Security update for tomcat (Important) openSUSE Leap 42.1 This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bugs fixed: - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728) - Enabled optional setenv.sh script. See section '(3.4) Using the "setenv" script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt. (bsc#1002639) - Fixed regression caused by CVE-2016-6816. This update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1002639 SUSE bug 1004728 SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1010893 SUSE bug 1011805 SUSE bug 1011812 SUSE bug 974407 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Security update for w3m (Moderate) openSUSE Leap 42.1 This update for w3m fixes the following security issues (bsc#1011293): - CVE-2016-9622: w3m: null deref (bsc#1012021) - CVE-2016-9623: w3m: null deref (bsc#1012022) - CVE-2016-9624: w3m: near-null deref (bsc#1012023) - CVE-2016-9625: w3m: stack overflow (bsc#1012024) - CVE-2016-9626: w3m: stack overflow (bsc#1012025) - CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) - CVE-2016-9628: w3m: null deref (bsc#1012027) - CVE-2016-9629: w3m: null deref (bsc#1012028) - CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) - CVE-2016-9631: w3m: null deref (bsc#1012030) - CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) - CVE-2016-9633: w3m: OOM (bsc#1012032) - CVE-2016-9434: w3m: null deref (bsc#1011283) - CVE-2016-9435: w3m: use uninit value (bsc#1011284) - CVE-2016-9436: w3m: use uninit value (bsc#1011285) - CVE-2016-9437: w3m: write to rodata (bsc#1011286) - CVE-2016-9438: w3m: null deref (bsc#1011287) - CVE-2016-9439: w3m: stack overflow (bsc#1011288) - CVE-2016-9440: w3m: near-null deref (bsc#1011289) - CVE-2016-9441: w3m: near-null deref (bsc#1011290) - CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) - CVE-2016-9443: w3m: null deref (bsc#1011292) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1011283 SUSE bug 1011284 SUSE bug 1011285 SUSE bug 1011286 SUSE bug 1011287 SUSE bug 1011288 SUSE bug 1011289 SUSE bug 1011290 SUSE bug 1011291 SUSE bug 1011292 SUSE bug 1011293 SUSE bug 1012021 SUSE bug 1012022 SUSE bug 1012023 SUSE bug 1012024 SUSE bug 1012025 SUSE bug 1012026 SUSE bug 1012027 SUSE bug 1012028 SUSE bug 1012029 SUSE bug 1012030 SUSE bug 1012031 SUSE bug 1012032 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 Security update for gc (Moderate) openSUSE Leap 42.1 This update for gc fixes the following issues: - integer overflow in GC_MALLOC_ATOMIC() (CVE-2016-9427, bsc#1011276) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1011276 CVE-2016-9427 Security update for rubygem-rails-html-sanitizer (Important) openSUSE Leap 42.1 This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer (bsc#963327) - CVE-2015-7578: XSS vulnerability via attributes (bsc#963326) - CVE-2015-7580: XSS via whitelist sanitizer (bsc#963328) Important SUSE bug 963326 SUSE bug 963327 SUSE bug 963328 CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 Security update for gstreamer-0_10-plugins-bad (Important) openSUSE Leap 42.1 This update for gstreamer-0_10-plugins-bad fixes the following issues: - Maliciously crafted VMnc files (VMWare video format) could lead to crashes (CVE-2016-9445, CVE-2016-9446, boo#1010829). - Maliciously crafted NSF files (NES sound format) could lead to arbitrary code execution (CESA-2016-0001, boo#1010514). Therefore for security reasons the NSF plugin has been removed from the package. Important SUSE bug 1010514 SUSE bug 1010829 CVE-2016-9445 CVE-2016-9446 Security update for python-Twisted (Moderate) openSUSE Leap 42.1 This update for python-Twisted fixes the following issues: - No longer automatically export the http_proxy environment variable to avoid the proxy being trusted by unaware applications, if a Proxy request header is supplied (boo#989997, CVE-2016-1000111) Moderate SUSE bug 989997 CVE-2016-1000111 Security update for gstreamer-plugins-bad (Important) openSUSE Leap 42.1 This update for gstreamer-plugins-bad fixes the following issues: - Maliciously crafted VMnc (VMware video) streams (typically contained in .avi files) could cause code execution during decoding or information leaks due to an unitialized buffer (CVE-2016-9445, CVE-2016-9446, boo#1010829). Important SUSE bug 1010829 CVE-2016-9445 CVE-2016-9446 Security update for lxc (Important) openSUSE Leap 42.1 This update for lxc fixes the following issue: - CVE-2016-8649: guest escape via ptrace of lxc-attach (boo#1010933). Important SUSE bug 1010933 CVE-2016-8649 Security update for MozillaFirefox (Important) openSUSE Leap 42.1 This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9901: Data from Pocket server improperly sanitized before execution - CVE-2016-9902: Pocket extension does not validate the origin of events - CVE-2016-9903: XSS injection vulnerability in add-ons SDK - CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 - CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 The following bugs were fixed: - boo#1011922: fix crash after a few seconds of usage on AArch64 Important SUSE bug 1011922 SUSE bug 1015422 CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 Security update for rubygem-mail, rubygem-mail-2_4, rubygem-mail-2_5 (Moderate) openSUSE Leap 42.1 This update for rubygem-mail, rubygem-mail-2_4, rubygem-mail-2_5 fixes the following security issues: * boo#959129: SMTP Injection via recipient email addresses Moderate SUSE bug 959129 Security update for shellinabox (Moderate) openSUSE Leap 42.1 shellinabox was updated to version 2.20 to fix the following security issues: - It was possible to fallback to the HTTP protocol even when configured for HTTPS. (CVE-2015-8400, boo#957748) - Disable secure client-initiated renegotiation - Set SSL options for increased security (disable SSLv2, SSLv3) - Protection against large HTTP requests non security fixes: - Includes some MSIE and iOS rendering fixes Moderate SUSE bug 957748 CVE-2015-8400 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 This update to phpMyAdmin 4.4.15.4 fixes the following issues (boo#964024) * CVE-2016-2038: Multiple full path disclosure vulnerabilities * CVE-2016-2039: Unsafe generation of XSRF/CSRF token * CVE-2016-2040: Multiple XSS vulnerabilities * CVE-2016-1927: Insecure password generation in JavaScript * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token * CVE-2016-2042: Multiple full path disclosure vulnerabilities * CVE-2016-2043: XSS vulnerability in normalization page Moderate SUSE bug 964024 CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2042 CVE-2016-2043 Security update for GraphicsMagick (Moderate) openSUSE Leap 42.1 This security update for GraphicsMagick fixes the following issues: - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318) - maliciously crafted jng files could crash the identify utility (CVE-2016-9830, boo#1013640) Moderate SUSE bug 1009318 SUSE bug 1013640 CVE-2016-8866 CVE-2016-9830 Security update for curl (Moderate) openSUSE Leap 42.1 This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - boo#936676: secure_getenv or __secure_getenv may not be detected correctly at build time The following tracked bugs only affect the test suite: - boo#962996: Expired cookie in test 46 caused test failures - boo#934333: Curl test suite was not run, is now enabled during build This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 934333 SUSE bug 936676 SUSE bug 962983 SUSE bug 962996 CVE-2016-0755 Security update for ntp (Moderate) openSUSE Leap 42.1 This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in "sntp -a" (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 Security update for tor (Moderate) openSUSE Leap 42.1 This update for tor fixes the following issues: - a hostile hidden service could cause tor clients to crash (boo#1016343, CVE-2016-1254) Moderate SUSE bug 1016343 CVE-2016-1254 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: (boo#1015422) - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9905: Crash in EnumerateSubDocuments - CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6 The following bugs were fixed: - The system integration dialog was shown every time when starting Thunderbird Moderate SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service (DoS) [bsc#949961] - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified memory when rotating images [bsc#962057] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 949961 SUSE bug 962057 CVE-2015-7803 CVE-2016-1903 Security update for rubygem-actionpack-4_2, rubygem-actionview-4_2, rubygem-activemodel-4_2, rubygem-activerecord-4_2, rubygem-activesupport-4_2 (Moderate) openSUSE Leap 42.1 This update for rubygem-actionpack-4_2, rubygem-actionview-4_2, rubygem-activemodel-4_2, rubygem-activerecord-4_2, rubygem-activesupport-4_2 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329) - CVE-2016-0752: directory traversal and information leak in Action View (boo#963332) - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (boo#963335) - CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331) - CVE-2016-0753: Input Validation Circumvention (boo#963334) - CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330) Moderate SUSE bug 963329 SUSE bug 963330 SUSE bug 963331 SUSE bug 963332 SUSE bug 963334 SUSE bug 963335 CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 Security update for nginx (Moderate) openSUSE Leap 42.1 This update to nginx 1.8.1 fixes the following issues: - CVE-2016-0742: Invalid pointer dereference during DNS server response processing (boo#963781) - CVE-2016-0746: Use-after-free condition during CNAME response processing (boo#963778) - CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution (boo#963775) Moderate SUSE bug 963775 SUSE bug 963778 SUSE bug 963781 CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 Security update for mariadb (Moderate) openSUSE Leap 42.1 MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 - Fix information leak via mysql-systemd-helper script. (CVE-2015-5969, bsc#957174) For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents: - https://kb.askmonty.org/en/mariadb-10022-release-notes/ - https://kb.askmonty.org/en/mariadb-10022-changelog/ This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 937787 SUSE bug 957174 SUSE bug 958789 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 Security update for MySQL (Important) openSUSE Leap 42.1 This update to MySQL 5.6.28 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0503: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. - CVE-2016-0504: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0594: Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0595: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0605: Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0607: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0610: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0611: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2015-5969: Fixed information leak via mysql-systemd-helper script. (bsc#957174) - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() Important SUSE bug 957174 SUSE bug 959724 SUSE bug 962779 CVE-2015-5969 CVE-2015-7744 CVE-2016-0502 CVE-2016-0503 CVE-2016-0504 CVE-2016-0505 CVE-2016-0546 CVE-2016-0594 CVE-2016-0595 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0605 CVE-2016-0606 CVE-2016-0607 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0611 Security update for cacti (Moderate) openSUSE Leap 42.1 cacti was updated to fix the following vulnerabilities: - CVE-2015-8369: SQL injection in graph.php (boo#958863) - CVE-2015-8604: SQL injection in graphs_new.php (boo#960678) - CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977) - CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930) cacti-spine was updated to match the cacti version, fixing a number of upstream bugs. Moderate SUSE bug 958863 SUSE bug 958977 SUSE bug 960678 SUSE bug 965930 CVE-2015-8369 CVE-2015-8377 CVE-2015-8604 CVE-2016-2313 Security update for libnettle (Moderate) openSUSE Leap 42.1 This update for libnettle fixes the following security issues: - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 964845 SUSE bug 964847 SUSE bug 964849 CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 Security update for vlc (Important) openSUSE Leap 42.1 This update for vlc fixes the following issues: - CVE-2015-5949: Remote attackers could have caused a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file (boo#965227) Important SUSE bug 965227 CVE-2015-5949 Security update for claws-mail (Moderate) openSUSE Leap 42.1 This update for claws-mail fixes the following issues: - CVE-2015-8614: additional fixes for buffer overrun issues which allowed remote attackers to cause a crash or have unspecified further impact (boo#959993) Moderate SUSE bug 959993 CVE-2015-8614 Security update for socat (Moderate) openSUSE Leap 42.1 This update for socat fixes the following issues: Changes in socat: - update to 1.7.3.1, security fixes: * Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL" (boo#938913 and CVE-2015-4000). * Socat security advisory 8: "Stack overflow in arguments parser" (boo#964844) - Update to version 1.7.3.0 * Too many changes to list; please read the CHANGES file for news Moderate SUSE bug 938913 SUSE bug 964844 CVE-2015-4000 Security update for Chromium (Moderate) openSUSE Leap 42.1 This update to Chromium 48.0.2564.109 fixes the following issues: Security fixes (boo#965999): - CVE-2016-1622: Same-origin bypass in Extensions - CVE-2016-1623: Same-origin bypass in DOM - CVE-2016-1624: Buffer overflow in Brotli - CVE-2016-1625: Navigation bypass in Chrome Instant - CVE-2016-1626: Out-of-bounds read in PDFium - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives Non-security bug fixes: - boo#965738: resolve issues with specific banking websites when built against system libraries - boo#966082: chromium: sandbox related stacktrace printed - boo#965566: Drop libva support - Prevent graphical issues related to libjpeg - On KDE 5 kwallet5 is the default password store now Moderate SUSE bug 965566 SUSE bug 965738 SUSE bug 965999 SUSE bug 966082 CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update Mozilla Thunderbird 38.6.0 fixes the following issues(boo#963520): - CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) The following upstream fixes are included: - Filters ran on a different folder than selected Moderate SUSE bug 963520 SUSE bug 963632 SUSE bug 963635 CVE-2016-1930 CVE-2016-1935 Security update for MozillaFirefox (Moderate) openSUSE Leap 42.1 This update for MozillaFirefox fixes the following issues: - update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942) Moderate SUSE bug 966438 CVE-2016-1949 Security update for glibc (Important) openSUSE Leap 42.1 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 950944 SUSE bug 955647 SUSE bug 956716 SUSE bug 958315 SUSE bug 961721 SUSE bug 962736 SUSE bug 962737 SUSE bug 962738 SUSE bug 962739 CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Security update for krb5 (Moderate) openSUSE Leap 42.1 This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 963964 SUSE bug 963968 SUSE bug 963975 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 Security update to Chromium 48.0.2564.116 (Critical) openSUSE Leap 42.1 This update contains Chromium 48.0.2564.116 ans fixes the following security flaw: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. (boo#967376) Critical SUSE bug 967376 CVE-2016-1629 Security update for ffmpeg (Moderate) openSUSE Leap 42.1 This update to ffmpeg 2.8.6 fixes the following issues: - CVE-2016-2329: Remote DoS via crafted TIFF files (boo#966674) VLC was updated to 2.8.6, containing various other upstream bugfixes. Moderate SUSE bug 966674 CVE-2016-2329 Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (Important) openSUSE Leap 42.1 This update for a number of source services fixes the following issues: - boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected - obs-service-source_validator - obs-service-extract_file - obs-service-download_files - obs-service-recompress - obs-service-verify_file Also contains all bug fixes and improvements from the openSUSE:Tools versions. Important Security update for qemu (Important) openSUSE Leap 42.1 This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. (bsc#957162 CVE-2015-7512) - Infinite loop in processing command block list. CVE-2015-8345 (bsc#956829): This update also fixes a non-security bug: - Due to space restrictions in limited bios data areas, don't create mptable if vcpu count is "high" (ie more than ~19). (bsc#954864) (No supported guests are negatively impacted by this change, which is taken from upstream seabios) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 954864 SUSE bug 956829 SUSE bug 957162 CVE-2015-7512 CVE-2015-8345 Security update for postgresql93 (Important) openSUSE Leap 42.1 This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, boo#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, boo#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11.html Important SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 Security update for ffmpeg (Important) openSUSE Leap 42.1 This update to ffmpeg 2.8.4 fixes the following issues: * CVE-2015-8661: Denial of service via crafted .mov file [boo#960385] * CVE-2015-8662: Denial of service via crafted JPEG 2000 data [boo#960384] * CVE-2015-8663: Denial of service via crafted H.264 data [boo#960383] Important SUSE bug 960383 SUSE bug 960384 SUSE bug 960385 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 Security update for gummi (Moderate) openSUSE Leap 42.1 This update for gummi fixes the following issues: - CVE-2015-7758: predictable filenames in /tmp based on basename - use final upstream patch (boo#949682) Moderate SUSE bug 949682 CVE-2015-7758 Security update for postgresql94 (Important) openSUSE Leap 42.1 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - PL/Perl still needs to be linked with rpath, so that it can find libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 578053 SUSE bug 966435 SUSE bug 966436 CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 Security update for libpng16 (Moderate) openSUSE Leap 42.1 This update fixes the following security issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 954980 CVE-2015-8126 Security update for bouncycastle (Moderate) openSUSE Leap 42.1 This update to bouncycastle 1.54 fixes the following issues: - CVE-2015-7575: add validation that signature algorithm received in DigitallySigned structures is actually one of those offered (boo#967521) Moderate SUSE bug 967521 CVE-2015-7575 Security update for nodejs (Moderate) openSUSE Leap 42.1 This update for nodejs fixes the following issues: - CVE-2016-2216: Response splitting vulnerability using Unicode characters (boo#966076) - CVE-2016-2086: Request smuggling vulnerability (boo#966077) Node.js was updated to the 4.3.1 LTS version, containing all upstream bug fixes and improvements. Moderate SUSE bug 966076 SUSE bug 966077 CVE-2016-2086 CVE-2016-2216 Security update for dhcp (Moderate) openSUSE Leap 42.1 This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#956159: fixed service files to start dhcpd after slapd - bsc#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 880984 SUSE bug 936923 SUSE bug 956159 SUSE bug 960506 SUSE bug 961305 CVE-2015-8605 Recommended update for KDE Frameworks (Moderate) openSUSE Leap 42.1 This update contains KDE Frameworks 5.19.0 (boo#967668) For details, see https://www.kde.org/announcements/kde-frameworks-5.19.0.php The following bugs were fixed in specific packages: kxmlgui, kdelibs4support: - boo#955280: session not restored after logout/login kio: - boo#963680: Unable to create new link to application - Install "Create New" templates as a workaround Moderate SUSE bug 955280 SUSE bug 963680 SUSE bug 967668 Security update for openssl (Important) openSUSE Leap 42.1 This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT". - CVE-2016-0702 aka the "CacheBleed" attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user(). - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above "DROWN" attack much easier. - CVE-2016-0704 (bsc#968053): "Bleichenbacher oracle in SSLv2" This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above "DROWN" attack much easier. Also the following bug was fixed: - Ensure that OpenSSL doesn't fall back to the default digest algorithm (SHA1) in case a non-FIPS algorithm was negotiated while running in FIPS mode. Instead, OpenSSL will refuse the session. (bnc#958501) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 958501 SUSE bug 963415 SUSE bug 968046 SUSE bug 968047 SUSE bug 968048 SUSE bug 968050 SUSE bug 968051 SUSE bug 968053 SUSE bug 968265 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 Security update for gajim (Moderate) openSUSE Leap 42.1 This update to gajim 0.16.5 fixes the following security issues: * CVE-2015-8688: Message interception due to unverified origin of roster push - Improve security on connexion and for roster managment (boo#960668) The following on-security improvements were added: * Improve MAM implementation. * Ability for emoticons to be sorted in menu. Moderate SUSE bug 960668 CVE-2015-8688 Security update for libopenssl0_9_8 (Important) openSUSE Leap 42.1 This update for libopenssl0_9_8 fixes the following issues: - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT". - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh: * fixes many security vulnerabilities (not seperately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) * SSLv2 doesn't block disabled ciphers Important SUSE bug 952871 SUSE bug 963415 SUSE bug 967787 SUSE bug 968046 SUSE bug 968048 SUSE bug 968374 CVE-2013-0166 CVE-2013-0169 CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3195 CVE-2015-3197 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 Security update for eog (Moderate) openSUSE Leap 42.1 This update for eog fixes the following issues: - Update to version 3.14.5 (CVE-2013-7447 boo#966682): + bgo#762028, >=eog-3.16 is affected by CVE-2013-7447. + Updated translations. Moderate SUSE bug 966682 CVE-2013-7447 Security update for libpng12 (Moderate) openSUSE Leap 42.1 This update fixes the following security issue * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 954980 CVE-2015-8126 Security update for wireshark (Moderate) openSUSE Leap 42.1 Wireshark was updated to 1.12.10, fixing a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file, specifically: - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html The following non-security bugs were fixed: - boo#961170: Recommend wireshark-ui instead of requiring it to support text-only used Moderate SUSE bug 961170 SUSE bug 968565 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 This update to phpMyAdmin 4.4.15.4 fixes the following security issues: - CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938) - CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941) Moderate SUSE bug 968938 SUSE bug 968941 CVE-2016-2560 CVE-2016-2561 Security update for libpng15 (Moderate) openSUSE Leap 42.1 This update fixes the following security issue: * CVE-2015-8126 Possible buffer overflow vulnerabilities in png_get_PLTE and png_set_PLTE functions could cause a denial of service (application crash) or possibly have an unspecified impact [bsc#954980] This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 954980 CVE-2015-8126 Security update for nghttp2 (Low) openSUSE Leap 42.1 This update for nghttp2 fixes the following vulnerabilities: * CVE-2016-1544: A malicious remote attacker could have caused an Out of memory condition due to unlimited incoming HTTP header fields (boo#966514) Low SUSE bug 966514 CVE-2016-1544 Security update for salt (Moderate) openSUSE Leap 42.1 This update for salt fixes the following issues: - CVE-2016-1866: Improper handling of clear messages on the minion remote code execution (boo#965403) The following bugs were fixed: - boo#958350: Salt crashes on invalid UTF-8 in package data - boo#959572: "salt '*' pkg.info_installed" causes exception on sles12sp1 client - boo#963322: salt-api cannot be stopped correctly Moderate SUSE bug 958350 SUSE bug 959572 SUSE bug 963322 SUSE bug 965403 CVE-2016-1866 Security update for libxml2 (Moderate) openSUSE Leap 42.1 - security update: This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260] * CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 928193 SUSE bug 951734 SUSE bug 951735 SUSE bug 954429 SUSE bug 956018 SUSE bug 956021 SUSE bug 956260 SUSE bug 957105 SUSE bug 957106 SUSE bug 957107 SUSE bug 957109 SUSE bug 957110 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 Security update for libotr,libotr2 (Important) openSUSE Leap 42.1 libotr and libotr2 were updated to fix one security issue: - CVE-2016-2851: Integer overflow vulnerability allowed remote attackers to execute arbitrary code on 64 bit platforms (boo#969785) Important SUSE bug 969785 CVE-2016-2851 Security update for exim (Important) openSUSE Leap 42.1 This update to exim 4.86.2 fixes the following issues: * CVE-2016-1531: local privilege escalation for set-uid root exim when using 'perl_startup' (boo#968844) Important: Exim now cleans the complete execution environment by default. This affects Exim and subprocesses such as transports calling other programs. The following new options are supported to adjust this behaviour: * keep_environment * add_environment A warning will be printed upon startup if none of these are configured. Also includes upstream changes, improvements and bug fixes: * Support for using the system standard CA bundle. * New expansion items $config_file, $config_dir, containing the file and directory name of the main configuration file. Also $exim_version. * New "malware=" support for Avast. * New "spam=" variant option for Rspamd. * Assorted options on malware= and spam= scanners. * A commandline option to write a comment into the logfile. * A logging option for slow DNS lookups. * New ${env {<variable>}} expansion. * A non-SMTP authenticator using information from TLS client certificates. * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. * Main option "dns_trust_aa" for trusting your local nameserver at the same level as DNSSEC. Important SUSE bug 968844 CVE-2016-1531 Security update for openssl (Important) openSUSE Leap 42.1 This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT". - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above "DROWN" attack much easier. - CVE-2016-0704 (bsc#968053): "Bleichenbacher oracle in SSLv2" This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above "DROWN" attack much easier. Also fixes the following bug: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 952871 SUSE bug 963415 SUSE bug 968046 SUSE bug 968048 SUSE bug 968051 SUSE bug 968053 SUSE bug 968374 CVE-2015-3197 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 Security update for libssh (Moderate) openSUSE Leap 42.1 This update for libssh fixes the following issues: - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. (bsc#965875) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 965875 CVE-2016-0739 Security update for python-rsa (Moderate) openSUSE Leap 42.1 This update for python-rsa fixes the following security issues: * CVE-2016-1494: Possible signature forgery via Bleichenbacher attack (bsc#960680) The following bugs fixes are included: * FATE#319904, boo#954690: Support VPN feature in google-cloud-sdk * boo#935595: missing coreutils requirement Moderate SUSE bug 935595 SUSE bug 954690 SUSE bug 960680 CVE-2016-1494 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important) openSUSE Leap 42.1 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) * required for Firefox 45.0 * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) Important SUSE bug 969894 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Security update for python-Pillow (Moderate) openSUSE Leap 42.1 This update for python-Pillow fixes the following issues: - backport security fixes from 3.1.1 (Pillow-overflows.patch): * Fixed an integer overflow in Resample.c causing writes in the Python heap. * Fixed a buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files. CVE-2016-TBD * Fixed a buffer overflow in FliDecode.c causing a segfault when opening FLI files. CVE-2016-0775 (fixes boo#965582) * Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file. CVE-2016-0740 (fixes boo#965579) Moderate SUSE bug 965579 SUSE bug 965582 CVE-2016-0740 CVE-2016-0775 Security update for webkit2gtk3 (Moderate) openSUSE Leap 42.1 This update for webkit2gtk3 fixes the following issues: - Update to version 2.10.7: + Fix the build with GTK+ < 3.16. - Changes from version 2.10.6: + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang. + Fix media controls displaying without controls attribute. + Fix a Web Process crash when quickly attempting many DnD operations. - Changes from version 2.10.5: + Disable DNS prefetch when a proxy is configured. + Reduce the maximum simultaneous network connections to match other browsers. + Make WebKitWebView always propagate motion-notify-event signal. + Add a way to force accelerating compositing mode at runtime using an environment variable. + Fix input elements and scrollbars rendering with GTK+ 3.19. + Fix rendering of lines when using solid colors. + Fix UI process crashes related to not having a main resource response when the load is committed for pages restored from the history cache. + Fix a WebProcess crash when loading large contents with custom URI schemes API. + Fix a crash in the UI process when the WebView is destroyed while the screensaver DBus proxy is being created. + Fix WebProcess crashes due to BadDrawable X errors in accelerated compositing mode. + Fix crashes on PPC64 due to mprotect() on address not aligned to the page size. + Fix std::bad_function_call exception raised in dispatchDecidePolicyForNavigationAction. + Fix downloads of data URLs. + Fix runtime critical warnings when closing a page containing windowed plugins. + Fix several crashes and rendering issues. + Translation updates: French, German, Italian, Turkish. + Security fixes: CVE-2015-7096, CVE-2015-7098. - Update to version 2.10.4, notable changes: + New HTTP disk cache for the Network Process. + New Web Inspector UI. + Automatic ScreenServer inhibition when playing fullscreen videos. + Initial Editor API. + Performance improvements. - This update addresses the following security issues: CVE-2015-1122, CVE-2015-1152, CVE-2015-1155, CVE-2015-3660, CVE-2015-3730, CVE-2015-3738, CVE-2015-3740, CVE-2015-3742, CVE-2015-3744, CVE-2015-3746, CVE-2015-3750, CVE-2015-3751, CVE-2015-3754, CVE-2015-3755, CVE-2015-5804, CVE-2015-5805, CVE-2015-5807, CVE-2015-5810, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5817, CVE-2015-5818, CVE-2015-5825, CVE-2015-5827, CVE-2015-5828, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931, CVE-2015-7002, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104 - Add BuildRequires: hyphen-devel to pick up hyphenation support. Note this is broken upstream. - Build with -DENABLE_DATABASE_PROCESS=OFF and -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC 4.8. Moderate CVE-2015-1122 CVE-2015-1152 CVE-2015-1155 CVE-2015-3660 CVE-2015-3730 CVE-2015-3738 CVE-2015-3740 CVE-2015-3742 CVE-2015-3744 CVE-2015-3746 CVE-2015-3750 CVE-2015-3751 CVE-2015-3754 CVE-2015-3755 CVE-2015-5804 CVE-2015-5805 CVE-2015-5807 CVE-2015-5810 CVE-2015-5813 CVE-2015-5814 CVE-2015-5815 CVE-2015-5817 CVE-2015-5818 CVE-2015-5825 CVE-2015-5827 CVE-2015-5828 CVE-2015-5929 CVE-2015-5930 CVE-2015-5931 CVE-2015-7002 CVE-2015-7013 CVE-2015-7014 CVE-2015-7048 CVE-2015-7095 CVE-2015-7096 CVE-2015-7097 CVE-2015-7098 CVE-2015-7099 CVE-2015-7100 CVE-2015-7102 CVE-2015-7103 CVE-2015-7104 Security update for bsh2 (Important) openSUSE Leap 42.1 This update for bsh2 fixes the following issues: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see https://github.com/beanshell/beanshell/releases/tag/2.0b6 for more information. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 967593 CVE-2016-2510 Security update for rubygem-actionview-4_2 (Important) openSUSE Leap 42.1 This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (boo#968849) Important SUSE bug 968849 CVE-2016-2098 Security update for git (Important) openSUSE Leap 42.1 This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). Important SUSE bug 971328 CVE-2016-2315 CVE-2016-2324 Security update for cgit (Important) openSUSE Leap 42.1 This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328). Important SUSE bug 971328 CVE-2016-2315 CVE-2016-2324 Security update for xen (Important) openSUSE Leap 42.1 This update for xen fixes the following issues: - CVE-2015-8567,CVE-2015-8568: xen: qemu: net: vmxnet3: host memory leakage (boo#959387) - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988) - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006) - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918) - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception (boo#958493) - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007) - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009) - boo#958523: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832) - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018) - boo#956592: xen: virtual PMU is unsupported (XSA-163) - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408) - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409) - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411) Important SUSE bug 954018 SUSE bug 956408 SUSE bug 956409 SUSE bug 956411 SUSE bug 956592 SUSE bug 956832 SUSE bug 957988 SUSE bug 958007 SUSE bug 958009 SUSE bug 958493 SUSE bug 958523 SUSE bug 958918 SUSE bug 959006 SUSE bug 959387 CVE-2015-5307 CVE-2015-7504 CVE-2015-7549 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 Security update for Chromium (Important) openSUSE Leap 42.1 This update contains Chromium 49.0.2623.87 to fix the following issues: - CVE-2016-1643: Type confusion in Blink (boo#970514) - CVE-2016-1644: Use-after-free in Blink (boo#970509) - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511) Important SUSE bug 970509 SUSE bug 970511 SUSE bug 970514 CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 Security update for libebml, libmatroska (Moderate) openSUSE Leap 42.1 This update for libebml, libmatroska fixes the following security issues: Vulnerabilities fixed in libebml: * Cisco TALOS-CAN-0036: Invalid memory access when reading from a UTF-8 string resulted in a heap information leak (bsc#961031). * Cisco TALOS-CAN-0037: Deeply nested elements with infinite size use-after-free and multiple free (bsc#961031). * Invalid mempry access resulted in heap information leak Vulnerabilities fixed in libmatroska: * invalid memory access when reading specially crafted data lead to a heap information leak. Moderate SUSE bug 961031 Security update for openssh (Critical) openSUSE Leap 42.1 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. This update was imported from the SUSE:SLE-12:Update update project. Critical SUSE bug 961642 SUSE bug 961645 CVE-2016-0777 CVE-2016-0778 Security update for bind (Important) openSUSE Leap 42.1 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 970072 SUSE bug 970073 CVE-2016-1285 CVE-2016-1286 Security update for tomcat (Important) openSUSE Leap 42.1 This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967) * CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when different session settings are used for deployments of multiple versions of the same web application, might have allowed remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. (bsc#967814) * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965) * CVE-2015-5351: The (1) Manager and (2) Host Manager applications in Apache Tomcat established sessions and send CSRF tokens for arbitrary new requests, which allowed remote attackers to bypass a CSRF protection mechanism by using a token. (bsc#967812) * CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815) * CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964) * CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. (bsc#967966) The full changes can be read on: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 967812 SUSE bug 967814 SUSE bug 967815 SUSE bug 967964 SUSE bug 967965 SUSE bug 967966 SUSE bug 967967 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 Security update for dropbear (Moderate) openSUSE Leap 42.1 dropbear was updated to 2016.72 to fix the following issues: Changes in dropbear: - updated to upstream version 2016.72 * Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. - used as bug fix release for boo#970633 - CVE-2016-3116 - updated to upstream version 2015.71 * Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 * Fix crash on exit when -p address:port is used, broke in 2015.68 * Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev * Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert, broke in 2015.70 * Fix server race condition that could cause sessions to hang on exit, https://github.com/robotframework/SSHLibrary/issues/128 - updated to upstream version 2015.70 * Fix server password authentication on Linux, broke in 2015.69 * Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68) * Avoid hang on session close when multiple sessions are started, affects Qt Creator Patch from Andrzej Szombierski * Reduce per-channel memory consumption in common case, increase default channel limit from 100 to 1000 which should improve SOCKS forwarding for modern webpages * Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin * Manpage improvements from Guilhem Moulin * Build fixes for Android from Mike Frysinger * Don't display the MOTD when an explicit command is run from Guilhem Moulin * Check curve25519 shared secret isn't zero - updated to upstream version 2015.68 * Reduce local data copying for improved efficiency. Measured 30% increase in throughput for connections to localhost * Forwarded TCP ports connect asynchronously and try all available addresses (IPv4, IPv6, round robin DNS) * Fix all compile warnings, many patches from Ga?l Portay Note that configure with -Werror may not be successful on some platforms (OS X) and some configuration options may still result in unused variable warnings. * Use TCP Fast Open on Linux if available. Saves a round trip at connection to hosts that have previously been connected. Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" Client side is disabled by default pending further compatibility testing with networks and systems. * Increase maximum command length to 9000 bytes * Free memory before exiting, patch from Thorsten Horstmann. Useful for Dropbear ports to embedded systems and for checking memory leaks with valgrind. Only partially implemented for dbclient. This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h * DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless there is a leading slash (~ isn't treated specially) * Fix small ECC memory leaks * Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of Matta Consulting. Odds of bad values are around 2**-512 -- improbable. * Twofish-ctr cipher is supported though disabled by default * Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks to CL Ouyang * Fix null pointer crash with restrictions in authorized_keys without a command, patch from Guilhem Moulin * Ensure authentication timeout is handled while reading the initial banner, thanks to CL Ouyang for finding it. * Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz - fixed checksum URL - updated to upstream version 2015.67 * Call fsync() after generating private keys to ensure they aren't lost if a reboot occurs. Thanks to Peter Korsgaard * Disable non-delayed zlib compression by default on the server. Can be enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB * Default client key path ~/.ssh/id_dropbear * Prefer stronger algorithms by default, from Fedor Brunner. AES256 over 3DES Diffie-hellman group14 over group1 * Add option to disable CBC ciphers. * Disable twofish in default options.h * Enable sha2 HMAC algorithms by default, the code was already required for ECC key exchange. sha1 is the first preference still for performance. * Fix installing dropbear.8 in a separate build directory, from Like Ma * Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusam?e * Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea * Minor bug fixes, a few issues found by Coverity scan - replaced deprecated gpg-offline check by obs-service-source_validator - updated to upstream version 2014.66 * Use the same keepalive handling behaviour as OpenSSH. This will work better with some SSH implementations that have different behaviour with unknown message types. * Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own keepalive message * Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere * Fix wtmp which broke since 2013.62, patch from Whoopie Moderate SUSE bug 970633 CVE-2016-3116 Security update for libssh2_org (Moderate) openSUSE Leap 42.1 This update for libssh2_org fixes the following issues: Security issue fixed: - CVE-2016-0787 (bsc#967026): Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. A feature was added: - Support of SHA256 digests for DH group exchanges was added (fate#320343, bsc#961964) Bug fixed: - Properly detect EVP_aes_128_ctr at configure time (bsc#933336) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 933336 SUSE bug 961964 SUSE bug 967026 CVE-2016-0787 Security update for graphite2 (Important) openSUSE Leap 42.1 This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. - CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in Libgraphite mishandled a return value, which allowed remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. - CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite incorrectly validated a size value, which allowed remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. This update was imported from the SUSE:SLE-12:Update project. Important SUSE bug 965803 SUSE bug 965807 SUSE bug 965810 CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 Security update for MozillaThunderbird (Important) openSUSE Leap 42.1 MozillaThunderbird was updated to 38.7.0 to fix the following issues: * Update to Thunderbird 38.7.0 (boo#969894) * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using performance.getEntries and history navigation * MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Important SUSE bug 969894 CVE-2015-4477 CVE-2015-7207 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Security update for quagga (Moderate) openSUSE Leap 42.1 This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952). Moderate SUSE bug 970952 CVE-2016-2342 Security update for pidgin-otr (Moderate) openSUSE Leap 42.1 This update to pidgin-otr 4.0.2 fixes the following issue: - CVE-2015-8833: use-after-free issue during SMP (boo#970498) It also contains new and updated translations. Moderate SUSE bug 970498 CVE-2015-8833 Security update for samba (Important) openSUSE Leap 42.1 This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Other bugs fixed: - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023). - vfs_fruit: Fix renaming directories with open files; (bso#11065). - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347). - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). - Reduce the memory footprint of empty string options; (bso#11625). - lib/async_req: Do not install async_connect_send_test; (bso#11639). - docs: Fix typos in man vfs_gpfs; (bso#11641). - smbd: make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). - smbcacls: Fix uninitialized variable; (bso#11682). - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). - Add quotes around path of update-apparmor-samba-profile; (bsc#962177). - Prevent access denied if the share path is "/"; (bso#11647); (bsc#960249). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953972). - samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 953382 SUSE bug 953972 SUSE bug 960249 SUSE bug 962177 SUSE bug 964023 SUSE bug 966271 SUSE bug 968222 CVE-2015-7560 Security update for webkitgtk (Moderate) openSUSE Leap 42.1 This update for webkitgtk fixes the following issues: - webkitgtk was updated to version 2.4.10 (boo#971460): + Fix rendering of form controls and scrollbars with GTK+ >= 3.19. + Fix crashes on PPC64. + Fix the build on powerpc 32 bits. + Add ARM64 build support. + Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083. + Updated translations. Moderate SUSE bug 971460 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 Security update for xen (Important) openSUSE Leap 42.1 xen was updated to fix 26 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#924018). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#957698: DOM0 can't bring up on Dell PC - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959332: SLES12SP1 PV guest is unreachable when restored or migrated - bsc#959695: Missing docs for xen Important SUSE bug 864391 SUSE bug 864655 SUSE bug 864769 SUSE bug 864805 SUSE bug 877642 SUSE bug 901508 SUSE bug 902737 SUSE bug 924018 SUSE bug 928393 SUSE bug 945404 SUSE bug 945989 SUSE bug 954872 SUSE bug 956829 SUSE bug 957162 SUSE bug 957698 SUSE bug 959332 SUSE bug 959695 SUSE bug 960334 SUSE bug 960707 SUSE bug 960725 SUSE bug 960835 SUSE bug 960861 SUSE bug 961332 SUSE bug 961358 SUSE bug 961691 SUSE bug 963782 SUSE bug 963923 SUSE bug 964413 SUSE bug 967012 SUSE bug 967013 SUSE bug 967969 CVE-2013-4533 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-8345 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1570 CVE-2016-1714 CVE-2016-1981 CVE-2016-2198 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 Security update for libqt4 (Moderate) openSUSE Leap 42.1 This update for libqt4 fixes the following issues: Various unsafe SSL ciphers have been disabled in the standard SSL classes. Also the RC4 based ciphers have been disabled. (bsc#865241) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 865241 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 49.0.2623.110 to fix the following security issues: - CVE-2016-1646: Out-of-bounds read in V8 - CVE-2016-1647: Use-after-free in Navigation - CVE-2016-1648: Use-after-free in Extensions - CVE-2016-1649: Buffer overflow in libANGLE - CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33) Important SUSE bug 972834 CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 CVE-2016-3679 Security update for ghostscript (Low) openSUSE Leap 42.1 ghostscript was updated to fix one security issue and one bug. The following vulnerability was fixed: * CVE-2015-3228: Specially crafted ps files could have caused an out of bound read/write due to an integer overflow, causing a segfault in the application or having unspecified further impact. Also a non security bug was fixed: - fix a crash in mutex handling (bsc#963017) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 939342 SUSE bug 963017 CVE-2015-3228 Security update for git (Moderate) openSUSE Leap 42.1 This update of git to 2.6.6 fixes the following issues: - Update to git-2.6.6 including the official upstream fixes for the previous security issues (CVE-2016-2315,CVE-2016-2324,boo#971328): See the release rotes for other details Documentation/RelNotes/2.6.3.txt Documentation/RelNotes/2.6.4.txt Documentation/RelNotes/2.6.5.txt Documentation/RelNotes/2.6.6.txt Moderate SUSE bug 971328 CVE-2016-2315 CVE-2016-2324 Security update for clamav-database (Moderate) openSUSE Leap 42.1 This update refreshes the clamav-database. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for java-1_8_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the following security issue: * CVE-2016-0636: Improve MethodHandle consistency, which had allowed attackers to execute code. (bsc#972468) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 972468 CVE-2016-0636 Security update for java-1_7_0-openjdk (Important) openSUSE Leap 42.1 The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues: Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses * Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell * Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. * CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed * AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent null pointer exceptions in javac * PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses * Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell * Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. * CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed * AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent null pointer exceptions in javac * PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 972468 CVE-2016-0636 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to 4.1.20 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1339: A memory leak in cuse could be used to exhaust kernel memory. (bsc#969356). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936 951638). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7884: The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951626). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here (bnc#959709). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call. (bsc#961509) - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8787: The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604 (bnc#963931). - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario. (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: When Linux invalidated a paging structure that is not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. (bsc#963767) - CVE-2016-2184: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. (bsc#971125) - CVE-2016-2383: Incorrect branch fixups for eBPF allow arbitrary read of kernel memory. (bsc#966684) - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. (bsc#966693) The following non-security bugs were fixed: - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137). - alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137). - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - arm64: Add workaround for Cavium erratum 27456. - arm64: Backport arm64 patches from SLE12-SP1-ARM - btrfs: teach backref walking about backrefs with underflowed (bsc#966259). - cgroup kabi fix for 4.1.19. - config: Disable CONFIG_DDR. CONFIG_DDR is selected automatically by drivers which need it. - config: Disable MFD_TPS65218 The TPS65218 is a power management IC for 32-bit ARM systems. - config: Modularize NF_REJECT_IPV4/V6 There is no reason why these helper modules should be built-in when the rest of netfilter is built as modules. - config: Update x86 config files: Enable Intel RAPL This driver is useful when power caping is needed. It was enabled in the SLE kernel 2 years ago. - Delete patches.fixes/bridge-module-get-put.patch. As discussed in http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html - drm/i915: Fix double unref in intelfb_alloc failure path (boo#962866, boo#966179). - drm/i915: Fix failure paths around initial fbdev allocation (boo#962866, boo#966179). - drm/i915: Pin the ifbdev for the info->system_base GGTT mmapping (boo#962866, boo#966179). - e1000e: Avoid divide by zero error (bsc#965125). - e1000e: fix division by zero on jumbo MTUs (bsc#965125). - e1000e: fix systim issues (bsc#965125). - e1000e: Fix tight loop implementation of systime read algorithm (bsc#965125). - ibmvnic: Fix ibmvnic_capability struct. - intel: Disable Skylake support in intel_idle driver again (boo#969582) This turned out to bring a regression on some machines, unfortunately. It should be addressed in the upstream at first. - intel_idle: allow idle states to be freeze-mode specific (boo#969582). - intel_idle: Skylake Client Support (boo#969582). - intel_idle: Skylake Client Support - updated (boo#969582). - libceph: fix scatterlist last_piece calculation (bsc#963746). - lio: Add LIO clustered RBD backend (fate#318836) - net kabi fixes for 4.1.19. - numa patches updated to v15 - ocfs2: fix dlmglue deadlock issue(bnc#962257) - pci: thunder: Add driver for ThunderX-pass{1,2} on-chip devices - pci: thunder: Add PCIe host driver for ThunderX processors - sd: Optimal I/O size is in bytes, not sectors (boo#961263). - sd: Reject optimal transfer length smaller than page size (boo#961263). - series.conf: move cxgb3 patch to network drivers section Important SUSE bug 814440 SUSE bug 884701 SUSE bug 949936 SUSE bug 951440 SUSE bug 951542 SUSE bug 951626 SUSE bug 951638 SUSE bug 953527 SUSE bug 954018 SUSE bug 954404 SUSE bug 954405 SUSE bug 954876 SUSE bug 958439 SUSE bug 958463 SUSE bug 958504 SUSE bug 959709 SUSE bug 960561 SUSE bug 960563 SUSE bug 960710 SUSE bug 961263 SUSE bug 961500 SUSE bug 961509 SUSE bug 962257 SUSE bug 962866 SUSE bug 962977 SUSE bug 963746 SUSE bug 963765 SUSE bug 963767 SUSE bug 963931 SUSE bug 965125 SUSE bug 966137 SUSE bug 966179 SUSE bug 966259 SUSE bug 966437 SUSE bug 966684 SUSE bug 966693 SUSE bug 968018 SUSE bug 969356 SUSE bug 969582 SUSE bug 970845 SUSE bug 971125 CVE-2015-1339 CVE-2015-7799 CVE-2015-7872 CVE-2015-7884 CVE-2015-8104 CVE-2015-8709 CVE-2015-8767 CVE-2015-8785 CVE-2015-8787 CVE-2015-8812 CVE-2016-0723 CVE-2016-2069 CVE-2016-2184 CVE-2016-2383 CVE-2016-2384 Security update for clamav-database (Moderate) openSUSE Leap 42.1 This update provides a database refresh for the clamav-database. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for samba (Important) openSUSE Leap 42.1 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965). These non-security issues were fixed: - bsc#974629: Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call. - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel. - bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it. - Getting and setting Windows ACLs on symlinks can change permissions on link - bsc#924519: Upgrade on-disk FSRVP server state to new version. - bsc#968973: Only obsolete but do not provide gplv2/3 package names. - bso#6482: s3:utils/smbget: Fix recursive download. - bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support. - bso#11643: docs: Add example for domain logins to smbspool man page. - bso#11690: s3-client: Add a KRB5 wrapper for smbspool. - bso#11708: loadparm: Fix memory leak issue. - bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD. - bso#11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...". - bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file. - bso#11732: param: Fix str_list_v3 to accept ";" again. - bso#11740: Real memeory leak(buildup) issue in loadparm. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 924519 SUSE bug 936862 SUSE bug 968973 SUSE bug 971965 SUSE bug 972197 SUSE bug 973031 SUSE bug 973032 SUSE bug 973033 SUSE bug 973034 SUSE bug 973036 SUSE bug 973832 SUSE bug 974629 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 Security update for lhasa (Moderate) openSUSE Leap 42.1 This update for lhasa to 0.3.1 fixes the following issues: These security issues were fixed: * CVE-2016-2347: Integer underflow vulnerability in the code for doing LZH level 3 header decodes (boo#973790)[ These non-security issues were fixed: * PMarc -pm1- archives that contain truncated compressed data (the decompressed length is longer than what can be read from the compressed data) now decompress as intended. Certain archives in the wild make the assumption that this can be done. * LArc -lz5- archives that make use of the initial history buffer now decompress correctly. * The tests no longer use predictable temporary paths. Moderate SUSE bug 973790 CVE-2016-2347 Security update for quagga (Moderate) openSUSE Leap 42.1 quagga was updated to fix one security issue. This security issue was fixed: - boo#770619: /etc/quagga and its contents were world-readable despite containing passwords. Moderate SUSE bug 770619 Security update for nodejs (Moderate) openSUSE Leap 42.1 This update contains nodejs 4.2.4 and fixes the following issues: - CVE-2015-6764: unspecified out-of-bounds access vulnerability (boo#956902) - CVE-2015-8027: unspecified denial of service vulnerability (boo#956901) The following non-security bugs were fixed: - boo#948045: Nodejs 4.0 rpm does not install addon-rpm.gypi - boo#961254: common.gypi should install at /usr/share/node and npm requires nodejs-devel Also contains all upstream bug fixes and improvements in the 4.2.2, 4.2.3 and 4.2.4 releases. Moderate SUSE bug 948045 SUSE bug 956901 SUSE bug 956902 SUSE bug 961254 CVE-2015-6764 CVE-2015-8027 Security update for mercurial (Important) openSUSE Leap 42.1 mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176). - CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177). - CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175). Important SUSE bug 973175 SUSE bug 973176 SUSE bug 973177 CVE-2016-3068 CVE-2016-3069 CVE-2016-3630 Security update for optipng (Moderate) openSUSE Leap 42.1 optipng was updated to fix one security issue. This security issue was fixed: - CVE-2016-2191: Invalid write while processing bitmap images (bsc#973992). - CVE-2016-3981: Heap buffer overflow pngxrbmp.c bmp_read_rows - CVE-2016-3982: Heap buffer overflow pngxrbmp.c bmp_rle4_fread Moderate SUSE bug 973992 CVE-2016-2191 CVE-2016-3981 CVE-2016-3982 Security update for gcc5 (Moderate) openSUSE Leap 42.1 The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The following non-security issues have been fixed: - Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220) - Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468) - Fix HTM built-ins on PowerPC. (bsc#955382) - Fix libgo certificate lookup. (bsc#953831) - Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460) - Build s390[x] with "--with-tune=z9-109 --with-arch=z900" on SLE11 again. (bsc#954002) - Revert accidental libffi ABI breakage on aarch64. (bsc#968771) - On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586. - Add experimental File System TS library. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 939460 SUSE bug 945842 SUSE bug 952151 SUSE bug 953831 SUSE bug 954002 SUSE bug 955382 SUSE bug 962765 SUSE bug 964468 SUSE bug 966220 SUSE bug 968771 CVE-2015-5276 Security update for perl-YAML-LibYAML (Moderate) openSUSE Leap 42.1 perl-YAML-LibYAML was updated to fix three security issues. These security issues were fixed: - CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performed an incorrect cast, which allowed remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggered a heap-based buffer overflow (bnc#860617, bnc#911782). - CVE-2014-9130: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allowed context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping (bnc#907809, bnc#911782). - CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allowed context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file (bnc#868944, bnc#911782). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 860617 SUSE bug 868944 SUSE bug 907809 SUSE bug 911782 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 Security update for krb5 (Moderate) openSUSE Leap 42.1 This update for krb5 fixes the following security issue: - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 971942 CVE-2016-3119 Security update for xerces-c (Moderate) openSUSE Leap 42.1 This update for xerces-c fixes the following security issue: - CVE-2016-0729: Fixed mishandling certain kinds of malformed input documents, that resulted in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 966822 CVE-2016-0729 This update refreshes the clamav database. (Moderate) openSUSE Leap 42.1 Security update for clamav-database on April 18th. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for php5 (Important) openSUSE Leap 42.1 This update for php5 fixes the following security issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 968284 SUSE bug 969821 SUSE bug 971611 SUSE bug 971612 SUSE bug 971912 SUSE bug 973351 SUSE bug 973792 CVE-2014-9767 CVE-2015-8835 CVE-2015-8838 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 50.0.2661.94 to fix a number of vulnerabilities (boo#977830): - CVE-2016-1660: Out-of-bounds write in Blink - CVE-2016-1661: Memory corruption in cross-process frames - CVE-2016-1662: Use-after-free in extensions - CVE-2016-1663: Use-after-free in Blink’s V8 bindings - CVE-2016-1664: Address bar spoofing - CVE-2016-1665: Information leak in V8 - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 977830 CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666 Security update update for MozillaFirefox, mozilla-nss (Important) openSUSE Leap 42.1 This update to Mozilla Firefox 46.0 fixes several security issues and bugs (boo#977333). The following vulnerabilities were fixed: - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 (boo#977373) - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 (boo#977375) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (boo#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (boo#977386) - CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42 (boo#977379) - CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42 (boo#977379) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (boo#977381) - CVE-2016-2816: CSP not applied to pages sent with multipart/x-mixed-replace - MFSA 2016-45 (boo#977382) - CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web extensions - MFSA 2016-46 (boo#977384) - CVE-2016-2820: Firefox Health Reports could accept events from untrusted domains - MFSA 2016-48 (boo#977388) The following miscellaneous changes are included: - Improved security of the JavaScript Just In Time (JIT) Compiler - WebRTC fixes to improve performance and stability - Added support for document.elementsFromPoint - Added HKDF support for Web Crypto API The following changes from Mozilla Firefox 45.0.2 are included: - Fix an issue impacting the cookie header when third-party cookies are blocked - Fix a web compatibility regression impacting the srcset attribute of the image tag - Fix a crash impacting the video playback with Media Source Extension - Fix a regression impacting some specific uploads - Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird The following changes from Mozilla Firefox 45.0.2 are included: - Fix a regression causing search engine settings to be lost in some context - Bring back non-standard jar: URIs to fix a regression in IBM iNotes - XSLTProcessor.importStylesheet was failing when import was used - Fix an issue which could cause the list of search provider to be empty - Fix a regression when using the location bar (bmo#1254503) - Fix some loading issues when Accept third-party cookies: was set to Never - Disabled Graphite font shaping library The minimum requirements increased to NSPR 4.12 and NSS 3.22.3. Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox 46.0, with the following changes: - Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) - RSA-PSS signatures are now supported - Pseudorandom functions based on hashes other than SHA-1 are now supported - Enforce an External Policy on NSS from a config file Important SUSE bug 977333 SUSE bug 977373 SUSE bug 977375 SUSE bug 977376 SUSE bug 977379 SUSE bug 977381 SUSE bug 977382 SUSE bug 977384 SUSE bug 977386 SUSE bug 977388 CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2811 CVE-2016-2812 CVE-2016-2814 CVE-2016-2816 CVE-2016-2817 CVE-2016-2820 Security update for jq (Moderate) openSUSE Leap 42.1 jq was updated to fix one security issue. This security issue was fixed: - CVE-2015-8863: Heap buffer overflow in tokenadd() function (boo#976992). Moderate SUSE bug 976992 CVE-2015-8863 Security update for yast2-users (Important) openSUSE Leap 42.1 yast2-users was updated to fix one security issue. This security issue was fixed: - CVE-2016-1601: Empty passwords fields in /etc/shadow after SLES 12 SP1 autoyast installation (bsc#974220). This update includes a script that fixes installations that we're affected by this problem. It is run automatically upon installing the update. This non-security issue was fixed: - bsc#971804: Set root password correctly when using a minimal profile This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 971804 SUSE bug 973639 SUSE bug 974220 CVE-2016-1601 Security update for giflib (Moderate) openSUSE Leap 42.1 giflib was updated to fix one security issue. This security issue was fixed: - CVE-2016-3977: Heap buffer overflow in gif2rgb (bsc#974847). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 974847 CVE-2016-3977 Security update for wireshark (Low) openSUSE Leap 42.1 This update to wireshark 1.12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html Low SUSE bug 976944 Security update for libgcrypt (Moderate) openSUSE Leap 42.1 libgcrypt was updated to fix one security issue. This security issue was fixed: - CVE-2015-7511: Side-channel attack on ECDH with Weierstrass curves (bsc#965902). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 965902 CVE-2015-7511 Security update for openssl (Important) openSUSE Leap 42.1 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 958501 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977616 SUSE bug 977617 SUSE bug 977621 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 Security update for libopenssl0_9_8 (Important) openSUSE Leap 42.1 This update for libopenssl0_9_8 fixes the following issues: - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse Important SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 Security update for subversion (Moderate) openSUSE Leap 42.1 This update for subversion fixes the following issues: - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) The following non-security bugs were fixed: - bsc#969159: subversion dependencies did not enforce matching password store - bsc#911620: svnserve could not be started via YaST Service manager This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 911620 SUSE bug 969159 SUSE bug 976849 SUSE bug 976850 CVE-2016-2167 CVE-2016-2168 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU (bsc#976340): - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to the Security Component - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to affect availability via vectors related to JAXP - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to JCE - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 976340 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 Security update for java-1_7_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency (bsc#976340). - CVE-2016-0687: Better byte behavior (bsc#976340). - CVE-2016-0695: Make DSA more fair (bsc#976340). - CVE-2016-3425: Better buffering of XML strings (bsc#976340). - CVE-2016-3427: Improve JMX connections (bsc#976340). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 976340 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 Security update for ImageMagick (Important) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Security update for compat-openssl098 (Important) openSUSE Leap 42.1 This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse The following non-security bugs were fixed: - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 889013 SUSE bug 968050 SUSE bug 976942 SUSE bug 976943 SUSE bug 977614 SUSE bug 977615 SUSE bug 977617 CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 Security update for ntp (Important) openSUSE Leap 42.1 ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 782060 SUSE bug 916617 SUSE bug 937837 SUSE bug 951559 SUSE bug 951629 SUSE bug 956773 SUSE bug 962318 SUSE bug 962784 SUSE bug 962802 SUSE bug 962960 SUSE bug 962966 SUSE bug 962970 SUSE bug 962988 SUSE bug 962994 SUSE bug 962995 SUSE bug 962997 SUSE bug 963000 SUSE bug 963002 SUSE bug 975496 SUSE bug 975981 CVE-2015-5300 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 Security update for libxml2 (Moderate) openSUSE Leap 42.1 This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the "Billion Laughs" denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 972335 SUSE bug 975947 CVE-2016-3627 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 50.0.2661.102 to fix four vulnerabilities (boo#979859): - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668: Same origin bypass in Blink V8 bindings - CVE-2016-1669: Buffer overflow in V8 - CVE-2016-1670: Race condition in loader Important SUSE bug 979859 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 Security update for quassel (Moderate) openSUSE Leap 42.1 This update for quassel fixes the following issues: - CVE-2016-4414: Denial of service vulnerability by unauthenticated clients (boo#978002) Moderate SUSE bug 978002 CVE-2016-4414 Security update for mbedtls (Moderate) openSUSE Leap 42.1 This update to mbedtls 1.3.16 fixes the following security issues: * CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284) * boo#961290: potential double free during certificate generation Moderate SUSE bug 961284 SUSE bug 961290 CVE-2015-7575 Security update for atheme (Moderate) openSUSE Leap 42.1 This update for atheme fixes the following issues: - CVE-2016-4478: Under certain circumstances, a remote attacker could cause denial of service due to a buffer overflow in the XMLRPC response encoding code (boo#978170) - CVE-2014-9773: Remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks (boo#978170) The version update to 7.2.6 also contains a number of upstream fixes. Moderate SUSE bug 978170 CVE-2014-9773 CVE-2016-4478 Security update for quagga (Moderate) openSUSE Leap 42.1 This update for quagga fixes the following security issues: - CVE-2016-4049: Remote crash vulerability with specially crafted packages due to a buffer overflow error in bgp_dump_routes_func (boo#977012) Moderate SUSE bug 977012 CVE-2016-4049 Security update for ntp (Important) openSUSE Leap 42.1 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 Bugs fixed: - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 957226 SUSE bug 977446 SUSE bug 977450 SUSE bug 977451 SUSE bug 977452 SUSE bug 977455 SUSE bug 977457 SUSE bug 977458 SUSE bug 977459 SUSE bug 977461 SUSE bug 977464 CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 Security update for MozillaFirefox (Moderate) openSUSE Leap 42.1 This update to MozillaFirefox 43.0.3 fixes the following issues: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature, in combination wit NSS 3.20.2 [boo#959888] Further fixes: * workaround Youtube user agent detection issue (bmo#1233970) * fix file download regression for multi user systems Moderate SUSE bug 959888 CVE-2015-7575 Security update for cacti (Moderate) openSUSE Leap 42.1 This update for cacti fixes the following issues: Security issues fixed: - CVE-2016-3172: SQL injection in tree.php (boo#971357) - CVE-2016-3659: SQL injection in lib/functions.php (boo#974013) Moderate SUSE bug 971357 SUSE bug 974013 CVE-2016-3172 CVE-2016-3659 Security update for GraphicsMagick (Important) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following issues: Security issues fixed: - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061] (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717) Important SUSE bug 978061 CVE-2016-3714 CVE-2016-3715 CVE-2016-3717 CVE-2016-3718 Security update for proftpd (Moderate) openSUSE Leap 42.1 This proftpd update to version 1.3.5b fixes the following issues: Security issues fixed: - CVE-2016-3125: Fixed selection of DH groups from TLSDHParamFile. (boo#970890) Bugs fixed: - update to 1.3.5b: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. Moderate SUSE bug 970890 CVE-2016-3125 Security update for go (Moderate) openSUSE Leap 42.1 This go update to version 1.6 fixes the following issues: Security issues fixed: - CVE-2016-3959: Infinite loop in several big integer routines (boo#974232) - CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (boo#960151) Bugs fixed: - Update to version 1.6: * On Linux on little-endian 64-bit PowerPC (linux/ppc64le), Go 1.6 now supports cgo with external linking and is roughly feature complete. * Vendoring support * HTTP2 transparent support * fix gc and gccgo incompatibility regarding embedded unexported struct types containing exported fields * Linux on 64-bit MIPS and Android on 32-bit x86 * enforced rules for sharing Go pointers with C * new mechanism for template reuse * performance improvements ... and more! see more in https://tip.golang.org/doc/go1.6 - Updated to version 1.5.2: This release includes bug fixes to the compiler, linker, and the mime/multipart, net, and runtime packages. https://golang.org/doc/devel/release.html#go1.5.minor - Updated to version 1.5.1: This release includes bug fixes to the go command, the compiler, assembler, and the fmt, net/textproto, net/http, and runtime packages. https://golang.org/doc/devel/release.html#go1.5.minor - Update to version 1.5: * see https://golang.org/doc/go1.5 - install shared stdlib on x86_64 - add go.gdbinit for debug friendly - Adapt to Leap * use gcc5-go than go1.4 is the proper requirement for Leap Moderate SUSE bug 960151 SUSE bug 974232 CVE-2015-8618 CVE-2016-3959 Security update for mysql-community-server (Important) openSUSE Leap 42.1 This mysql-community-server version update to 5.6.30 fixes the following issues: Security issues fixed: - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641, CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643 - changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html Bugs fixed: - don't delete the log data when migration fails - add 'log-error' and 'secure-file-priv' configuration options (added via configuration-tweaks.tar.bz2) [boo#963810] * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). Important SUSE bug 959724 SUSE bug 962779 SUSE bug 963810 CVE-2015-3194 CVE-2016-0639 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0661 CVE-2016-0665 CVE-2016-0666 CVE-2016-0668 CVE-2016-0705 CVE-2016-2047 Security update for librsvg (Moderate) openSUSE Leap 42.1 This librsvg update to version 2.40.15 fixes the following issues: Security issues fixed: - CVE-2016-4348: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function (boo#977986) Bugs fixed: - Actually scale the image if required, regression fix from upstream git (bgo#760262). - Fixed bgo#759084: Don't crash when filters don't actually exist. - Updated our autogen.sh to use modern autotools. - Fixed bgo#761728: Memory leak in the PrimitiveComponentTransfer filter. - Added basic support for the "baseline-shift" attribute in text objects (bgo#340047). - Fixed some duplicate logic when rendering paths (bgo#749415). - Rewrote the markers engine (bgo#685906, bgo#760180). - Refactoring of the test harness to use Glib's gtest infrastructure, instead of using home-grown machinery. Tests can simply be put as SVG files in the tests/subdirectories; it is not necessary to list them explicitly in some text file. - Gzipped SVGs now work if read from streams. - References to objects/filters/URIs/etc. are now handled lazily. Also, there is a general-purpose cycle detector so malformed SVGs don't cause infinite loops. - Removed parsing of Adobe blend modes; they were not implemented, anyway. - Add project files for building on Visual Studio (bgo#753555). - Added an "--export-id" option to rsvg-convert(1). This lets you select a single object to export, for example, to pick out a group from a multi-part drawing. Note that this is mostly useful for PNG output right now; for SVG output we don't preserve many attributes which could be useful in the extracted version. Doing this properly requires an internal "output to SVG" backend instead of just telling Cairo to render to SVG. Moderate SUSE bug 977986 CVE-2016-4348 Security update for mercurial (Moderate) openSUSE Leap 42.1 This update for mercurial fixes the following issues: Security issue fixed: - CVE-2016-3105: Fixed arbitrary code execution whenusing the convert extension on Git repo. (boo#978391) Moderate SUSE bug 978391 CVE-2016-3105 Security update for php5 (Important) openSUSE Leap 42.1 This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) - CVE-2016-4071: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string formatting in php_snmp_error() (bsc#977000) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 976996 SUSE bug 976997 SUSE bug 977000 SUSE bug 977003 SUSE bug 977005 CVE-2015-8866 CVE-2015-8867 CVE-2016-4070 CVE-2016-4071 CVE-2016-4073 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948). - CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955). - CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956). - CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911). - CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970). - CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418). - CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892). - CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958). - CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124). - CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628). - CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360). The following non-security bugs were fixed: - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Backport arm64 patches from SLE12-SP1-ARM - Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes. - Revert "drm/radeon: call hpd_irq_event on resume" (boo#975868). - Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module. - backends: guarantee one time reads of shared ring contents (bsc#957988). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - net: thunderx: Use napi_schedule_irqoff() - netback: do not use last request to determine minimum Tx credit (bsc#957988). Important SUSE bug 957988 SUSE bug 970892 SUSE bug 970911 SUSE bug 970948 SUSE bug 970955 SUSE bug 970956 SUSE bug 970958 SUSE bug 970970 SUSE bug 971124 SUSE bug 971360 SUSE bug 971628 SUSE bug 972174 SUSE bug 973378 SUSE bug 974418 SUSE bug 975868 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2847 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3689 CVE-2016-3951 Security update for systemd (Moderate) openSUSE Leap 42.1 This update for SystemD provides fixes and enhancements. The following security issue has been fixed: - Don't allow read access to journal files to users. (bsc#972612, CVE-2014-9770, CVE-2015-8842) The following non-security issues have been fixed: - Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766) - Incorrect permissions set after boot on journal files. (bsc#973848) - Exclude device-mapper from block device ownership event locking. (bsc#972727) - Explicitly set mode for /run/log. - Don't apply sgid and executable bit to journal files, only the directories they are contained in. - Add ability to mask access mode by pre-existing access mode on files/directories. - No need to pass --all if inactive is explicitly requested in list-units. (bsc#967122) - Fix automount option and don't start associated mount unit at boot. (bsc#970423) - Support more than just power-gpio-key. (fate#318444, bsc#970860) - Add standard gpio power button support. (fate#318444, bsc#970860) - Downgrade warnings about wanted unit which are not found. (bsc#960158) - Shorten hostname before checking for trailing dot. (bsc#965897) - Remove WorkingDirectory parameter from emergency, rescue and console-shell.service. (bsc#959886) - Don't ship boot.udev and systemd-journald.init anymore. - Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 959886 SUSE bug 960158 SUSE bug 963230 SUSE bug 965897 SUSE bug 967122 SUSE bug 970423 SUSE bug 970860 SUSE bug 972612 SUSE bug 972727 SUSE bug 973848 SUSE bug 976766 SUSE bug 978275 CVE-2014-9770 CVE-2015-8842 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities (boo#981886): - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink - CVE-2016-1676: Cross-origin bypass in extension bindings - CVE-2016-1677: Type confusion in V8 - CVE-2016-1678: Heap overflow in V8 - CVE-2016-1679: Heap use-after-free in V8 bindings - CVE-2016-1680: Heap use-after-free in Skia - CVE-2016-1681: Heap overflow in PDFium - CVE-2016-1682: CSP bypass for ServiceWorker - CVE-2016-1683: Out-of-bounds access in libxslt - CVE-2016-1684: Integer overflow in libxslt - CVE-2016-1685: Out-of-bounds read in PDFium - CVE-2016-1686: Out-of-bounds read in PDFium - CVE-2016-1687: Information leak in extensions - CVE-2016-1688: Out-of-bounds read in V8 - CVE-2016-1689: Heap buffer overflow in media - CVE-2016-1690: Heap use-after-free in Autofill - CVE-2016-1691: Heap buffer-overflow in Skia - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker - CVE-2016-1693: HTTP Download of Software Removal Tool - CVE-2016-1694: HPKP pins removed on cache clearance - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 981886 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 Security update for phpMyAdmin (Low) openSUSE Leap 42.1 phpMyAdmin was updated to fix one security issue. The following vulnerability was fixed: - CVE-2016-5099: Self XSS vulneratbility - A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page (boo#982128, PMASA-2016-16) Low SUSE bug 982128 CVE-2016-5099 Security update for redis (Moderate) openSUSE Leap 42.1 This update for redis fixes the following security issue: - CVE-2015-8080: Fixed an integer overflow resulting in stack-based overflow. (bsc#954199) Moderate SUSE bug 954199 CVE-2015-8080 Security update for virtualbox (Moderate) openSUSE Leap 42.1 virtualbox was updated to 5.0.18 and also fixes the following issues: Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan GUI: fixed a test which allowed to encrypt a hard disk with an empty password GUI: fixed a crash under certain conditions during VM shutdown GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group PC speaker passthrough: fixes (Linux hosts only; bug #627) Drag and drop: several fixes SATA: fixed hotplug flag handling when EFI is used Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) Guest Control: fixed VBoxManage copyfrom command (bug #14336) Snapshots: fixed several problems when removing older snapshots (bug #15206) VBoxManage: fixed --verbose output of the guestcontrol command Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks Solaris hosts / guests: properly sign the kernel modules (bug #12608) Linux hosts / guests: Linux 4.5 fixes (bug #15251) Linux hosts / guests: Linux 4.6 fixes (bug #15298) Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled Additional bugfixes: * Fix start failure of vboxadd service routine This script fails because /var/lib/VBoxGuestAdditions/config does not exist; however, there is no need for this file. That service routine is modified. (boo#977328). * Add missing initialization of scanout buffer base and size for proper fbdev support. * Add support for delayed_io in fbdev-layer. (boo#977200). - This submission fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use a LsiLogic adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file "changeset_60565.diff". This update contains a fix for CVE-2016-0678. Bug report boo#976636 discusses this vulnerability. Moderate SUSE bug 976636 SUSE bug 977200 SUSE bug 977328 CVE-2016-0678 Security update for putty (Moderate) openSUSE Leap 42.1 This update to putty 0.67 fixes the following vulnerability: - CVE-2016-2563: old-style scp downloads may allow remote code execution (boo#981407) Moderate SUSE bug 981407 CVE-2016-2563 Security update for openssh (Moderate) openSUSE Leap 42.1 This update for OpenSSH fixes three security issues. These security issues were fixed: - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: Ignore PAM environment when using login (bsc#975865) These non-security issues were fixed: - Fix help output of sftp (bsc#945493) - Restarting openssh with openssh-fips installed was not working correctly (bsc#945484) - Fix crashes when /proc is not available in the chroot (bsc#947458) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - More verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - Fix PRNG re-seeding (bsc#960414, bsc#729190) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 729190 SUSE bug 932483 SUSE bug 945484 SUSE bug 945493 SUSE bug 947458 SUSE bug 948902 SUSE bug 960414 SUSE bug 961368 SUSE bug 962313 SUSE bug 965576 SUSE bug 970632 SUSE bug 975865 CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 Security update for gdk-pixbuf (Moderate) openSUSE Leap 42.1 This update for gdk-pixbuf fixes the following issues: - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791). Moderate SUSE bug 948790 SUSE bug 948791 SUSE bug 958963 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 Security update for cups-filters (Moderate) openSUSE Leap 42.1 This update fixes the following security issue: CVE-2015-8327 adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 957531 CVE-2015-8327 Security update for dosfstools (Moderate) openSUSE Leap 42.1 This update for dosfstools fixes the following issues: - fixed buffer overflows based on insufficient size of variable for storing FAT size (CVE-2016-4804, boo#980377) * dosfstools-3.0.26-read-fat-overflow.patch - fixed memory corruption when setting FAT12 entries (CVE-2015-8872, boo#980364) * dosfstools-3.0.26-off-by-2.patch - Fix attempt to rename root dir in fsck due to uninitialized fields [boo#912607] - Drop gpg-offline build-time requirement; this is now handled by the local source validator Moderate SUSE bug 912607 SUSE bug 980364 SUSE bug 980377 CVE-2015-8872 CVE-2016-4804 Security update for libxml2 (Moderate) openSUSE Leap 42.1 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 960674 CVE-2015-8710 Security update for clamav-database (Moderate) openSUSE Leap 42.1 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for cgit (Moderate) openSUSE Leap 42.1 This update to cgit 0.12 fixes the following issues: - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflow The bundled git version was updated to 2.7.0. Moderate SUSE bug 961916 CVE-2016-1899 CVE-2016-1900 CVE-2016-1901 Security update for GraphicsMagick (Important) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following issues: - security update: * CVE-2016-5118 [boo#982178] + GraphicsMagick-CVE-2016-5118.patch Important SUSE bug 982178 CVE-2016-5118 Security update for expat (Important) openSUSE Leap 42.1 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 979441 SUSE bug 980391 CVE-2015-1283 CVE-2016-0718 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: Security issues fixed: - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 977991 SUSE bug 977994 SUSE bug 978827 SUSE bug 978828 SUSE bug 978829 SUSE bug 978830 SUSE bug 980366 SUSE bug 980373 SUSE bug 980375 CVE-2015-4116 CVE-2015-8873 CVE-2015-8874 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 Security update for libksba (Moderate) openSUSE Leap 42.1 This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 979261 SUSE bug 979906 CVE-2016-4574 CVE-2016-4579 Security update for libimobiledevice, libusbmuxd (Moderate) openSUSE Leap 42.1 This update for libimobiledevice, libusbmuxd fixes the following issues: - Add libimobiledevice-CVE-2016-5104.patch: Make sure sockets only listen locally (CVE-2016-5104, boo#982014). Moderate SUSE bug 982014 CVE-2016-5104 Security update for bind (Important) openSUSE Leap 42.1 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 962189 CVE-2015-8704 Security update for opera (Moderate) openSUSE Leap 42.1 NonFree This update contains Opera 38.0.2220.29, fixing a number of security issues and bug. - A number of upstream bug fixes listed in https://opera.com/blogs/desktop/changelog-38 - Detach button won’t be visible in fullscreen anymore DNA-53205. - Pop out video wont freeze anymore after moving source tab to separate window. - Security fixes as chromium is updated to version 50.0.2661.102. Moderate Security update for MozillaFirefox, mozilla-nss (Important) openSUSE Leap 42.1 This update to Mozilla Firefox 47 fixes the following issues (boo#983549): Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards (boo#983638 MFSA 2016-49) - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA 2016-50) - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (boo#983653 MFSA 2016-51) - CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652 MFSA 2016-52) - CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA 2016-53) - CVE-2016-2825: Partial same-origin-policy through setting location.host through data URI (boo#983649 MFSA 2016-54) - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (boo#983646 MFSA 2016-56) - CVE-2016-2829: Incorrect icon displayed on permissions notifications (boo#983644 MFSA 2016-57) - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (boo#983643 MFSA 2016-58) - CVE-2016-2832: Information disclosure of disabled plugins through CSS pseudo-classes (boo#983632 MFSA 2016-59) - CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA 2016-60) Mozilla NSS was updated to 3.23 to address the following vulnerabilities: - CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61) The following non-security changes are included: - Enable VP9 video codec for users with fast machines - Embedded YouTube videos now play with HTML5 video if Flash is not installed - View and search open tabs from your smartphone or another computer in a sidebar - Allow no-cache on back/forward navigations for https resources The following packaging changes are included: - boo#981695: cleanup configure options, notably removing GStreamer support which is gone from FF - boo#980384: enable build with PIE and full relro on x86_64 The following new functionality is provided: - ChaCha20/Poly1305 cipher and TLS cipher suites now supported - The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers Important SUSE bug 980384 SUSE bug 981695 SUSE bug 983549 SUSE bug 983632 SUSE bug 983638 SUSE bug 983639 SUSE bug 983640 SUSE bug 983643 SUSE bug 983644 SUSE bug 983646 SUSE bug 983649 SUSE bug 983651 SUSE bug 983652 SUSE bug 983653 SUSE bug 983655 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 Security update for nodejs (Important) openSUSE Leap 42.1 This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h: - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session (bsc#977616). - CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data (bsc#977614). - CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#968047). - CVE-2016-0797: Multiple integer overflows in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c (bsc#968048). - CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL did not properly consider cache-bank access times during modular exponentiation, which made it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack (bsc#968050). These non-security issues were fixed: - Fix faulty "if" condition (string cannot equal a boolean). - buffer: Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer. - contextify: Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth. - Update npm to 2.15.5. - http: Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. - deps: Fix --gdbjit for embedders. Backported from v8 upstream. - querystring: Restore throw when attempting to stringify bad surrogate pair. - https: Under certain conditions SSL sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - lib: The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. - repl: Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - deps: An update to v8 that introduces a new flag --perf_basic_prof_only_functions. - http: A new feature in http(s) agent that catches errors on keep alived connections. - src: Better support for big-endian systems. - tls: A new feature that allows you to pass common SSL options to tls.createSecurePair. - build: Support python path that includes spaces. - https: A potential fix for #3692 (HTTP/HTTPS client requests throwing EPROTO). - installer: More readable profiling information from isolate tick logs. - process: Add support for symbols in event emitters (symbols didn't exist when it was written). - querystring: querystring.parse() is now 13-22% faster! - streams: Performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! Important SUSE bug 968047 SUSE bug 968048 SUSE bug 968050 SUSE bug 977614 SUSE bug 977616 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-2105 CVE-2016-2107 Security update for clamav-database (Moderate) openSUSE Leap 42.1 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for monit (Moderate) openSUSE Leap 42.1 This update for monit fixes the following issues: - boo#974763: disable SSLv3 Moderate SUSE bug 974763 Security update for libxml2 (Important) openSUSE Leap 42.1 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 963963 SUSE bug 965283 SUSE bug 978395 SUSE bug 981040 SUSE bug 981041 SUSE bug 981108 SUSE bug 981109 SUSE bug 981111 SUSE bug 981112 SUSE bug 981114 SUSE bug 981115 SUSE bug 981548 SUSE bug 981549 SUSE bug 981550 CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 Security update for wireshark (Moderate) openSUSE Leap 42.1 This update for wireshark fixes an number of security issues. Issues in protocol dissectors could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - CVE-2016-5350: The SPOOLS dissector could go into an infinite loop - CVE-2016-5351: The IEEE 802.11 dissector could crash - CVE-2016-5353: The UMTS FP dissector could crash - CVE-2016-5354: Some USB dissectors could crash - CVE-2016-5355: The Toshiba file parser could crash - CVE-2016-5356: The CoSine file parser could crash - CVE-2016-5357: The NetScreen file parser could crash - CVE-2016-5358: The Ethernet dissector could crash Moderate SUSE bug 983671 CVE-2016-5350 CVE-2016-5351 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives (shared identifier) (boo#985397) Important SUSE bug 985397 CVE-2016-1704 Security update for poppler (Moderate) openSUSE Leap 42.1 This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 976844 CVE-2015-8868 Security update for ntp (Important) openSUSE Leap 42.1 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 979302 SUSE bug 979981 SUSE bug 981422 SUSE bug 982056 SUSE bug 982064 SUSE bug 982065 SUSE bug 982066 SUSE bug 982067 SUSE bug 982068 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Security update for libtorrent-rasterbar (Moderate) openSUSE Leap 42.1 This update for libtorrent-rasterbar fixes the following issues: - CVE-2016-5301: Crash on invalid input in http_parser could have allowed a remote attacker to perform a denial of service attack (boo#983228). In addition, the package was updated to 1.0.9 / 1.16.19, fixing various upstream bugs. Moderate SUSE bug 983228 CVE-2016-5301 Security update for ctdb (Moderate) openSUSE Leap 42.1 ctdb was updated to fix one security issue. This security issue was fixed: - bsc#969522: ctdb opening sockets with htons(IPPROTO_RAW) Moderate SUSE bug 969522 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. (bsc#979548) - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. (bsc#980371). - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. (bsc#981058). - CVE-2016-5244: An information leak vulnerability in function rds_inc_info_copy of file net/rds/recv.c was fixed that might have leaked kernel stack data. (bsc#983213). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. (bsc#981267). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4482: A kernel information leak in the usbfs devio connectinfo was fixed, which could expose kernel stack memory to userspace. (bnc#978401). - CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821). - CVE-2016-4486: A kernel information leak in rtnetlink was fixed, where 4 uninitialized bytes could leak to userspace (bsc#978822). - CVE-2016-4557: A use-after-free via double-fdput in replace_map_fd_with_map_ptr() was fixed, which could allow privilege escalation (bsc#979018). - CVE-2016-4565: When the "rdma_ucm" infiniband module is loaded, local attackers could escalate their privileges (bsc#979548). - CVE-2016-4569: A kernel information leak in the ALSA timer via events via snd_timer_user_tinterrupt that could leak information to userspace was fixed (bsc#979213). - CVE-2016-4578: A kernel information leak in the ALSA timer via events that could leak information to userspace was fixed (bsc#979879). - CVE-2016-4581: If the first propogated mount copy was being a slave it could oops the kernel (bsc#979913) The following non-security bugs were fixed: - ALSA: hda - Add dock support for ThinkPad X260 (boo#979278). - ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278). - ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278). - ALSA: hda - Fix broken reconfig (boo#979278). - ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines (boo#979278). - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278). - ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278). - ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278). - ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m (boo#979278). - ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294 (boo#979278). - ALSA: hda/realtek - New codec support of ALC225 (boo#979278). - ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278). - ALSA: pcxhr: Fix missing mutex unlock (boo#979278). - ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2) (boo#979278). - bluetooth: fix power_on vs close race (bsc#966849). - bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849). - bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849). - bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849). - btrfs: do not use src fd for printk (bsc#980348). - btrfs: fix crash/invalid memory access on fsync when using overlayfs (bsc#977198) - drm: qxl: Workaround for buggy user-space (bsc#981344). - enic: set netdev->vlan_features (bsc#966245). - fs: add file_dentry() (bsc#977198). - IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657). - input: i8042 - lower log level for "no controller" message (bsc#945345). - kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*, efivar_validate, file_open_root and dax_fault - kabi: Add some fixups (module, pci_dev, drm, fuse and thermal) - kabi: file_dentry changes (bsc#977198). - kABI fixes for 4.1.22 - mm/page_alloc.c: calculate 'available' memory in a separate function (bsc#982239). - net: disable fragment reassembly if high_thresh is zero (bsc#970506). - of: iommu: Silence misleading warning. - pstore_register() error handling was wrong -- it tried to release lock before it's acquired, causing spinlock / preemption imbalance. - usb: quirk to stop runtime PM for Intel 7260 (bnc#984460). - Revert "usb: hub: do not clear BOS field during reset device" (boo#979728). - usb: core: hub: hub_port_init lock controller instead of bus (bnc#978073). - usb: preserve kABI in address0 locking (bnc#978073). - usb: usbip: fix potential out-of-bounds write (bnc#975945). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982712). - virtio_balloon: do not change memory amount visible via /proc/meminfo (bsc#982238). - virtio_balloon: export 'available' memory to balloon statistics (bsc#982239). Important SUSE bug 945345 SUSE bug 955654 SUSE bug 963762 SUSE bug 966245 SUSE bug 966849 SUSE bug 970506 SUSE bug 971126 SUSE bug 971799 SUSE bug 973570 SUSE bug 974308 SUSE bug 975945 SUSE bug 977198 SUSE bug 978073 SUSE bug 978401 SUSE bug 978821 SUSE bug 978822 SUSE bug 979018 SUSE bug 979213 SUSE bug 979278 SUSE bug 979548 SUSE bug 979728 SUSE bug 979867 SUSE bug 979879 SUSE bug 979913 SUSE bug 980348 SUSE bug 980371 SUSE bug 980657 SUSE bug 981058 SUSE bug 981267 SUSE bug 981344 SUSE bug 982238 SUSE bug 982239 SUSE bug 982712 SUSE bug 983143 SUSE bug 983213 SUSE bug 984460 CVE-2013-7446 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-3672 CVE-2016-3955 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805 CVE-2016-4951 CVE-2016-5244 Security update for vlc (Important) openSUSE Leap 42.1 This update for vlc to 2.2.4 to fix the following security issue: - CVE-2016-5108: Fix out-of-bound write in adpcm QT IMA codec (boo#984382). This also include an update of codecs and libraries to fix these 3rd party security issues: - CVE-2016-1514: Matroska libebml EbmlUnicodeString Heap Information Leak - CVE-2016-1515: Matroska libebml Multiple ElementList Double Free Vulnerabilities - CVE-2015-7981: The png_convert_to_rfc1123 function in png.c in libpng allowed remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read (bsc#952051). - CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (bsc#954980). Important SUSE bug 952051 SUSE bug 954980 SUSE bug 984382 CVE-2015-7981 CVE-2015-8126 CVE-2016-1514 CVE-2016-1515 CVE-2016-5108 Security update for ImageMagick (Important) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) This non-security issue was fixed: - Fix encoding of /Title in generated PDFs. (bsc#867943) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 867943 SUSE bug 982178 CVE-2016-5118 Security update for obs-service-source_validator (Important) openSUSE Leap 42.1 obs-service-source_validator was updated to fix one security issue. This security issue was fixed: - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265). This non-security issue was fixed: - bsc#967610: Several occurrences of uninitialized value. Important SUSE bug 967265 SUSE bug 967610 CVE-2016-4007 Security update for libarchive (Moderate) openSUSE Leap 42.1 This update for libarchive fixes the following issue: - Fix a heap-based buffer overflow (CVE-2016-1541, bsc#979005) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 979005 CVE-2016-1541 Security update for rsync (Moderate) openSUSE Leap 42.1 rsync was updated to fix one security issue. This security issue was fixed: - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (boo#915410). Moderate SUSE bug 915410 CVE-2014-9512 Security update for libvirt (Moderate) openSUSE Leap 42.1 This update for libvirt fixes the following issues: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. (boo#953110) Moderate SUSE bug 953110 CVE-2015-5313 Security update for p7zip (Moderate) openSUSE Leap 42.1 This update for p7zip fixes one security issue. This security issue was fixed: - CVE-2016-2335: UDF CInArchive::ReadFileItem code execution vulnerability (bsc#979823) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 979823 CVE-2016-2335 Security update for libtasn1 (Moderate) openSUSE Leap 42.1 This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 929414 SUSE bug 961491 SUSE bug 982779 CVE-2015-3622 CVE-2016-4008 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside of valid range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside of valid range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2015-8877: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) as used in PHP used inconsistent allocate and free approaches, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (bsc#981061). - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not validate certain Exception objects, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data (bsc#981049). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 981049 SUSE bug 981050 SUSE bug 981061 SUSE bug 982009 SUSE bug 982010 SUSE bug 982011 SUSE bug 982012 SUSE bug 982013 CVE-2013-7456 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 Security update for libav (Moderate) openSUSE Leap 42.1 This update for libav fixes the two following security issues: - CVE-2016-3062: A MP4 memory corruption was fixed that could lead to crashes or code execution. (boo#984487) - CVE-2015-5479: A crash due to a divide by zero was fixed in ff_h263_decode_mba() that could lead to decoder crashes. (boo#949760) Moderate SUSE bug 949760 SUSE bug 984487 CVE-2015-5479 CVE-2016-3062 Security update for mariadb (Important) openSUSE Leap 42.1 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options (bsc#980904). - CVE-2016-0546: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Client (bsc#980904). - CVE-2016-0596: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0597: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0598: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0600: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to InnoDB (bsc#980904). - CVE-2016-0606: Unspecified vulnerability allowed remote authenticated users to affect integrity via unknown vectors related to encryption (bsc#980904). - CVE-2016-0608: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to UDF (bsc#980904). - CVE-2016-0609: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to privileges (bsc#980904). - CVE-2016-0616: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#980904). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#980904). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#980904). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#980904). - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#980904). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#980904). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#980904). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#980904). - CVE-2016-0655: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#980904). - CVE-2016-0668: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). These non-security issues were fixed: - bsc#961935: Remove the leftovers of "openSUSE" string in the '-DWITH_COMMENT' and 'DCOMPILATION_COMMENT' options - bsc#970287: remove ha_tokudb.so plugin and tokuft_logprint and tokuftdump binaries as TokuDB storage engine requires the jemalloc library that isn't present in SLE-12-SP1 - bsc#970295: Fix the leftovers of "logrotate.d/mysql" string in the logrotate error message. Occurrences of this string were changed to "logrotate.d/mariadb" - bsc#963810: Add 'log-error' and 'secure-file-priv' configuration options * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). Important SUSE bug 961935 SUSE bug 963806 SUSE bug 963810 SUSE bug 970287 SUSE bug 970295 SUSE bug 980904 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 Security update for xfsprogs (Moderate) openSUSE Leap 42.1 xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 939367 CVE-2012-2150 Security update for roundcubemail (Important) openSUSE Leap 42.1 This update to roundcubemail 1.1.4 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method (boo#962067) This update also contains all upstream fixes in 1.1.4. The package was updated to use generic PHP requirements for use with other prefixes than "php5-" Important SUSE bug 962067 CVE-2015-8770 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 phpMyAdmin was updated to version 4.4.15.7 to fix eight security issues. These security issues were fixed: - CVE-2016-5701: BBCode injection vulnerability (boo#986154) - CVE-2016-5703: SQL injection attack (boo#986154) - CVE-2016-5705: Multiple XSS vulnerabilities (boo#986154) - CVE-2016-5706: DOS attack (boo#986154) - CVE-2016-5730: Multiple full path disclosure vulnerabilities (boo#986154) - CVE-2016-5731: XSS through FPD (boo#986154) - CVE-2016-5733: Multiple XSS vulnerabilities (boo#986154) - CVE-2016-5739: Referrer leak in transformations (boo#986154) This non-security issues was fixed: - Fix issue Setup script doesn't use input type 'password' in all relevant locations Moderate SUSE bug 986154 CVE-2016-5701 CVE-2016-5703 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5733 CVE-2016-5739 Security update for kinit (Moderate) openSUSE Leap 42.1 kinit was updated to fix one security issue. This security issue was fixed: - CVE-2016-3100: World readable Xauthority file exposed cookie credentials (boo#983926). Moderate SUSE bug 983926 CVE-2016-3100 Security update for gimp (Moderate) openSUSE Leap 42.1 gimp was updated to version 2.8.16 to fix one security issue. This security issue was fixed: - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). This non-security issues were fixed: - Core: * Seek much less when writing XCF * Don't seek past the end of the file when writing XCF * Fix velocity parameter on .GIH brushes * Fix brokenness while transforming certain sets of linked layers - GUI: * Always show image tabs in single window mode * Fix switching of dock tabs by DND hovering * Don't make the scroll area for tags too small * Fixed a crash in the save dialog * Fix issue where ruler updates made things very slow on Windows -Plug-ins: * Fix several issues in the BMP plug-in * Make Gfig work with the new brush size behavior again * Fix font export in the PDF plug-in * Support layer groups in OpenRaster files * Fix loading of PSD files with layer groups Moderate SUSE bug 986021 CVE-2016-4994 Security update for spice (Moderate) openSUSE Leap 42.1 spice was updated to fix two security issues. These security issues were fixed: - CVE-2016-2150: SPICE allowed local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261 (boo#982385). - CVE-2016-0749: The smartcard interaction in SPICE allowed remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow (boo#982385). Moderate SUSE bug 982385 SUSE bug 982386 CVE-2016-0749 CVE-2016-2150 Security update for libircclient (Moderate) openSUSE Leap 42.1 This update for libircclient adjusts the cipher suites from ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH to to EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH (boo#857151) Moderate SUSE bug 857151 Security update for cronic (Moderate) openSUSE Leap 42.1 cronic was updated to fix one security issue. This security issue was fixed: - CVE-2016-3992: Predictable temporary files (bsc#974845). Moderate SUSE bug 974845 CVE-2016-3992 Security update for qemu (Important) openSUSE Leap 42.1 qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 886378 SUSE bug 940929 SUSE bug 958491 SUSE bug 958917 SUSE bug 959005 SUSE bug 959386 SUSE bug 960334 SUSE bug 960708 SUSE bug 960725 SUSE bug 960835 SUSE bug 961332 SUSE bug 961333 SUSE bug 961358 SUSE bug 961556 SUSE bug 961691 SUSE bug 962320 SUSE bug 963782 SUSE bug 964411 SUSE bug 964413 SUSE bug 967969 SUSE bug 969121 SUSE bug 969122 SUSE bug 969350 SUSE bug 970036 SUSE bug 970037 SUSE bug 975128 SUSE bug 975136 SUSE bug 975700 SUSE bug 976109 SUSE bug 978158 SUSE bug 978160 SUSE bug 980711 SUSE bug 980723 SUSE bug 981266 CVE-2015-5745 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2197 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 Security update for Mozilla Thunderbird (Important) openSUSE Leap 42.1 This update contains Mozilla Thunderbird 45.2. (boo#983549) It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed: - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49) Contains the following security fixes from the 45.1 release: (boo#977333) - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39) Contains the following security fixes from the 45.0 release: (boo#969894) - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16) - CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17) - CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18) - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19) - CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20) - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23) - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24) - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27) - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34) The graphite font shaping library was disabled, addressing the following font vulnerabilities: - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 The following tracked packaging changes are included: - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - gcc6 fixes (boo#986162) - running on 48bit va aarch64 (boo#984126) Important SUSE bug 969894 SUSE bug 977333 SUSE bug 977375 SUSE bug 977376 SUSE bug 983549 SUSE bug 984126 SUSE bug 984637 SUSE bug 986162 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2806 CVE-2016-2807 CVE-2016-2815 CVE-2016-2818 Security update for glibc (Moderate) openSUSE Leap 42.1 This update for glibc provides the following fixes: - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 967190 SUSE bug 968787 SUSE bug 969727 SUSE bug 973010 SUSE bug 973164 SUSE bug 975930 SUSE bug 980483 SUSE bug 980854 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 was updated to 4.1.27 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. (bsc#986362) - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4794: Use-after-free vulnerability in mm/percpu.c in the Linux kernel allowed local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls (bnc#980265). The following non-security bugs were fixed: - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Refresh patches.xen/xen3-patch-2.6.26 (fix PAT initialization). - Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat inheritance). - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates for /proc/xen/xenbus (bsc#970275). - Refresh patches.xen/xen3-patch-3.16 (drop redundant addition of a comment). - Refresh patches.xen/xen3-patch-4.1.7-8. - base: make module_create_drivers_dir race-free (bnc#983977). - ipvs: count pre-established TCP states as active (bsc#970114). - net: thunderx: Fix TL4 configuration for secondary Qsets (bsc#986530). - net: thunderx: Fix link status reporting (bsc#986530). Important SUSE bug 970114 SUSE bug 970275 SUSE bug 978469 SUSE bug 980265 SUSE bug 983977 SUSE bug 984755 SUSE bug 986362 SUSE bug 986530 SUSE bug 986572 CVE-2016-4470 CVE-2016-4794 CVE-2016-4997 CVE-2016-5829 Security update for LibreOffice (Moderate) openSUSE Leap 42.1 LibreOffice was updated to version 5.1.3.2, bringing many new features and bug fixes. Two security issues have been fixed: - CVE-2016-0795: LibreOffice allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. - CVE-2016-0794: The lwp filter in LibreOffice allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. A comprehensive list of new features and improvements in this release is provided by the Document Foundation at https://wiki.documentfoundation.org/ReleaseNotes/5.1 . This update was imported from the SUSE:SLE-12:Update project. Moderate SUSE bug 718113 SUSE bug 856729 SUSE bug 939998 SUSE bug 945443 SUSE bug 945445 SUSE bug 955832 SUSE bug 965294 SUSE bug 965296 SUSE bug 967014 SUSE bug 967015 SUSE bug 977784 CVE-2016-0794 CVE-2016-0795 Security update for libvirt (Moderate) openSUSE Leap 42.1 This update for libvirt fixes the following issue: - CVE-2016-5008: empty VNC password disables authentication (boo#987527) Moderate SUSE bug 987527 CVE-2016-5008 Security update for apache2 (Moderate) openSUSE Leap 42.1 This update for apache2 fixes the following issues: * It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5387). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated Apache server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value has been explicitly configured by the administrator in the configuration file). (bsc#988488) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 988488 CVE-2016-5387 Security update for ImageMagick (Important) openSUSE Leap 42.1 ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9850: Incorrect thread limit logic (bsc#984149). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. (bsc#983774). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2014-9833: Heap overflow in psd file (bsc#984406). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9823: Heap overflow in palm file (bsc#984401). - CVE-2014-9822: Heap overflow in quantum file (bsc#984187). - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2014-9848: Memory leak in quantum management (bsc#984404). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9832: Heap overflow in pcx file (bsc#984183). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 983232 SUSE bug 983234 SUSE bug 983253 SUSE bug 983259 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983521 SUSE bug 983523 SUSE bug 983527 SUSE bug 983533 SUSE bug 983739 SUSE bug 983746 SUSE bug 983752 SUSE bug 983774 SUSE bug 983794 SUSE bug 983796 SUSE bug 983799 SUSE bug 983803 SUSE bug 984014 SUSE bug 984018 SUSE bug 984023 SUSE bug 984028 SUSE bug 984032 SUSE bug 984035 SUSE bug 984135 SUSE bug 984137 SUSE bug 984142 SUSE bug 984144 SUSE bug 984145 SUSE bug 984149 SUSE bug 984150 SUSE bug 984160 SUSE bug 984166 SUSE bug 984172 SUSE bug 984179 SUSE bug 984181 SUSE bug 984183 SUSE bug 984184 SUSE bug 984185 SUSE bug 984186 SUSE bug 984187 SUSE bug 984191 SUSE bug 984193 SUSE bug 984370 SUSE bug 984372 SUSE bug 984373 SUSE bug 984374 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984398 SUSE bug 984400 SUSE bug 984401 SUSE bug 984404 SUSE bug 984406 SUSE bug 984408 SUSE bug 984409 SUSE bug 984427 SUSE bug 984433 SUSE bug 984436 SUSE bug 985442 SUSE bug 985448 SUSE bug 985451 SUSE bug 985456 SUSE bug 985460 SUSE bug 986608 SUSE bug 986609 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 Security update for nodejs (Moderate) openSUSE Leap 42.1 This update for nodejs fixes the following issue: - CVE-2016-1669: * fix buffer overflow in v8 (boo#987919) Moderate SUSE bug 987919 CVE-2016-1669 Security update for dhcp (Moderate) openSUSE Leap 42.1 This update for dhcp fixes the following issues: Security issue fixed: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Non security issues fixed: - Rename freeaddrinfo(), getaddrinfo() and getnameinfo() in the internal libirs library that does not consider /etc/hosts and /etc/nsswitch.conf to use irs_ prefix. This prevents name conflicts which would result in overriding standard glibc functions used by libldap. (bsc#972907) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 969820 SUSE bug 972907 CVE-2016-2774 Security update for gnugk (Moderate) openSUSE Leap 42.1 gnugk was updated fix security issues and bugs. The following issues were fixed: - CVE-2012-3534: denial of service via lots of connections (boo#777486) The new version 4.2 of gnuk also fixes a number of bugs and contains other improvements and fixes. The new library h323plus was added to the distribution as a dependency. Moderate SUSE bug 777486 CVE-2012-3534 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901): - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in Blink - CVE-2016-1711: Same-origin bypass in Blink - CVE-2016-5127: Use-after-free in Blink - CVE-2016-5128: Same-origin bypass in V8 - CVE-2016-5129: Memory corruption in V8 - CVE-2016-5130: URL spoofing - CVE-2016-5131: Use-after-free in libxml - CVE-2016-5132: Limited same-origin bypass in Service Workers - CVE-2016-5133: Origin confusion in proxy authentication - CVE-2016-5134: URL leakage via PAC script - CVE-2016-5135: Content-Security-Policy bypass - CVE-2016-5136: Use after free in extensions - CVE-2016-5137: History sniffing with HSTS and CSP - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 989901 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 Recommended update for mbedtls (Moderate) openSUSE Leap 42.1 This mbedtls update to version 1.3.17 fixes the following issues: Security issues fixed: - Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 - Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. - Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt Bugs fixed: - Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos Follath. #309 - Fix issue in Makefile that prevented building using armar. - Fix issue that caused a hang up when generating RSA keys of odd bitlength - Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer dereference possible. - Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 Further changes: - On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. - Disabled SSLv3 in the default configuration. - Fix non-compliance server extension handling. Extensions for SSLv3 are now ignored, as required by RFC6101. Moderate SUSE bug 988956 Security update for karchive (Important) openSUSE Leap 42.1 This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets (boo#989698) Important SUSE bug 989698 CVE-2016-6232 Security update for python (Moderate) openSUSE Leap 42.1 Python was updated to fix three security issues. The following vulnerabilities were fixed: - CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636: zipimporter heap overflow (bsc#985177) - CVE-2016-5699: httplib header injection (bsc#985348) This update also includes all upstream bug fixes and improvements in Python 2.7.12. It also includes the following packaging changes: - reintroduce support for CA directory path The following tracked packaging issues were fixed: - broken overflow checks (bsc#964182) Moderate SUSE bug 964182 SUSE bug 984751 SUSE bug 985177 SUSE bug 985348 CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 Security update for dropbear (Critical) openSUSE Leap 42.1 This update for dropbear fixes four security issues (bnc#990363): - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including "%" symbols could be created on the target system. If a dbclient user can control usernames or host arguments, or untrusted input is processed, potentially arbitrary code could have been executed as the dbclient user. - When importing malicious OpenSSH key files via dropbearconvert, arbitrary code could have been executed as the local dropbearconvert user - If particular -m or -c arguments were provided, as used in scripts, dbclient could have executed arbitrary code - dbclient or dropbear server could have exposed process memory to the running user if compiled with DEBUG_TRACE and running with -v Dropbear was updated to the upstream 2016.74 release, including fixes for the following upstream issues: - Port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses - 100% CPU use while waiting for rekey to complete - Fix crash when fallback initshells() is used scp failing when the local user doesn't exist The following upstream improvements are included: - Support syslog in dbclient, option -o usesyslog=yes - Kill a proxycommand when dbclient exits - Option to exit when a TCP forward fails - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks Critical SUSE bug 990363 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: * It is possible to launch a web server with "php -S localhost:8080" It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5385). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated php server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes. (bnc#988486) * There was multiple cases where a remote attacker could trigger a double free and, given specific PHP code using callbacks, trigger code execution vectors. (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772) * It was possible to inject header or content information (XSS) when a user was using internet explorer as the browser. (bnc#986004, CVE-2015-8935) * In several cases it was possible for a integer overflow to trigger an excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393, CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767) * It was possible for an attacker to abuse the garbage collector to free a target array. At this point an attacker could craft a fake zval object and exploit the PHP process by taking over the EIP/RIP. (bnc#986391, CVE-2016-5771) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 986004 SUSE bug 986244 SUSE bug 986246 SUSE bug 986386 SUSE bug 986388 SUSE bug 986391 SUSE bug 986392 SUSE bug 986393 SUSE bug 988486 CVE-2015-8935 CVE-2016-5385 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 Security update for mupdf (Moderate) openSUSE Leap 42.1 This update for mupdf fixes the following issues: Security issues fixed: - CVE-2016-6265: Fixed a use-after-free issue (boo#990195). Moderate SUSE bug 990195 CVE-2016-6265 Security update for MozillaFirefox, mozilla-nss (Important) openSUSE Leap 42.1 Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation (e10s) is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The media parser has been redeveloped using the Rust programming language - better Canvas performance with speedy Skia support - Now requires NSS 3.24 The following security issues were fixed: (boo#991809) - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards - CVE-2016-2830: Favicon network connection can persist when page is closed - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 - CVE-2016-5251: Location bar spoofing via data URLs with malformed/invalid mediatypes - CVE-2016-5252: Stack underflow during 2D graphics rendering - CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library - CVE-2016-5254: Use-after-free when using alt key and toplevel menus - CVE-2016-5255: Crash in incremental garbage collection in JavaScript - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown - CVE-2016-5259: Use-after-free in service workers with nested sync events - CVE-2016-5260: Form input type change from password to text can store plain text password in session restore file - CVE-2016-5261: Integer overflow in WebSockets during data buffering - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback - CVE-2016-5263: Type confusion in display transformation - CVE-2016-5264: Use-after-free when applying SVG effects - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file - CVE-2016-5266: Information disclosure and local file manipulation through drag and drop - CVE-2016-5268: Spoofing attack through text injection into internal error pages - CVE-2016-5250: Information disclosure through Resource Timing API during page navigation The following non-security changes are included: - The AppData description and screenshots were updated. - Fix Firefox crash on startup on i586 (boo#986541) - The Selenium WebDriver may have caused Firefox to crash at startup - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - Fix running on 48bit va aarch64 (boo#984126) - fix XUL dialog button order under KDE session (boo#984403) Mozilla NSS was updated to 3.24 as a dependency. Changes in mozilla-nss: - NSS softoken updated with latest NIST guidance - NSS softoken updated to allow NSS to run in FIPS Level 1 (no password) - Various added and deprecated functions - Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. - Protect against the Cachebleed attack. - Disable support for DTLS compression. - Improve support for TLS 1.3. This includes support for DTLS 1.3. (experimental) Important SUSE bug 984126 SUSE bug 984403 SUSE bug 984637 SUSE bug 986541 SUSE bug 991809 CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 Security update for ffmpeg (Important) openSUSE Leap 42.1 This update to ffmpeg 2.8.5 fixes the following issues: * CVE-2016-1897: Cross-origin issue in URL processing (concat) - local file disclosure (boo#961937) * CVE-2016-1898: Cross-origin issue in URL processing (subfile) - local file disclosure (boo#961937) Important SUSE bug 961937 CVE-2016-1897 CVE-2016-1898 Security update for libvirt (Moderate) openSUSE Leap 42.1 This update for libvirt fixes the following issues: - Update to libvirt 1.2.18.4 stable release - Inherit many upstream bug fixes, including CVE-2016-5008 boo#987527. For details, see http://wiki.libvirt.org/page/Maintenance_Releases - virsh: improve waiting for block job readines (boo#989755) Moderate SUSE bug 987527 SUSE bug 989755 CVE-2016-5008 Security update for redis (Moderate) openSUSE Leap 42.1 This update for redis fixes the following issues: - CVE-2013-7458: unsafe permissions of command line history (boo#991250) Moderate SUSE bug 991250 CVE-2013-7458 Security update for bsdiff (Moderate) openSUSE Leap 42.1 This update for bsdiff fixes the following issues: - CVE-2014-9862: Improper checking of input allows arbitrary write on heap (boo#990660) Moderate SUSE bug 990660 CVE-2014-9862 Security update for wireshark (Low) openSUSE Leap 42.1 Wireshark was updated to 1.12.13 to fix a number of minor security issues and bugs. This release fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - CVE-2016-6504: NDS dissector crash (boo#991012) - CVE-2016-6505: PacketBB crash (boo#991013) - CVE-2016-6506: WSP infinite loop (boo#991015) - CVE-2016-6507: MMSE infinite loop (boo#991016) - CVE-2016-6508: RLC long loop (boo#991017) - CVE-2016-6509: LDSS dissector crash (boo#991018) - CVE-2016-6510: RLC dissector crash (boo#991019) - CVE-2016-6511: OpenFlow long loop (boo#991020) This update also includes further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Low SUSE bug 991012 SUSE bug 991013 SUSE bug 991015 SUSE bug 991016 SUSE bug 991017 SUSE bug 991018 SUSE bug 991019 SUSE bug 991020 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 52.0.2743.116 to fix the following security issues: (boo#992305) - CVE-2016-5141: Address bar spoofing (boo#992314) - CVE-2016-5142: Use-after-free in Blink (boo#992313) - CVE-2016-5139: Heap overflow in pdfium (boo#992311) - CVE-2016-5140: Heap overflow in pdfium (boo#992310) - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320) - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319) - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315) - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives (boo#992309) Important SUSE bug 992305 SUSE bug 992309 SUSE bug 992310 SUSE bug 992311 SUSE bug 992313 SUSE bug 992314 SUSE bug 992315 SUSE bug 992319 SUSE bug 992320 CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 Security update for pcre2 (Low) openSUSE Leap 42.1 This update for pcre2 fixes the following issues: - pcre2 10.22: * The POSIX wrapper function regcomp() did not used to support back references and subroutine calls if called with the REG_NOSUB option. It now does. * A new function, pcre2_code_copy(), is added, to make a copy of a compiled pattern. * Support for string callouts is added to pcre2grep. * Added the PCRE2_NO_JIT option to pcre2_match(). * The pcre2_get_error_message() function now returns with a negative error code if the error number it is given is unknown. * Several updates have been made to pcre2test and test scripts * Fix CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses (boo#971741) - Update to new upstream release 10.21 * Improve JIT matching speed of patterns starting with + or *. * Use memchr() to find the first character in an unanchored match in 8-bit mode in the interpreter. This gives a significant speed improvement. * 10.20 broke the handling of [[:>:]] and [[:<:]] in that processing them could involve a buffer overflow if the following character was an opening parenthesis. * 10.20 also introduced a bug in processing this pattern: /((?x)(*:0))#(?'/, which was fixed. * A callout with a string argument containing an opening square bracket, for example /(?C$[$)(?<]/, was incorrectly processed and could provoke a buffer overflow. * A possessively repeated conditional group that could match an empty string, for example, /(?(R))*+/, was incorrectly compiled. * The Unicode tables have been updated to Unicode 8.0.0. * An empty comment (?#) in a pattern was incorrectly processed and could provoke a buffer overflow. * Fix infinite recursion in the JIT compiler when certain patterns /such as (?:|a|){100}x/ are analysed. * Some patterns with character classes involving [: and \\ were incorrectly compiled and could cause reading from uninitialized memory or an incorrect error diagnosis. Examples are: /[[:\\](?<[::]/ and /[[:\\](?'abc')[a:]. * A missing closing parenthesis for a callout with a string argument was not being diagnosed, possibly leading to a buffer overflow. * If (?R was followed by - or + incorrect behaviour happened instead of a diagnostic. * Fixed an issue when \p{Any} inside an xclass did not read the current character. * About 80 more fixes, which you can read about in the ChangeLog shipped with the libpcre2-8-0 package. Low SUSE bug 971741 CVE-2016-3191 Security update for libarchive (Important) openSUSE Leap 42.1 libarchive was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8922: Null pointer access in 7z parser (bsc#985685). - CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706). - CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704). - CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679). - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2015-8930: Endless loop in ISO parser (bsc#985700). - CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689). - CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665). - CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688). - CVE-2015-8934: Out of bounds read in RAR (bsc#985673). - CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832). - CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826). - CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 984990 SUSE bug 985609 SUSE bug 985665 SUSE bug 985669 SUSE bug 985673 SUSE bug 985675 SUSE bug 985679 SUSE bug 985682 SUSE bug 985685 SUSE bug 985688 SUSE bug 985689 SUSE bug 985697 SUSE bug 985698 SUSE bug 985700 SUSE bug 985703 SUSE bug 985704 SUSE bug 985706 SUSE bug 985826 SUSE bug 985832 SUSE bug 985835 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 Security update for sqlite3 (Moderate) openSUSE Leap 42.1 This update for sqlite3 fixes the following issues: The following security issue was fixed: - CVE-2016-6153: Fixed a tempdir selection vulnerability (bsc#987394) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 987394 CVE-2016-6153 Security update for hawk2 (Important) openSUSE Leap 42.1 This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) The following non-security issue was fixed: - In the Wizards UI, prevent text display issues due to internationalization with certain strings (bsc#987696) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 984619 SUSE bug 987696 Security update for java-1_7_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java failing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 982366 SUSE bug 984684 SUSE bug 988651 SUSE bug 989722 SUSE bug 989723 SUSE bug 989725 SUSE bug 989727 SUSE bug 989728 SUSE bug 989729 SUSE bug 989730 SUSE bug 989731 SUSE bug 989732 SUSE bug 989733 SUSE bug 989734 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 * Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPushClosure> - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update * Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain "GNU General Public License" header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates * Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwiceTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define "headful" jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 * Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property "enableCustomValueHandler" introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL * AArch64 port - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64 - S8148328, PR3078: aarch64: redundant lsr instructions in stub code. - S8148783, PR3078: aarch64: SEGV running SpecJBB2013 - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection - S8150082, PR3078: aarch64: optimise small array copy - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops. - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero. - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine - S8153713, PR3078: aarch64: improve short array clearing using store pair - S8153797, PR3078: aarch64: Add Arrays.fill stub code - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8155015, PR3078: Aarch64: bad assert in spill generation code - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612 - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine - S8157841, PR3078: aarch64: prefetch ignores cache line size - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted - S8158913, PR3078: aarch64: SEGV running Spark terasort - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words - S8159063, PR3078: aarch64: optimise unaligned array copy long - PR3078: Cleanup remaining differences from aarch64/jdk8u tree - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895) - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 984684 SUSE bug 987895 SUSE bug 988651 SUSE bug 989721 SUSE bug 989722 SUSE bug 989723 SUSE bug 989725 SUSE bug 989726 SUSE bug 989727 SUSE bug 989728 SUSE bug 989729 SUSE bug 989730 SUSE bug 989731 SUSE bug 989732 SUSE bug 989733 SUSE bug 989734 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 security update for go (Low) openSUSE Leap 42.1 This update addresses a security issue affecting code statically linked with go: - CVE-2016-5386: A remote attacker could set the HTTP_PROXY environment variable via Proxy header (bsc#988487) Low SUSE bug 988487 CVE-2016-5386 Security update for GraphicsMagick (Important) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following issues: - CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752) - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309) - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455) - CVE-2014-9846: Overflow in rle file (boo#983521) - CVE-2015-8894: Double free in TGA code (boo#983523) - CVE-2015-8896: Double free / integer truncation issue (boo#983533) - CVE-2014-9807: Double free in pdb coder (boo#983794) - CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799) - CVE-2014-9819: Heap overflow in palm files (boo#984142) - CVE-2014-9835: Heap overflow in wpf file (boo#984145) - CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375) - CVE-2014-9820: heap overflow in xpm files (boo#984150) - CVE-2014-9837: Additional PNM sanity checks (boo#984166) - CVE-2014-9815: Crash on corrupted wpg file (boo#984372) - CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379) - CVE-2014-9845: Crash due to corrupted dib file (boo#984394) - CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400) - CVE-2014-9853: Memory leak in rle file handling (boo#984408) - CVE-2014-9834: Heap overflow in pict file (boo#984436) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442) - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) Important SUSE bug 965853 SUSE bug 983309 SUSE bug 983455 SUSE bug 983521 SUSE bug 983523 SUSE bug 983533 SUSE bug 983752 SUSE bug 983794 SUSE bug 983799 SUSE bug 984142 SUSE bug 984145 SUSE bug 984150 SUSE bug 984166 SUSE bug 984372 SUSE bug 984375 SUSE bug 984379 SUSE bug 984394 SUSE bug 984400 SUSE bug 984408 SUSE bug 984436 SUSE bug 985442 CVE-2014-9805 CVE-2014-9807 CVE-2014-9809 CVE-2014-9815 CVE-2014-9817 CVE-2014-9819 CVE-2014-9820 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9839 CVE-2014-9845 CVE-2014-9846 CVE-2014-9853 CVE-2015-8894 CVE-2015-8896 CVE-2016-2317 CVE-2016-2318 CVE-2016-5240 CVE-2016-5241 CVE-2016-5688 Security update for harfbuzz (Moderate) openSUSE Leap 42.1 This update for harfbuzz fixes the following security issues: - CVE-2016-2052: harfbuzz: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 (boo#963436) - CVE-2015-8947: harfbuzz: hb-ot-layout-gpos-table.hh buffer over-read (boo#989564) Moderate SUSE bug 963436 SUSE bug 989564 CVE-2015-8947 CVE-2016-2052 Security update for squid (Moderate) openSUSE Leap 42.1 The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues: - Fixed multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2015-5400: Improper protection of alternate path. (bsc#938715) - CVE-2015-3455: Squid http proxy configured with client-first SSL bumping did not correctly validate server certificate. (bsc#929493) - CVE-2016-3948: Fixed denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: Fixed multiple issues in ESI processing (bsc#976556) - CVE-2016-4553: Fixed cache poisoning issue in HTTP Request handling (bsc#979009) - CVE-2016-4554: Fixed header smuggling issue in HTTP Request processing (bsc#979010) - Fixed multiple Denial of Service issues in ESI Response processing. (CVE-2016-4555, CVE-2016-4556, bsc#979011, bsc#979008) Additionally, the following non-security issues have been fixed: - Fix header size in script unsquid.pl. (bsc#902197) - Add external helper ext_session_acl to package. (bsc#959290) - Update forward_max_tries to permit 25 server paths With cloud sites becoming more popular more CDN servers are producing long lists of IPv6 and IPv4 addresses. If there are not enough paths selected the IPv4 ones may never be reached. - squid.init: wait that squid really dies when we kill it on upgrade instead of proclaiming its demise prematurely (bnc#963539) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 902197 SUSE bug 929493 SUSE bug 938715 SUSE bug 955783 SUSE bug 959290 SUSE bug 963539 SUSE bug 968392 SUSE bug 968393 SUSE bug 968394 SUSE bug 968395 SUSE bug 973782 SUSE bug 973783 SUSE bug 976553 SUSE bug 976556 SUSE bug 979008 SUSE bug 979009 SUSE bug 979010 SUSE bug 979011 CVE-2015-3455 CVE-2015-5400 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 (boo#963184) - CVE-2016-1613: Use-after-free in PDFium (boo#963185) - CVE-2016-1614: Information leak in Blink (boo#963186) - CVE-2016-1615: Origin confusion in Omnibox (boo#963187) - CVE-2016-1616: URL Spoofing (boo#963188) - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189) - CVE-2016-1618: Weak random number generator in Blink (boo#963190) - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191) - CVE-2016-1620 chromium-browser: various fixes (boo#963192) This update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension. Important SUSE bug 963184 SUSE bug 963185 SUSE bug 963186 SUSE bug 963187 SUSE bug 963188 SUSE bug 963189 SUSE bug 963190 SUSE bug 963191 SUSE bug 963192 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 Security update for roundcubemail (Moderate) openSUSE Leap 42.1 This update for roundcubemail fixes the following vulnerabilities: - CVE-2015-8864: XSS issue in SVG images handling (boo#976988) - CVE-2015-2181: issue in DBMail driver of password plugin - CVE-2016-4069: Cross-site request forgery in download URLs (boo#976988) Roundcubemail was also updated to 1.1.5, fixing the following bugs: - Plugin API: Add html2text hook - Plugin API: Added addressbook_export hook - Fix missing emoticons on html-to-text conversion - Fix random "access to this resource is secured against CSRF" message at logout - Fix missing language name in "Add to Dictionary" request in HTML mode - Enable use of TLSv1.1 and TLSv1.2 for IMAP - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode - Fix bug in long recipients list parsing for cases where recipient name contained @-char - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 - Hide DSN option in Preferences when smtp_server is not used - newmail_notifier: Refactor desktop notifications - Fix so contactlist_fields option can be set via config file - Fix so SPECIAL-USE assignments are forced only until user sets special folders - Fix performance in reverting order of THREAD result - Fix converting mail addresses with @www. into mailto links Moderate SUSE bug 976988 CVE-2015-2181 CVE-2015-8864 CVE-2016-4069 Security update for python3 (Moderate) openSUSE Leap 42.1 This update for python3 fixes the following issues: - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110) Moderate SUSE bug 935856 SUSE bug 951166 SUSE bug 983582 SUSE bug 984751 SUSE bug 985177 SUSE bug 985348 SUSE bug 989523 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-9756: KVM: x86: drop error recovery in em_jmp_far and em_ret_far (bsc#1013038). The following non-security bugs were fixed: - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1014943). Important SUSE bug 1013038 SUSE bug 1014943 CVE-2016-9756 Security update for dnsmasq (Important) openSUSE Leap 42.1 This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 983273 CVE-2015-8899 Security update for icinga (Important) openSUSE Leap 42.1 This update for icinga includes various upstream fixes and the following security security fixes: - icinga was updated to version 1.14.0 - the classic-UI was vulnerable to a cross site scripting attack (CVE-2015-8010, boo#952777) - A user with nagios privileges could have gained root privileges by placing a symbolic link at the logfile location (CVE-2016-9566, boo#1014637) Important SUSE bug 1014637 SUSE bug 952777 CVE-2015-8010 CVE-2016-9566 Security update for icoutils (Important) openSUSE Leap 42.1 This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). Important SUSE bug 1018756 CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 Security update for pcsc-lite (Moderate) openSUSE Leap 42.1 pcsc-lite was updated to fix one security issue. This security issue was fixed: - CVE-2016-10109: This use-after-free and double-free issue allowed local attacker to cause a Denial of Service and possible privilege escalation (bsc#1017902). Moderate SUSE bug 1017902 CVE-2016-10109 Security update for samba (Moderate) openSUSE Leap 42.1 This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). The component affected is not built in our packages. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) - Add doc changes for net ads --no-dns-updates switch; (bsc#991564) - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user@domain.com format fails (bsc#997833). - Fix illegal memory access after memory has been deleted (bsc#975299). - Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500). - Various fixes for spnego/ntlm (bsc#986675). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1001203 SUSE bug 1009085 SUSE bug 1014437 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 975299 SUSE bug 986675 SUSE bug 991564 SUSE bug 994500 SUSE bug 997833 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Security update for pdns (Moderate) openSUSE Leap 42.1 This update for pdns fixes the following issues: - CVE-2016-2120: Crafted zone record could have caused a denial of service (bsc#1018329). - CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326). - CVE-2016-7072: Denial of service via the web server (bsc#1018327). - CVE-2016-7073: Fixed insufficient validation of TSIG signatures (bsc#1018328). - CVE-2016-7074: Fixed insufficient validation of TSIG signatures ((bsc#1018328). Moderate SUSE bug 1018326 SUSE bug 1018327 SUSE bug 1018328 SUSE bug 1018329 CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 Security update for bind (Important) openSUSE Leap 42.1 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Security update for openjpeg2 (Important) openSUSE Leap 42.1 This update for openjpeg2 fixes the following issues: * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] Important SUSE bug 1002414 SUSE bug 1007739 SUSE bug 1007740 SUSE bug 1007741 SUSE bug 1007742 SUSE bug 1007743 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1014543 SUSE bug 1014975 SUSE bug 999817 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 Security update for libgit2 (Moderate) openSUSE Leap 42.1 This update for libgit2 fixes the following issues: - CVE-2016-8568: Fixed and out-of-bounds read in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS using a null pointer dereference in git_commit_message (bsc#1003810). Moderate SUSE bug 1003810 CVE-2016-8568 CVE-2016-8569 Security update for squid (Moderate) openSUSE Leap 42.1 This update for squid fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1016168 SUSE bug 949942 CVE-2014-9749 CVE-2016-10002 Security update for pdns-recursor (Moderate) openSUSE Leap 42.1 This update for pdns-recursor fixes the following issue: - CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326) Moderate SUSE bug 1018326 CVE-2016-7068 Security update for libgme (Important) openSUSE Leap 42.1 This update for libgme fixes the following issues: - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1015941 CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 Security update for perl-DBD-mysql (Moderate) openSUSE Leap 42.1 This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1251: A use-after-free when used with mysql_server_prepare=1 (bsc#1012546). - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1002626 SUSE bug 1010457 SUSE bug 1012546 CVE-2016-1246 CVE-2016-1249 CVE-2016-1251 Security update for xtrabackup (Moderate) openSUSE Leap 42.1 This update for xtrabackup fixes the following issues: - CVE-2016-6225: xbcrypt encryption IV not being set properly (boo#1019858) Moderate SUSE bug 1019858 CVE-2016-6225 Security update for ImageMagick (Important) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2014-9848 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 Security update for tigervnc (Moderate) openSUSE Leap 42.1 This update for tigervnc fixes one issue. This security issue was fixed: - boo#1019274: Prevent the server from overflowing a buffer in the client, causing DoS or potentially code execution. Moderate SUSE bug 1019274 Security update for gstreamer-0_10-plugins-bad (Moderate) openSUSE Leap 42.1 This update for gstreamer-0_10-plugins-bad fixes the following issue: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659) Moderate SUSE bug 1013659 CVE-2016-9809 Security update for gstreamer-0_10-plugins-good (Important) openSUSE Leap 42.1 This update for gstreamer-0_10-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Important SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Security update for gstreamer-0_10-plugins-base (Moderate) openSUSE Leap 42.1 gstreamer-0_10-plugins-base was updated to fix one issue. This security issue was fixed: * CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1013669 CVE-2016-9811 Security update for virtualbox (Important) openSUSE Leap 42.1 This update for virtualbox to version 5.0.32 fixes the following issues: These security issues were fixed: - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a subset of VirtualBox accessible data and unauthorized ability to cause a partial denial of service (bsc#1020856). - CVE-2017-3290: Vulnerability in the Shared Folder subcomponent of virtualbox allows high privileged attacker unauthorized creation, deletion or modification access to critical data and unauthorized ability to cause a hang or frequently repeatable crash (bsc#1020856). - CVE-2017-3316: Vulnerability in the GUI subcomponent of virtualbox allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox (bsc#1020856). - CVE-2017-3332: Vulnerability in the SVGA Emulation subcomponent of virtualbox allows low privileged attacker unauthorized creation, deletion or modification access to critical data and unauthorized ability to cause a hang or frequently repeatable crash (bsc#1020856). For other changes please read the changelog. Important SUSE bug 1020856 CVE-2016-5545 CVE-2017-3290 CVE-2017-3316 CVE-2017-3332 Security update for lcms2 (Moderate) openSUSE Leap 42.1 This update for lcms2 to version 2.8 fixes the following issues: This security issue was fixed: - Fixed an out-of-bounds heap read in Type_MLU_Read that could be triggered by an untrusted image with a crafted ICC profile (boo#1021364). These non-security issues were fixed: * Fixed many typos in comments, thanks to Stefan Weil for doing that. * Fixed localization bug, added a new test case crayons.icc thnaks to Richard Hughes for providing the profile. * Fixed a bug in optimizer that made some formats (i.e, bits planar) unavailable * Fixed misalignment problems on Alpha. The compiler does not align strings, and accessing begin of string as a uint16 makes code to fail. * Added some extra checks to the tools and examples. * Fix a bug that prevented to read luminance tag * BIG amount of functionality contributed/Sponsored by Alien Skin Software: TransformStride, copyAlpha, performance plug-ins. Fixes some warnings as well. * added an extra _ to _stdcall to make it more portable * Fixed a bug in transicc for named color profiles * Fixed several compiler warnings * Added support for Visual Studio 2015 * Fixed for XCODE project * Update to GNOME 3.20 Moderate SUSE bug 1021364 Security update for containerd, docker, runc (Moderate) openSUSE Leap 42.1 This update for - containerd, - docker to version 1.12.6 and - runc fixes several issues. This security issues was fixed: - CVE-2016-9962: container escape vulnerability (bsc#1012568). Thsese non-security issues were fixed: - boo#1019251: Add a delay when starting docker service - Fixed bash-completion - boo#1015661: add the /usr/bin/docker-run symlink For additional details please see the changelog. Moderate SUSE bug 1004490 SUSE bug 1009961 SUSE bug 1012568 SUSE bug 1015661 SUSE bug 1016307 SUSE bug 1019251 SUSE bug 988408 CVE-2016-9962 Security update for MozillaFirefox (Important) openSUSE Leap 42.1 This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) * CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bmo#1312001, bmo#1330769, boo#1021818) * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) * CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) * CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) * CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) * CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) * CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) * CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) * CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) * CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) * CVE-2017-5374: Memory safety bugs (boo#1021841) * CVE-2017-5373: Memory safety bugs (boo#1021824) These non-security issues in MozillaFirefox were fixed: * Added support for FLAC (Free Lossless Audio Codec) playback * Added support for WebGL 2 * Added Georgian (ka) and Kabyle (kab) locales * Support saving passwords for forms without 'submit' events * Improved video performance for users without GPU acceleration * Zoom indicator is shown in the URL bar if the zoom level is not at default level * View passwords from the prompt before saving them * Remove Belarusian (be) locale * Use Skia for content rendering (Linux) * Improve recognition of LANGUAGE env variable (boo#1017174) * Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423) Important SUSE bug 1017174 SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021826 SUSE bug 1021827 SUSE bug 1021828 SUSE bug 1021830 SUSE bug 1021831 SUSE bug 1021832 SUSE bug 1021833 SUSE bug 1021835 SUSE bug 1021837 SUSE bug 1021839 SUSE bug 1021840 SUSE bug 1021841 CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5392 CVE-2017-5393 CVE-2017-5394 CVE-2017-5395 CVE-2017-5396 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814) - CVE-2017-5376: Use-after-free in XSL (boo#1021817) - CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818) - CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820) - CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821) - CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822) - CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824) The following non-security bugs were fixed: - Message preview pane non-functional after IMAP folder was renamed or moved - "Move To" button on "Search Messages" panel not working - Message sent to "undisclosed recipients" shows no recipient (non-functional since Thunderbird version 38) Moderate SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 Security update for seamonkey (Important) openSUSE Leap 42.1 This update for Seamonkey to version 2.46 fixes security issues and bugs. The following vulnerabilities were fixed: - Fix all Gecko related security issues between 43.0.1 and 49.0.2 - CVE-2016-6354: buffer overrun in flex (boo#990856) The following non-security changes are included: - improve recognition of LANGUAGE env variable (boo#1017174) - improve TLS compatibility with certain websites (boo#1021636) - Seamonkey now requires NSPR 4.12 and NSS 3.25 - based on Gecko 49.0.2 - Chatzilla and DOM Inspector were disabled Important SUSE bug 1017174 SUSE bug 1021636 SUSE bug 984637 SUSE bug 990856 CVE-2016-6354 Security update for kopete (Low) openSUSE Leap 42.1 This update for kopete fixes the following issues: - fix encrypting OTR messages after closing and re-opening kopete (boo#1016982, kde#362535) Low SUSE bug 1016982 Security update for nginx (Moderate) openSUSE Leap 42.1 This update for nginx fixes the following vulnerability: - CVE-2016-4450: Remote attackers could have caused a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Moderate SUSE bug 982505 CVE-2016-4450 Security update for bzrtp (Moderate) openSUSE Leap 42.1 This update for bzrtp fixes one security issue. The following vulnerability was fixed: - CVE-2016-6271: missing HVI check on DHPart2 packet reception may have allowed man-in-the-middle attackers to conduct spoofing attacks boo#1020844) Moderate SUSE bug 1020844 CVE-2016-6271 Security update for clamav-database (Moderate) openSUSE Leap 42.1 This update for clamav-database on January 30th refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for mupdf (Low) openSUSE Leap 42.1 This update for mupdf to version 1.10a fixes the following issues: These security issues were fixed: - CVE-2016-10132: Null pointer dereference in regexp because of a missing check after allocating memory allowing for DoS (bsc#1019877). - CVE-2016-10133: Heap buffer overflow write in js_stackoverflow allowing for DoS or possible code execution (bsc#1019877). - CVE-2016-10141: An integer overflow vulnerability triggered by a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition (bsc#1019877). These non-security issues were fixed: - A bug with mutool and saving PDF files using the 'ascii' option has been fixed. - Stop defining OPJ_STATIC - FictionBook (FB2) e-book support. - Simple SVG parser (a small subset of SVG only). - mutool convert: a new document conversion tool and interface. - Multi-threaded rendering in mudraw. - Updated base 14 fonts from URW. - New CJK font with language specific variants. - Hyperlink support in EPUB. - Alpha channel is now optional in pixmaps. - More aggressive purging of cached objects. - Partial image decoding for lower memory use when banding. - Reduced default set of built-in CMap tables to the minimum required. - FZ_ENABLE_PDF, _XPS, _JS, to disable features at compile time. - Function level linking. - Dropped pdf object generation numbers from public interfaces. - Simplified PDF page, xobject, and annotation internals. - Closing and freeing devices and writers are now separate steps. - Improved PDF annotation editing interface (still a work in progress). - Document writer interface. - Banded image writer interface. - Bidirectional layout for Arabic and Hebrew scripts. - Shaping complex scripts for EPUB text layout. - Noto fallback fonts for EPUB layout. - mutool create: - Create new PDF files from scratch. - Read an annotated content stream in a text file and write a PDF file, automatically embedding font and image resources. - mutool run: + Run javascript scripts with MuPDF bindings. + The interface is similar to the new Java interface. - mutool draw: + Optional multi-threaded operation (Windows and pthreads). + Optional low memory mode (primarily for testing). - Set to best anti-alias mode (8) by default. - Ship mupdf-x11-curl as default mupdf. Drop non-curl version. - New URW fonts with greek and cyrillic. - 64-bit file support. - Updated FreeType to version 2.6.1. - Various font substitution bug fixes. - EPUB improvements: User style sheets, GIF images, Table of Contents, CJK text, Page margins and many bug fixes. Low SUSE bug 1019877 CVE-2016-10132 CVE-2016-10133 CVE-2016-10141 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 This update to phpMyAdmin 4.4.15.10 fixes the following security issues: - CVE-2016-6621: Multiple vulnerabilities in setup script (PMASA-2016-44) - Open redirect (PMASA-2017-1) - CVE-2015-8980: php-gettext code execution (PMASA-2017-2) - DOS vulnerability in table editing (PMASA-2017-3) - CSS injection in themes (PMASA-2017-4) - SSRF in replication (PMASA-2017-6) - DOS in replication status (PMASA-2017-7) Moderate SUSE bug 1021597 CVE-2015-8980 CVE-2016-6621 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_8_0-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 (bsc#1020905) Upgrade to version jdk8u121 (icedtea 3.3.0): - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvements - S8168724, CVE-2016-5549: ECDSA signing improvements This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1020905 SUSE bug 1022053 CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Security update for gnutls (Important) openSUSE Leap 42.1 This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336) - GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444) - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 999646 CVE-2016-7444 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 Security update for cpio (Moderate) openSUSE Leap 42.1 This update for cpio fixes two issues. This security issue was fixed: - CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448). This non-security issue was fixed: - bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1020108 SUSE bug 963448 CVE-2016-2037 Security update for libgit2 (Moderate) openSUSE Leap 42.1 This update for libgit2 fixes the following issues: - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). Moderate SUSE bug 1019036 SUSE bug 1019037 CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2017-5338 CVE-2017-5339 Security update for GraphicsMagick (Moderate) openSUSE Leap 42.1 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314) - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10069: Add check for invalid mat file (bsc#1017325). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) Moderate SUSE bug 1017310 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017325 SUSE bug 1017326 SUSE bug 1020443 SUSE bug 1020448 CVE-2016-10048 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10146 CVE-2017-5511 Security update for libressl (Moderate) openSUSE Leap 42.1 This update for libressl fixes the following issues: - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys (boo#1019334) Moderate SUSE bug 1019334 CVE-2016-7056 Security update for spice (Important) openSUSE Leap 42.1 This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1023078 SUSE bug 1023079 CVE-2016-9577 CVE-2016-9578 Security update for libplist (Low) openSUSE Leap 42.1 This update for libplist addresses the following vulnerabilities: - CVE-2017-5545: OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610) - CVE-2017-5209: base64decode function could have allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data Low SUSE bug 1019531 SUSE bug 1021610 CVE-2017-5209 CVE-2017-5545 Recommended update for opera (Moderate) openSUSE Leap 42.1 NonFree This update for opera fixes the following issues: Changes in opera: - Update to version 43.0.2442.806: * See https://opera.com/blogs/desktop/changelog-for-43 Moderate Security update for irssi (Moderate) openSUSE Leap 42.1 The IRC textmode client irssi was updated to version 1.0.1 to fix bugs and security issues. irssi 1.0.1: * Fix Perl compilation in object dir * Fix incorrect HELP SERVER example * Correct memory leak in /OP and /VOICE * Fix regression that broke second level completion * Correct missing NULL termination in perl_parse boo#1023638 * Sync broken mail.pl script * Prevent a memory leak during the processing of the SASL response boo#1023637 irssi 1.0.0: * irssiproxy can now forward all tags through a single port. * The kill buffer now remembers consecutive kills. New bindings were added: yank_next_cutbuffer and append_next_kill. * autolog_ignore_targets and activity_hide_targets learn a new syntax tag/* and * to ignore whole networks or everything. * hilight got a -matchcase flag to hilight case sensitively. * Display TLS connection information upon connect. You can disable this by setting tls_verbose_connect to FALSE * Certificate pinning for TLS certificates * /names and $[…] now uses utf8 string operations. * New setting completion_nicks_match_case * /channel /server /network now support modify subcommand. * New option sasl_disconnect_on_failure to disconnect when SASL log-in failed. Moderate SUSE bug 1023637 SUSE bug 1023638 Security update for tigervnc (Important) openSUSE Leap 42.1 This update for tigervnc fixes the following issues: This security issue was fixed: - CVE-2016-10207: Prevent crash caused by failed TLS connection (bnc#1023012) This non-security issue was fixed: * Fix random client disconnections (boo#1022432) Important SUSE bug 1022432 SUSE bug 1023012 CVE-2016-10207 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel to 4.1.38 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down (bsc#1021258). - CVE-2016-10147: crypto/mcryptd.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5) (bnc#1020381). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 1013542). The following non-security bugs were fixed: - PCI: generic: Fix pci_remap_iospace() failure path (bsc#1019658). - bcache: partition support: add 16 minors per bcacheN device (bsc#1019784). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - clk: xgene: Do not call __pa on ioremaped address (bsc#1019660). - kABI workaround for 4.1.37 mount changes (stable-4.1.37). - kABI: reintroduce sk_filter (bsc#1009969). - kabi/severities: Ignore inode_change_ok change It's renamed in 4.1.37 to setattr_prepare() - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - net: introduce __sock_queue_rcv_skb() function (bsc#1009969). - netback: correct array index (bsc#983348). - netfront: do not truncate grant references. - netfront: use correct linear area after linearizing an skb (bsc#1007886). - reiserfs: fix race in prealloc discard (bsc#987576). - rose: limit sk_filter trim to payload (bsc#1009969). - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273). - xenbus: correctly signal errors from xenstored_local_init() (luckily none so far). - xenbus: do not invoke ->is_ready() for most device states (bsc#987333). Important SUSE bug 1003077 SUSE bug 1007886 SUSE bug 1009969 SUSE bug 1010444 SUSE bug 1011820 SUSE bug 1013273 SUSE bug 1013531 SUSE bug 1013540 SUSE bug 1013542 SUSE bug 1017589 SUSE bug 1017710 SUSE bug 1019658 SUSE bug 1019660 SUSE bug 1019784 SUSE bug 1020214 SUSE bug 1020381 SUSE bug 1021258 SUSE bug 983348 SUSE bug 987333 SUSE bug 987576 CVE-2016-10088 CVE-2016-10147 CVE-2016-7117 CVE-2016-7917 CVE-2016-8645 CVE-2016-9793 CVE-2016-9806 CVE-2017-5551 Security update for openssl (Moderate) openSUSE Leap 42.1 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1004499 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1022271 CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Security update for mariadb (Important) openSUSE Leap 42.1 This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878) - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882) - CVE-2016-6664: Root Privilege Escalation (bsc#1008253) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) - notable changes: * XtraDB updated to 5.6.34-79.1 * TokuDB updated to 5.6.34-79.1 * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1008253 SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020878 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 Security update for mysql-community-server (Important) openSUSE Leap 42.1 mysql-community-server was updated to version 5.6.35 to fix bugs and security issues: * Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html * Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873], CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244 [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882], CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313 [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894], CVE-2017-3318 [boo#1020896] Important SUSE bug 1020872 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020876 SUSE bug 1020877 SUSE bug 1020878 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020890 SUSE bug 1020893 SUSE bug 1020894 SUSE bug 1020896 CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 Security update for guile (Low) openSUSE Leap 42.1 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1004221 CVE-2016-8605 Security update for expat (Moderate) openSUSE Leap 42.1 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 Security update for postfixadmin (Moderate) openSUSE Leap 42.1 postfixadmin was updated to 3.0.2 to fix the following issues: - PostfixAdmin 3.0.2: - SECURITY: don't allow to delete protected aliases (CVE-2017-5930, boo#1024211) - fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with lots of mailboxes - allow switching between dovecot:* password schemes while still accepting passwords hashed using the previous dovecot:* scheme - FetchmailHandler: use a valid date as default for 'date' - fix date formatting in non-english languages when using PostgreSQL - various small fixes - PostfixAdmin 3.0: - add sqlite backend option - add configurable smtp helo (CONF["smtp_client"]) - new translation: ro (Romanian) - language update: tw, cs, de - fix escaping in gen_show_status() (could be used to DOS list-virtual by creating a mail address with special chars) - add CSRF protection for POST requests - list.tpl: base edit/editactive/delete links in list.tpl on $RAW_item to avoid double escaping, and fix some corner cases - fix db_quota_text() for postgresql (concat() vs. ||) - change default date for 'created' and 'updated' columns from 0000-00-00 (which causes problems with MySQL strict mode) to 2000-01-01 - allow punicode even in TLDs - update Smarty to 3.1.29 - add checks to login.php and cli to ensure database layout is up to date - whitelist '-1' as valid value for postfixadmin-cli - don't stripslashes() the password in pacrypt - various small bugfixes Moderate SUSE bug 1024211 CVE-2017-5930 Security update for mupdf (Moderate) openSUSE Leap 42.1 This update for mupdf fixes the following vulnerabilities: - CVE-2017-5627: Integer overflow in the mujs implementation (boo#1022503) - CVE-2017-5628: Integer overflow in the mujs implementation (boo#1022504) - CVE-2017-5896: heap overflow (boo#1023761, boo#1024679) - NULL pointer dereference in dodrawpage (boo#1023760) Moderate SUSE bug 1022503 SUSE bug 1022504 SUSE bug 1023760 SUSE bug 1023761 SUSE bug 1024679 CVE-2017-5627 CVE-2017-5628 CVE-2017-5896 Security update of chromium (Important) openSUSE Leap 42.1 Google chromium was updated to 56.0.2924.87: * Various small fixes * Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public AVStream API 'codecpar'. It also contains the version update to 56.0.2924.76 (bsc#1022049): - CVE-2017-5007: Universal XSS in Blink - CVE-2017-5006: Universal XSS in Blink - CVE-2017-5008: Universal XSS in Blink - CVE-2017-5010: Universal XSS in Blink - CVE-2017-5011: Unauthorised file access in Devtools - CVE-2017-5009: Out of bounds memory access in WebRTC - CVE-2017-5012: Heap overflow in V8 - CVE-2017-5013: Address spoofing in Omnibox - CVE-2017-5014: Heap overflow in Skia - CVE-2017-5015: Address spoofing in Omnibox - CVE-2017-5019: Use after free in Renderer - CVE-2017-5016: UI spoofing in Blink - CVE-2017-5017: Uninitialised memory access in webm video - CVE-2017-5018: Universal XSS in chrome://apps - CVE-2017-5020: Universal XSS in chrome://downloads - CVE-2017-5021: Use after free in Extensions - CVE-2017-5022: Bypass of Content Security Policy in Blink - CVE-2017-5023: Type confusion in metrics - CVE-2017-5024: Heap overflow in FFmpeg - CVE-2017-5025: Heap overflow in FFmpeg - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing - Enable VAAPI hardware accelerated video decoding. - Chromium 55.0.2883.87: * various fixes for crashes and specific wesites * update Google pinned certificates Important SUSE bug 1022049 CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 Security update for viewvc (Moderate) openSUSE Leap 42.1 This update for viewvc to version 1.1.26 fixes the following issues: - vievwc 1.1.26, including one security fix: * CVE-2017-5938 escape nav_data name to avoid XSS attack (boo#1024393) - vievwc 1.1.25: * fix _rev2optrev assertion on long input - license is BSD-2-Clause, package LICENSE text - Update viewvc.conf for Apache 2.4 syntax. - viewvc 1.1.24: * fix minor bug in human_readable boolean calculation * allow hr_funout option to apply to unidiff diffs, too * fix infinite loop in rcsparse * fix iso8601 timezone offset handling * add support for renamed roots * fix minor buglet in viewvc-install error message Moderate SUSE bug 1024393 CVE-2017-5938 Security update for open-vm-tools (Moderate) openSUSE Leap 42.1 This update for open-vm-tools fixes the following issues: - Updated to 10.1.0 stable release (boo#1011057) + vmware-namespace-cmd command line utility. + gtk3 support + Common Agent Framework (CAF) + guest authentication with xmlsec1 + FreeBSD support + sub-command to push updated network information to the host on demand + udev rules for configuring SCSI timeouts in the guest + fixes for Ubuntu 16.10 + Fix for quiesced snapshot failure leaving guest file system quiesced (boo#1006796) + Fix for CVE-2015-5191 (boo#1007600) - Report SLES12-SAP guest OS as SLES12 (boo#1013496) - Remove building KMP modules. No longer needed or wanted for current releases. User space tool vmhgfs-fuse has replaced the need for vmhgfs kernel module. - Add udev rule to increase VMware virtual disk timeout values (boo#994598) - Fix vmtoolsd init script to run vmtoolsd in background. (boo#971031) + fix originally done in SLE-11-SP4 code base by tcech@suse.cz - Added patches for GCC 6 build failure (boo#985110) - Update to 10.0.7-gtk3 stable branch + add support for gtk3, needed by the dndcp and resolutionset plugins + remove files generated by autoreconf + a few minor build fixes - Update fixes copy-n-paste and drag-n-drop regressions (boo#978424) - Added new vmblock-fuse.service - Update to 10.0.7 stable branch + Added namespace command line utility "vmware-namespace-cmd". - Compile without gtkmm support for SLES12 based environments (which do not provide gtkmm2.4) - Update to 10.0.5 stable branch + [vgauth] fix timestamp check + [libresolutionSet.so] Add an error handler to X11 resolutionSet + [vmci.ko] Kill tasklet when unloading vmci module + [libvmbackup.so] Quiesced snapshots Skip freezing autofs mounts. + [vmhgfs.ko] make vmhgfs compatible with Linux kernel 4.2 - This update also addresses a suspend with systemd issue (boo#913727) Moderate SUSE bug 1006796 SUSE bug 1007600 SUSE bug 1011057 SUSE bug 1013496 SUSE bug 913727 SUSE bug 971031 SUSE bug 978424 SUSE bug 985110 SUSE bug 994598 CVE-2015-5191 Security update for opus (Important) openSUSE Leap 42.1 This update for opus fixes the following issues: - CVE-2017-0381: Fixed a remote code execution vulnerability in silk/NLSF_stabilize.c when playing certain media files (bsc#1020102) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1020102 CVE-2017-0381 Security update for java-1_7_0-openjdk (Important) openSUSE Leap 42.1 This update for java-1_7_0-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 (bsc#1020905): * Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8168724, CVE-2016-5549: ECDSA signing improvments - S6253144: Long narrowing conversion should describe the algorithm used and implied "risks" - S6328537: Improve javadocs for Socket class by adding references to SocketOptions - S6978886: javadoc shows stacktrace after print error resulting from disk full - S6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory - S6996372: synchronizing handshaking hash - S7027045: (doc) java/awt/Window.java has several typos in javadoc - S7054969: Null-check-in-finally pattern in java/security documentation - S7072353: JNDI libraries do not build with javac -Xlint:all -Werror - S7075563: Broken link in "javax.swing.SwingWorker" - S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11 - S7088502: Security libraries don't build with javac -Werror - S7092447: Clarify the default locale used in each locale sensitive operation - S7093640: Enable client-side TLS 1.2 by default - S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed - S7117360: Warnings in java.util.concurrent.atomic package - S7117465: Warning cleanup for IMF classes - S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an error - S8000418: javadoc should used a standard "generated by javadoc" string - S8000666: javadoc should write directly to Writer instead of composing strings - S8000673: remove dead code from HtmlWriter and subtypes - S8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK - S8001669: javadoc internal DocletAbortException should set cause when appropriate - S8008949: javadoc stopped copying doc-files - S8011402: Move blacklisting certificate logic from hard code to data - S8011547: Update XML Signature implementation to Apache Santuario 1.5.4 - S8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo - S8016217: More javadoc warnings - S8017325: Cleanup of the javadoc <code> tag in java.security.cert - S8017326: Cleanup of the javadoc <code> tag in java.security.spec - S8019772: Fix doclint issues in javax.crypto and javax.security subpackages - S8020557: javadoc cleanup in javax.security - S8020688: Broken links in documentation at http://docs.oracle.com/javase/6/docs/api/index. - S8021108: Clean up doclint warnings and errors in java.text package - S8021417: Fix doclint issues in java.util.concurrent - S8021833: javadoc cleanup in java.net - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails - S8022175: Fix doclint warnings in javax.print - S8022406: Fix doclint issues in java.beans - S8022746: List of spelling errors in API doc - S8024779: [macosx] SwingNode crashes on exit - S8025085: [javadoc] some errors in javax/swing - S8025218: [javadoc] some errors in java/awt classes - S8025249: [javadoc] fix some javadoc errors in javax/swing/ - S8025409: Fix javadoc comments errors and warning reported by doclint report - S8026021: more fix of javadoc errors and warnings reported by doclint, see the description - S8037099: [macosx] Remove all references to GC from native OBJ-C code - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8049244: XML Signature performance issue caused by unbuffered signature data - S8049432: New tests for TLS property jdk.tls.client.protocols - S8050893: (smartcardio) Invert reset argument in tests in sun/security/smartcardio - S8059212: Modify regression tests so that they do not just fail if no cardreader found - S8068279: (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName - S8068491: Update the protocol for references of docs.oracle.com to HTTPS. - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 - S8076369: Introduce the jdk.tls.client.protocols system property for JDK 7u - S8139565: Restrict certificates with DSA keys less than 1024 bits - S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8143959: Certificates requiring blacklisting - S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks - S8148516: Improve the default strength of EC in JDK - S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks - S8151893: Add security property to configure XML Signature secure validation mode - S8155760: Implement Serialization Filtering - S8156802: Better constraint checking - S8161228: URL objects with custom protocol handlers have port changed after deserializing - S8161571: Verifying ECDSA signatures permits trailing bytes - S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar - S8164908: ReflectionFactory support for IIOP and custom serialization - S8165230: RMIConnection addNotificationListeners failing with specific inputs - S8166393: disabledAlgorithms property should not be strictly parsed - S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only) - S8166739: Improve extensibility of ObjectInputFilter information passed to the filter - S8166875: (tz) Support tzdata2016g - S8166878: Connection reset during TLS handshake - S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed - S8167459: Add debug output for indicating if a chosen ciphersuite was legacy - S8167472: Chrome interop regression with JDK-8148516 - S8167591: Add MD5 to signed JAR restrictions - S8168861: AnchorCertificates uses hardcoded password for cacerts keystore - S8168993: JDK8u121 L10n resource file update - S8169191: (tz) Support tzdata2016i - S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU - S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304 - S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property - S8170268: 8u121 L10n resource file update - msgdrop 20 - S8173622: Backport of 7180907 is incomplete - S8173849: Fix use of java.util.Base64 in test cases - S8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 - CVE-2017-3259 Vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. * Backports - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on __APPLE__and _LLP64 systems. - S8000351, PR3316, RH1390708: Tenuring threshold should be unsigned - S8153711, PR3315, RH1284948: [REDO] GlobalRefs never deleted when processing invokeMethod command - S8170888, PR3316, RH1390708: [linux] support for cgroup memory limits in container (ie Docker) environments * Bug fixes - PR3318: Replace 'infinality' with 'improved font rendering' (--enable-improved-font-rendering) - PR3318: Fix compatibility with vanilla Fontconfig - PR3318: Fix glyph y advance - PR3318: Always round glyph advance in 26.6 space - PR3318: Simplify glyph advance handling - PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken by PR1989 * AArch64 port - S8165673, PR3320: AArch64: Fix JNI floating point argument handling This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1020905 CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Security update for firebird (Moderate) openSUSE Leap 42.1 This update for firebird fixes the following issues: - security vulnerability fix for bypassing 'Restrict UDF' value of UdfAccess config directive (boo#1023990) Moderate SUSE bug 1023990 Security update for vim (Moderate) openSUSE Leap 42.1 This update for vim fixes the following issues: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) Moderate SUSE bug 1024724 CVE-2017-5953 Security update for tiff (Moderate) openSUSE Leap 42.1 This update for tiff fixes the following issues: - CVE-2017-5225: A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility (bsc#1019611). Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAG_FAXRECVPARAMS. (bsc#1022103) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1019611 SUSE bug 1022103 CVE-2017-5225 Security update for libplist (Moderate) openSUSE Leap 42.1 This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed (bsc#1023848) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) Moderate SUSE bug 1019531 SUSE bug 1023807 SUSE bug 1023822 SUSE bug 1023848 CVE-2017-5209 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 Security update for nodejs (Moderate) openSUSE Leap 42.1 nodejs was updated to LTS release 4.7.3 to fix the following issues: * deps: upgrade embedded openssl sources to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, boo#1022085, boo#1022086, boo#1009528) Changes in LTS release 4.7.1: * build: shared library support is now working for AIX builds * repl: passing options to the repl will no longer overwrite defaults * timers: recanceling a cancelled timers will no longer throw Changes in LTS release 4.7.0: * build: introduce the configure --shared option for embedders * debugger: make listen address configurable in debugger server * dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler * http: introduce the 451 status code "Unavailable For Legal Reasons" * gtest: the test reporter now outputs tap comments as yamlish * tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates) * tls: fix memory leak when writing data to TLSWrap instance during handshake * src: node no longer aborts when c-ares initialization fails Changes in LTS release 4.6.2: * build: it is now possible to build the documentation from the release tarball * buffer: Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed * deps/npm: upgrade npm in LTS to 2.15.11 * repl: enable tab completion for global properties * url: url.format() will now encode all "#" in search Moderate SUSE bug 1009528 SUSE bug 1022085 SUSE bug 1022086 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Security update for profanity (Moderate) openSUSE Leap 42.1 This update for profanity fixes the following issues: Changes in profanity: - CVE-2017-5592: The incorrect message carbons implementation that could allow user impersonification was fixed (boo#1024696) Moderate SUSE bug 1024696 CVE-2017-5592 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762) The following non-security bugs were fixed: - btrfs: support NFSv2 export (bnc#929871). - btrfs: Direct I/O: Fix space accounting (bsc#1025058). - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069). - btrfs: bail out if block group has different mixed flag (bsc#1025072). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: check pending chunks when shrinking fs to avoid corruption (bnc#936445). - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910). - btrfs: do not BUG() during drop snapshot (bsc#1025076). - btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - btrfs: do not initialize a space info as full to prevent ENOSPC (bnc#944001). - btrfs: do not leak reloc root nodes on error (bsc#1025074). - btrfs: fix block group ->space_info null pointer dereference (bnc#935088). - btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550). - btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891). - btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855). - btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344). - btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057). - btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - btrfs: fix extent accounting for partial direct IO writes (bsc#1025062). - btrfs: fix file corruption after cloning inline extents (bnc#942512). - btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - btrfs: fix file read corruption after extent cloning and fsync (bnc#946902). - btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489). - btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - btrfs: fix hang when failing to submit bio of directIO (bnc#942685). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix invalid page accesses in extent_same (dedup) ioctl (bnc#968230). - btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1025063). - btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844). - btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942685). - btrfs: fix memory leak in do_walk_down (bsc#1025075). - btrfs: fix memory leak in reading btree blocks (bsc#1025071). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix page reading in extent_same ioctl leading to csum errors (bnc#968230). - btrfs: fix qgroup rescan worker initialization (bsc#1025077). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race between balance and unused block group deletion (bnc#938892). - btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix shrinking truncate when the no_holes feature is enabled (bsc#1025053). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: fix stale dir entries after removing a link and fsync (bnc#942925). - btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - btrfs: fix warning in backref walking (bnc#966278). - btrfs: fix warning of bytes_may_use (bsc#1025065). - btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: incremental send, check if orphanized dir inode needs delayed rename (bsc#1025049). - btrfs: incremental send, do not delay directory renames unnecessarily (bsc#1025048). - btrfs: incremental send, fix clone operations for compressed extents (fate#316463). - btrfs: incremental send, fix premature rmdir operations (bsc#1025064). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649, bnc#951615). - btrfs: remove misleading handling of missing device scrub (bsc#1025055). - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489). - btrfs: return gracefully from balance if fs tree is corrupted (bsc#1025073). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: send, fix corner case for reference overwrite detection (bsc#1025080). - btrfs: send, fix file corruption due to incorrect cloning operations (bsc#1025060). - btrfs: set UNWRITTEN for prealloc'ed extents in fiemap (bsc#1025047). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - btrfs: use received_uuid of parent during send (bsc#1025051). - btrfs: wake up extent state waiters on unlock through clear_extent_bits (bsc#1025050). - btrfs: Add handler for invalidate page (bsc#963193). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1025059). - btrfs: Continue write in case of can_not_nocow (bsc#1025070). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087). - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779). - btrfs: Handle unaligned length in extent_same (bsc#937609). - btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081). - btrfs: add missing discards when unpinning extents with -o discard (bsc#904489). - btrfs: advertise which crc32c implementation is being used on mount (bsc#946057). - btrfs: allow dedupe of same inode (bsc#1025067). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489). - btrfs: change max_inline default to 2048 (bsc#949472). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref() (bsc#1025079). - btrfs: delayed_ref: Add new function to record reserved space into delayed ref (bsc#963193). - btrfs: delayed_ref: release and free qgroup reserved at proper timing (bsc#963193). - btrfs: disable defrag of tree roots. - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489). - btrfs: extent-tree: Add new version of btrfs_check_data_free_space and btrfs_free_reserved_data_space (bsc#963193). - btrfs: extent-tree: Add new version of btrfs_delalloc_reserve/release_space (bsc#963193). - btrfs: extent-tree: Switch to new check_data_free_space and free_reserved_data_space (bsc#963193). - btrfs: extent-tree: Switch to new delalloc space reserve and release (bsc#963193). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: extent_io: Introduce needed structure for recoding set/clear bits (bsc#963193). - btrfs: extent_io: Introduce new function clear_record_extent_bits() (bsc#963193). - btrfs: extent_io: Introduce new function set_record_extent_bits (bsc#963193). - btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193). - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - btrfs: fix clone / extent-same deadlocks (bsc#937612). - btrfs: fix deadlock with extent-same and readpage (bsc#937612). - btrfs: fix resending received snapshot with parent (bsc#1025061). - btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: iterate over unused chunk space in FITRIM (bsc#904489). - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489). - btrfs: make file clone aware of fatal signals (bsc#1015787). - btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - btrfs: properly track when rescan worker is running (bsc#989953). - btrfs: provide super_operations->inode_get_dev (bsc#927455). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in clear_bit_hook (bsc#963193). - btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193). - btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans (bsc#963193). - btrfs: qgroup: Fix a rebase bug which will cause qgroup double free (bsc#963193). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087). - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193). - btrfs: qgroup: Introduce functions to release/free qgroup reserve data space (bsc#963193). - btrfs: qgroup: Introduce new functions to reserve/free metadata (bsc#963193). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Use new metadata reservation (bsc#963193). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - btrfs: skip superblocks during discard (bsc#904489). - btrfs: syslog when quota is disabled. - btrfs: syslog when quota is enabled - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use the new VFS super_block_dev (bnc#865869). - btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712). - fs/super.c: add new super block sub devices super_block_dev (bnc#865869). - fs/super.c: fix race between freeze_super() and thaw_super() (bsc#1025066). - kabi: only use sops->get_inode_dev with proper fsflag (bsc#927455). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - vfs: add super_operations->get_inode_dev (bsc#927455). - xfs: do not allow di_size with high bit set (bsc#1024234). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). Important SUSE bug 1005666 SUSE bug 1015787 SUSE bug 1018100 SUSE bug 1023762 SUSE bug 1023888 SUSE bug 1024081 SUSE bug 1024234 SUSE bug 1024508 SUSE bug 1024938 SUSE bug 1025047 SUSE bug 1025048 SUSE bug 1025049 SUSE bug 1025050 SUSE bug 1025051 SUSE bug 1025053 SUSE bug 1025055 SUSE bug 1025057 SUSE bug 1025058 SUSE bug 1025059 SUSE bug 1025060 SUSE bug 1025061 SUSE bug 1025062 SUSE bug 1025063 SUSE bug 1025064 SUSE bug 1025065 SUSE bug 1025066 SUSE bug 1025067 SUSE bug 1025069 SUSE bug 1025070 SUSE bug 1025071 SUSE bug 1025072 SUSE bug 1025073 SUSE bug 1025074 SUSE bug 1025075 SUSE bug 1025076 SUSE bug 1025077 SUSE bug 1025079 SUSE bug 1025080 SUSE bug 1025081 SUSE bug 1025235 SUSE bug 1026024 SUSE bug 865869 SUSE bug 904489 SUSE bug 927455 SUSE bug 929871 SUSE bug 935087 SUSE bug 935088 SUSE bug 936445 SUSE bug 937609 SUSE bug 937612 SUSE bug 937616 SUSE bug 938550 SUSE bug 938891 SUSE bug 938892 SUSE bug 942512 SUSE bug 942685 SUSE bug 942925 SUSE bug 944001 SUSE bug 945649 SUSE bug 946057 SUSE bug 946902 SUSE bug 949440 SUSE bug 949472 SUSE bug 951615 SUSE bug 951844 SUSE bug 957805 SUSE bug 960300 SUSE bug 963193 SUSE bug 965344 SUSE bug 966278 SUSE bug 966910 SUSE bug 968230 SUSE bug 972844 SUSE bug 972951 SUSE bug 972993 SUSE bug 973855 SUSE bug 975596 SUSE bug 977685 SUSE bug 981038 SUSE bug 981709 SUSE bug 983087 SUSE bug 984779 SUSE bug 985562 SUSE bug 985850 SUSE bug 987192 SUSE bug 989953 SUSE bug 990384 SUSE bug 992712 SUSE bug 993841 SUSE bug 994881 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 Security update for libquicktime (Moderate) openSUSE Leap 42.1 This update for libquicktime fixes the following issues: - CVE-2016-2399: A Integer overflow in the quicktime_read_pascal function in libquicktime allowed remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom [boo#1022805] Moderate SUSE bug 1022805 CVE-2016-2399 Security update for gd (Moderate) openSUSE Leap 42.1 This update for gd fixes the following security issues: - CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553) - CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) allowed remote attackers to have unspecified impact via large width and height values. (bsc#1022284) - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 SUSE bug 1022284 SUSE bug 1022553 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 Security update for syncthing, syncthing-gtk (Moderate) openSUSE Leap 42.1 This updates syncthing to version 0.14.16 and fixes the following issues: The following security issue was fixed: - A remote device that was already accepted by syncthing could perform arbitrary reads and writes outside of the configured directories (boo#1016161) This update also contains a number of upstream improvements in the 0.14.14 version, including: - improved performance - UI improvements - prevention of data inconsistencies syncthing-gtk was updated to 0.9.2.3 to fix reading the configuration with non-ASCII locales. The new version is compatible with syncthing 0.14.x and includes various improvement and fixes. Moderate SUSE bug 1016161 Security update for libXpm (Moderate) openSUSE Leap 42.1 This update for libXpm fixes the following issues: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1021315 CVE-2016-10164 Security update for gd (Moderate) openSUSE Leap 42.1 This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 CVE-2016-9933 Security update for gstreamer-plugins-base (Low) openSUSE Leap 42.1 This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) Low SUSE bug 1024041 SUSE bug 1024047 SUSE bug 1024076 SUSE bug 1024079 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Security update for gstreamer (Low) openSUSE Leap 42.1 This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) Low SUSE bug 1024051 CVE-2017-5838 Security update for ImageMagick (Moderate) openSUSE Leap 42.1 This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314) - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319) - CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320) - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10069: Add check for invalid mat file (bsc#1017325). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433) - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435) - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436) - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439) - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441) - CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017325 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020446 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Security update for util-linux (Important) openSUSE Leap 42.1 This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). This non-security issues were fixed: - lscpu: Implement WSL detection and work around crash (bsc#1019332) - fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts (bsc#1020077) - Fix regressions in safe loop re-use patch set for libmount (bsc#1012504) - Disable ro checks for mtab (bsc#1012632) - Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts (bsc#1008965) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1008965 SUSE bug 1012504 SUSE bug 1012632 SUSE bug 1019332 SUSE bug 1020077 SUSE bug 1023041 CVE-2017-2616 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 Security update for munin (Important) openSUSE Leap 42.1 This update for munin fixes the following issues: - An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection (boo#1026539, CVE-2017-6188) - The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1 Important SUSE bug 1026539 CVE-2017-6188 Security update for bind (Moderate) openSUSE Leap 42.1 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1024130 CVE-2017-3135 Security update for sane-backends (Moderate) openSUSE Leap 42.1 This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Moderate SUSE bug 1027197 CVE-2017-6318 Security update for potrace (Moderate) openSUSE Leap 42.1 This update for potrace to version 1.14 fixes the following issues: Security issues fixed: - CVE-2016-8685, CVE-2016-8686: Bugs triggered by malformed BMP files have been fixed (boo#1005026). Bugfixes: - Error reporting has been improved. - The image size is now truncated when the bitmap data ends prematurely. - It is now possible to use negative dy in bitmap data. Moderate SUSE bug 1005026 CVE-2016-8685 CVE-2016-8686 Security update for cacti (Low) openSUSE Leap 42.1 This update for cacti fixes the following vulnerabilities: - CVE-2014-4000: PHP Object Injection Vulnerabilities (boo#1022564) It also updates cacti to version 1.0.4 to include the latest upstream bugfixes and improvements. Low SUSE bug 1022564 CVE-2014-4000 Security update for perl-Image-Info (Moderate) openSUSE Leap 42.1 This update for perl-Image-Info fixes the following issues: - update to version 1.39 to fix a potential security issue. A crafted SVG file could have caused information disclosure or denial of service by using external entitity expansion (XXE). This is a potentially incompatible change; however usually SVG files do not rely on XXE. (boo#1008647, CVE-2016-9181) Moderate SUSE bug 1008647 CVE-2016-9181 Security update for bitlbee (Moderate) openSUSE Leap 42.1 This update for bitlbee fixes the following security issues: - A file transfer request from a contact not in the contact list could have resulted in a null pointer dereference, causing remote DoS by malicious remote clients (CVE-2016-10189, bnc#1022498). Moderate SUSE bug 1022498 CVE-2016-10189 Security update for lynx (Moderate) openSUSE Leap 42.1 This update for lynx fixes the following issues: - CVE-2016-9179: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. (bsc#1008642) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1008642 CVE-2016-9179 Security update for pax-utils (Moderate) openSUSE Leap 42.1 This update for pax-utils fixes the following issues: - bsc#1026959: out of bounds read in scanelf could have unspecified impact pax-utils was updated to 1.2.2, fixing missing miscellaneous fd and memory leak issues. Moderate SUSE bug 1026959 Security update for kdelibs4, kio (Moderate) openSUSE Leap 42.1 This update for kdelibs4, kio fixes the following issues: - CVE-2017-6410: Information Leak when accessing https when using a malicious PAC file (boo#1027520) Moderate SUSE bug 1027520 CVE-2017-6410 Security update for openssh (Moderate) openSUSE Leap 42.1 This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1006221 SUSE bug 1016366 SUSE bug 1016369 CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Security update for MozillaFirefox, mozilla-nss (Important) openSUSE Leap 42.1 This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 52.0 (boo#1028391) * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by draging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361) CVE-2017-5427: Non-existent chrome.manifest file loaded during startup (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876) CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420: Javascript: URLs can obfuscate addressbar location (bmo#1284395) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in Firefox 52 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 mozilla-nss was updated to NSS 3.28.3 * This is a patch release to fix binary compatibility issues. NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation with the NSS compatibility promise. ECParams, which is part of the public API of the freebl/softokn parts of NSS, had been changed to include an additional attribute. That size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey, or potentially other data structures that reference ECParams. The change has been reverted to the original state in bug bmo#1334108. SECKEYECPublicKey had been extended with a new attribute, named "encoding". If an application passed type SECKEYECPublicKey to NSS (as part of SECKEYPublicKey), the NSS library read the uninitialized attribute. With this NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the attribute, and will always set it to ECPoint_Undefined. See bug bmo#1340103. - requires NSPR >= 4.13.1 - update to NSS 3.28.2 This is a stability and compatibility release. Below is a summary of the changes. * Fixed a NSS 3.28 regression in the signature scheme flexibility that causes connectivity issues between iOS 8 clients and NSS servers with ECDSA certificates (bmo#1334114) * Fixed a possible crash on some Windows systems (bmo#1323150) * Fixed a compatibility issue with TLS clients that do not provide a list of supported key exchange groups (bmo#1330612) Important SUSE bug 1028391 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-07 were fixed. (boo#1028391) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8 The following non-security issues were fixed: - crash when viewing certain IMAP messages Moderate SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Security update for dracut (Moderate) openSUSE Leap 42.1 This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1005410 SUSE bug 1006118 SUSE bug 1007925 SUSE bug 1008340 SUSE bug 1017695 SUSE bug 986734 SUSE bug 986838 CVE-2016-8637 Security update for irssi (Moderate) openSUSE Leap 42.1 This update to irssi 1.0.2 fixes security issues and bugs. The following vulnerabilities were fixed: boo#1029020: Use after free while producing list of netjoins The following non-security changes are included: - Fix in command arg parser to detect missing arguments in tail place - Fix regression that broke incoming DCC file transfers - Fix issue with escaping \ in evaluated strings - improve UTF8 support in GRegex Moderate SUSE bug 1029020 Security update for Chromium (Important) openSUSE Leap 42.1 Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848): - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included: - Address broken rendering on non-intel cards Important SUSE bug 1028848 CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 Security update for putty (Moderate) openSUSE Leap 42.1 This update to putty 0.68 fixes the following security issue: - CVE-2017-6542: If SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data (boo#1029256) Moderate SUSE bug 1029256 CVE-2017-6542 Security update for roundcubemail (Moderate) openSUSE Leap 42.1 This update to roundcubemail 1.1.8 fixes security issues and bugs. The following vulnerability was fixed: - CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element (boo#1029035) The following bugs were fixed: * bug where mail content frame couldn't be reset in some corner cases * regression where groups with email address were resolved to its members' addresses * group/addressbook selection is retained on page refresh * signature couldn't be added above the quote in Firefox 51 * microseconds macro (u) in log_date_format works Moderate SUSE bug 1029035 CVE-2017-6820 Security update for Mozilla Firefox (Important) openSUSE Leap 42.1 Mozilla Firefox was updated to 52.0.1 to fix one security issue: - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822, MFSA 2017-08) Important SUSE bug 1029822 CVE-2017-5428 Security update for mbedtls (Important) openSUSE Leap 42.1 This update to mbedtls 1.3.19 fixes security issues and bugs. The following vulnerability was fixed: CVE-2017-2784: A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated on the stack when verifying the validity of public key with a secp224k1 curve, which could have allowed remote code execution on some platforms (boo#1029017) The following non-security changes are included: - Add checks to prevent signature forgeries for very large messages while using RSA through the PK module in 64-bit systems. - Fixed potential livelock during the parsing of a CRL in PEM format Important SUSE bug 1029017 CVE-2017-2784 Security update for mxml (Moderate) openSUSE Leap 42.1 This update for mxml fixes the following issues: - CVE-2016-4570: Specially crafted XML files could have caused stack exhaustation (bsc#979205) - CVE-2016-4571: Specially crafted XML files could have caused stack exhaustation (bsc#979206) Moderate SUSE bug 979205 SUSE bug 979206 CVE-2016-4570 CVE-2016-4571 Security update for qbittorrent (Moderate) openSUSE Leap 42.1 This update to qbittorrent 3.3.11 fixes the security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-6504: WebUI did not set the X-Frame-Options header (bsc#1028073) - CVE-2017-6503: WebUI did not escape many values, allowing for XSS (bsc#1028072) Moderate SUSE bug 1028072 SUSE bug 1028073 CVE-2017-6503 CVE-2017-6504 Security update for dbus-1 (Low) openSUSE Leap 42.1 This update for dbus-1 fixes the following issues: Security issues fixed: - Symlink attack in nonce-tcp transport. (bsc#1025950) - Symlink attack in unit tests. (bsc#1025951) Bugfixes: - Remove sysvinit script, not used under systemd. (bsc#974092) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1025950 SUSE bug 1025951 SUSE bug 974092 Security update for partclone (Low) openSUSE Leap 42.1 This update for partclone fixes the following minor security issue: - CVE-2017-6596: A malicious user could have exploited a heap-based buffer overflow vulnerability by supplying a specially crafted image to cause a denial of service (boo#1028904) The following non-security changes are included: - Support for fuse Low SUSE bug 1028904 CVE-2017-6596 Security update for xen (Important) openSUSE Leap 42.1 This updates xen to version 4.5.5 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013) - An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383) - An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777) - A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932) - A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024) - The epro100 emulated network device caused a memory leak in the host when unplugged in the guest. A privileged user in the guest could use this to cause a DoS on the host or potentially crash the guest process on the host (boo#1013668, CVE-2016-9101) - The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop that could be trigged by a privileged user in the guest, leading to DoS (boo#1013657, CVE-2016-9776) - A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637) - An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386) - An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests. Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382) - A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385) - An unprivileged guest user was able to crash the guest. (boo#1009108, CVE-2016-9377, CVE-2016-9378) - A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests. (boo#1009109, CVE-2016-9381) - A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380) - A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910) - A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669) - A privileged guest user could cause a memory leak in the USB EHCI emulation, causing a DoS situation on the host (boo#1003870, CVE-2016-7995) - A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576) - A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908) - A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909) - Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496) Important SUSE bug 1000106 SUSE bug 1002496 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1003870 SUSE bug 1004016 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007160 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009104 SUSE bug 1009107 SUSE bug 1009108 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 SUSE bug 1012651 SUSE bug 1013657 SUSE bug 1013668 SUSE bug 1014298 SUSE bug 1016340 CVE-2016-10013 CVE-2016-10024 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-7995 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9776 CVE-2016-9932 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability (bsc#1027210). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1027210 CVE-2015-8994 Security update for wget (Moderate) openSUSE Leap 42.1 This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1028301 CVE-2017-6508 Security update for GraphicsMagick (Moderate) openSUSE Leap 42.1 This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2017-6335: Fixed heap out of bounds write issue (boo#1027255). Moderate SUSE bug 1027255 CVE-2017-6335 Security update for apache2 (Moderate) openSUSE Leap 42.1 This update for apache2 provides the following fixes: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712). - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715). Bugfixes: - Add NotifyAccess=all to systemd service files to prevent warnings in the log when using mod_systemd (bsc#980663). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1016712 SUSE bug 1016714 SUSE bug 1016715 SUSE bug 980663 CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 ====================================================================== Still left to do: - Check CVE descriptions. They need to be written in the past tense. They are processed automatically, THERE CAN BE ERRORS IN THERE! - Remove version numbers from the CVE descriptions - Check the capitalization of the subsystems, then sort again - For each CVE: Check the corresponding bug if everything is okay - If you remove CVEs or bugs: Do not forget to change the meta information - Determine which of the bugs after the CVE lines is the right one ====================================================================== The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulates a "MOV SS, NULL selector" instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). The following non-security bugs were fixed: - Fix kABI breakage of musb struct in 4.1.39 (stable 4.1.39). - Revert "ptrace: Capture the ptracer's creds not PT_PTRACE_CAP" (stable 4.1.39). - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - ext4: validate s_first_meta_bg at mount time (bsc#1023377). - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39 - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bsc#1030118). Important SUSE bug 1019851 SUSE bug 1020602 SUSE bug 1022785 SUSE bug 1023377 SUSE bug 1025235 SUSE bug 1026722 SUSE bug 1026914 SUSE bug 1027066 SUSE bug 1027178 SUSE bug 1027179 SUSE bug 1027189 SUSE bug 1027190 SUSE bug 1027565 SUSE bug 1028415 SUSE bug 1029986 SUSE bug 1030118 SUSE bug 1030573 SUSE bug 968697 CVE-2016-10200 CVE-2016-10208 CVE-2016-2117 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2636 CVE-2017-5669 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-6353 CVE-2017-7184 Security update for Chromium (Important) openSUSE Leap 42.1 This update to Chromium 57.0.2987.133 fixes the following issues (boo#1031677): - CVE-2017-5055: Use after free in printing - CVE-2017-5054: Heap buffer overflow in V8 - CVE-2017-5052: Bad cast in Blink - CVE-2017-5056: Use after free in Blink - CVE-2017-5053: Out of bounds memory access in V8 The following packaging changes are included: - No longer claim to provide browser(npapi) Important SUSE bug 1031677 CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055 CVE-2017-5056 Recommended update for geotiff (Moderate) openSUSE Leap 42.1 This geotiff version update to 1.4.2 fixes the following issues: - Update to 1.4.2 (boo#1029595) * update to EPSG v8.9 database * cleanups and security fixes - Small packaging cleanup - Switched download link to OSGeo server - Fix Group tag. Moderate SUSE bug 1029595 Security update for pidgin (Moderate) openSUSE Leap 42.1 This update for pidgin fixes the following issues: Feature update: - Update to GNOME 3.20.2 (fate#318572). Security issues fixed: - CVE-2017-2640: Fix an out of bounds memory read in purple_markup_unescape_entity. (boo#1028835) - CVE-2014-3698: remote information leak via crafted XMPP message (boo#902408). - CVE-2014-3696: denial of service parsing Groupwise server message (boo#902410). - CVE-2014-3695: crash in MXit protocol plug-in (boo#902409). Bugfixes - Correctly remove *.so files for plugins (fixes devel-file-in-non-devel-package). - Remove generation of a plugin list to package, simply add it all in %files with exclusions. - Build with GStreamer 1.x on SLE 12 SP2. - Fix SASL EXTERNAL fingerprint authentication (boo#1009974). - Use ALSA as default for avoiding broken volume control of pa sink (boo#886670). Moderate SUSE bug 1009974 SUSE bug 1028835 SUSE bug 886670 SUSE bug 902408 SUSE bug 902409 SUSE bug 902410 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 CVE-2017-2640 Security update for ruby2.2, ruby2.3 (Important) openSUSE Leap 42.1 This update for ruby2.2, ruby2.3 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (boo#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (boo#959495) Detailed ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog - http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog Important SUSE bug 1018808 SUSE bug 959495 CVE-2015-7551 CVE-2016-2339 Security update for samba (Important) openSUSE Leap 42.1 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1019416 SUSE bug 1024416 SUSE bug 1027147 SUSE bug 993692 SUSE bug 993707 CVE-2017-2619 Security update for libpng12 (Moderate) openSUSE Leap 42.1 This update for libpng12 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 Security update for libpng16 (Moderate) openSUSE Leap 42.1 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017646 CVE-2016-10087 Security update for clamav-database (Moderate) openSUSE Leap 42.1 This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. Moderate Security update for apparmor (Important) openSUSE Leap 42.1 This update for apparmor fixes the following issues: These security issues were fixed: - CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service (lp#1668892, boo#1029696) - boo#1017260: Migration to apparmor.service accidently disable AppArmor. Note: This will re-enable AppArmor if it was disabled by the last update. You'll need to "rcapparmor reload" to actually load the profiles, and then check aa-status for programs that need to be restarted to apply the profiles. These non-security issues were fixed: - Fixed crash in aa-logprof on specific change_hat events - boo#1016259: Added var.mount dependeny to apparmor.service The aa-remove-unknown utility was added to unload unknown profiles (lp#1668892) Important SUSE bug 1016259 SUSE bug 1017260 SUSE bug 1029696 CVE-2017-6507 Security update for atheme (Moderate) openSUSE Leap 42.1 This update for atheme fixes the following issues: - CVE-2017-6384: Memory leak in the login_user function allowing for DoS (boo#1027614) - Use after free that could potentially be used by an attacker already having the privilege to use SASL impersonation to cause a denial of service. This update also contains a number of upstream bug fixes. Moderate SUSE bug 1027614 CVE-2017-6384 Security update for slrn (Moderate) openSUSE Leap 42.1 This update for slrn contains one security improvement: - CVE-2014-3566: Disable SSLv3 to prevent POODLE attack (boo#1031023) The version 1.0.3 also contains a number of display and message processing improvements. Moderate SUSE bug 1031023 CVE-2014-3566 Security update for lxc (Low) openSUSE Leap 42.1 This update to version 1.1.5 for lxc fixes the following issues: This security issue was fixed: CVE-2017-5985: lxc-user-nic allowed access to network namespace over which the caller did not hold privilege (boo#1028264). This non-security issue was fixed: - boo#1019662: Fixed issue with apparmor preventing the start of containers Low SUSE bug 1019662 SUSE bug 1028264 CVE-2017-5985 Security update for zlib (Moderate) openSUSE Leap 42.1 This update for zlib fixes the following issues: - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) - Incompatible declarations for external linkage function deflate (bsc#1003577) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Security update for phpMyAdmin (Moderate) openSUSE Leap 42.1 This update for phpMyAdmin fixes the following issue: - boo#1032105: The AllowNoPassword configuration option may have been bypassed when running on PHP5, allowing the login of users who have no password set even with AllowNoPassword set to false (PMASA-2017-8) Moderate SUSE bug 1032105 Security update for postgresql93 (Important) openSUSE Leap 42.1 This update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). This non-security issue was fixed: - bsc#973660: Added "Requires: timezone" to Service Pack - bsc#1029547: postgresql: fails to build with timezone 2017a For additional non-security issues please refer to - http://www.postgresql.org/docs/9.3/static/release-9-3-14.html - http://www.postgresql.org/docs/9.3/static/release-9-3-13.html - http://www.postgresql.org/docs/9.4/static/release-9-3-12.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1029547 SUSE bug 973660 SUSE bug 993453 SUSE bug 993454 CVE-2016-5423 CVE-2016-5424 Security update for tigervnc (Moderate) openSUSE Leap 42.1 This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) Moderate SUSE bug 1031875 SUSE bug 1031877 SUSE bug 1031879 SUSE bug 1031886 SUSE bug 1032880 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Security update for audiofile (Low) openSUSE Leap 42.1 This audiofile update fixes the following issue: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Security update for libpng15 (Moderate) openSUSE Leap 42.1 This update for libpng15 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 Security update for jasper (Moderate) openSUSE Leap 42.1 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015400 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-9583 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 Security update for proftpd (Moderate) openSUSE Leap 42.1 This update for proftpd to version 1.3.5d fixes the following issues: This security issue was fixed: - CVE-2017-7418: ProFTPD checked only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link (bsc#1032443). These non-security issues were fixed: - Reduce TLS protocols to TLSv1.1 and TLSv1.2 - Disable TLSCACertificateFile - Add TLSCertificateChainFile - All FTP logins are treated as anonymous logins again - SSH rekey during authentication could have caused issues with clients. - Recursive SCP uploads of multiple directories were not handled properly. - LIST returned different results for file, depending on path syntax. - "AuthAliasOnly on" in server config broke anonymous logins. - Fixed memory leak when mod_facl is used. - Fix systemd vs SysVinit inconsistency Moderate SUSE bug 1032443 CVE-2017-7418 Security update for bind (Important) openSUSE Leap 42.1 This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed: The default umask was changed to 077. (bsc#1020983) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1020983 SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Security update for gstreamer-plugins-good (Low) openSUSE Leap 42.1 This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) - A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841) - A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845) Low SUSE bug 1024014 SUSE bug 1024017 SUSE bug 1024030 SUSE bug 1024034 SUSE bug 1024062 CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 Security update for gstreamer-0_10-plugins-base (Low) openSUSE Leap 42.1 This update for gstreamer-0_10-plugins-base fixes the following issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1024076 SUSE bug 1024079 CVE-2017-5837 CVE-2017-5844 Security update for mozilla-nss (Moderate) openSUSE Leap 42.1 Mozilla-nss was updated to 3.28.4 to fix the following issues: Security issues: * CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695) Non security issues: * A rare crash when initializing an SSL socket fails has been fixed (bmo#1342358) * Rare crashes in the base 64 decoder and encoder were fixed (bmo#1344380) * A carry over bug in the RNG was fixed (bmo#1345089) * Fixed hash computation (boo#1030071, bmo#1348767) This update also contains a rebuild of java-1_8_0-openjdk as the java security provider is very closely tied to the mozilla nss API. Moderate SUSE bug 1015499 SUSE bug 1030071 CVE-2016-9574 Security update for chromium (Important) openSUSE Leap 42.1 This update to Chromium 58.0.3029.81 fixes the following security issues (bsc#1035103): - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in Omnibox - CVE-2017-5062: Use after free in Chrome Apps - CVE-2017-5063: Heap overflow in Skia - CVE-2017-5064: Use after free in Blink - CVE-2017-5065: Incorrect UI in Blink - CVE-2017-5066: Incorrect signature handing in Networking - CVE-2017-5067: URL spoofing in Omnibox - CVE-2017-5069: Cross-origin bypass in Blink Important SUSE bug 1035103 CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069 Security update for Mozilla Firefox (Important) openSUSE Leap 42.1 Mozilla Firefox was updated to Firefox 52.1.0esr. The following vulnerabilities were fixed (bsc#1035082): - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content The package is now following the ESR 52 branch: - Enable plugin support by default - service workers are disabled by default - push notifications are disabled by default - WebAssembly (wasm) is disabled - Less use of multiprocess architecture Electrolysis (e10s) Important SUSE bug 1035082 CVE-2017-5429 CVE-2017-5443 CVE-2017-5444 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5460 CVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 Security update for ntp (Moderate) openSUSE Leap 42.1 This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1014172 SUSE bug 1030050 CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Security update for curl (Moderate) openSUSE Leap 42.1 This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015332 SUSE bug 1027712 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 Security update for libsndfile (Moderate) openSUSE Leap 42.1 This update for libsndfile fixes the following security issues: - CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the "header_read()" function) (bsc#1033053) - CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the "flac_buffer_copy()" function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033053 SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 Security update for tiff (Important) openSUSE Leap 42.1 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9 (bsc#1031247). - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13 (bsc#1031249). - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22 (bsc#1031250). - CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2 (bsc#1031254). - CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23 (bsc#1031255). - CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8 (bsc#1031262). - CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (bsc#1031263). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1031247 SUSE bug 1031249 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1031255 SUSE bug 1031262 SUSE bug 1031263 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 Security update for backintime (Moderate) openSUSE Leap 42.1 This update for backintime to version 1.1.20 fixes several issues. These security issues were fixed: - CVE-2017-7572: The _checkPolkitPrivilege function in serviceHelper.py in backintime used a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use) (bsc#1032717). - Don't store passwords given to polkit helper - boo#1007723: General security hardening measures These non-security issues were fixed: - Delete udev configuration files on uninstall - Merge doc subpackage into main package Moderate SUSE bug 1007723 SUSE bug 1032717 CVE-2017-7572 Security update for libosip2 (Important) openSUSE Leap 42.1 This update for libosip2 fixes the following issues: Changes in libosip2: - CVE-2017-7853: In libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. (boo#1034570) - CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. (boo#1034571) - CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. (boo#1034572) - CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. (boo#1034574) Important SUSE bug 1034570 SUSE bug 1034571 SUSE bug 1034572 SUSE bug 1034574 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Security update for ruby2.1 (Important) openSUSE Leap 42.1 This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1014863 SUSE bug 1018808 SUSE bug 887877 SUSE bug 909695 SUSE bug 926974 SUSE bug 936032 SUSE bug 959495 SUSE bug 986630 CVE-2014-4975 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 Security update for tiff (Moderate) openSUSE Leap 42.1 The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890] - CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161] - CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840] - CVE-2016-9273: heap overflow [bnc#1010163] - CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449] - CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280] - CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107] - CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351] - CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103] - CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813] - CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007280 SUSE bug 1010161 SUSE bug 1010163 SUSE bug 1011103 SUSE bug 1011107 SUSE bug 914890 SUSE bug 974449 SUSE bug 974840 SUSE bug 984813 SUSE bug 984815 SUSE bug 987351 CVE-2014-8127 CVE-2016-3622 CVE-2016-3658 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 Security update for feh (Moderate) openSUSE Leap 42.1 This update for feh on Leap 42.1 fixes this security issue: - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). This update for feh on Leap 42.2 to version 2.18.3 fixes several issues. This security issue was fixed on Leap 42.2: - CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567). These non-security issue was fixed on Leap 42.2: - boo#955576: added jpegexiforient - Fixed image-specific format specifiers not being updated correctly in thumbnail mode window titles - Fixed memory leak when closing images opened from thumbnail mode - Fixed a possible out of bounds read caused by an unterminated string when using --output to save images in long paths - Fixed out of bounds read/write when handling empty or broken caption files. - Fixed memory leak when saving a filelist or image whose target filename already exists. - Fixed image-specific format specifiers not being updated correctly - New key binding: ! - zoom_fill (zoom to fill window, may cut off image parts - Disable EXIF-based auto rotation by default - Added --auto-rotate option to enable auto rotation - Added feh-makefile_app.patch -- fix install location of icons - Install feh icon (both 48x48 and scalable SVG) to /usr/share/icons when running "make install app=1" - Fixed --sort not being respected after the first reload when used in conjunction with --reload - All key actions can now also be bound to a button by specifying them in .config/feh/buttons. However, note that button actions can not be bound to keys. - Rename "menu" key action to "toggle_menu", "prev" to "prev_img" and "next" to "next_img". The old names are still supported, but no longer documented. - feh now also sets the X11 _NET_WM_PID and WM_CLIENT_MACHINE window properties - Fixed compilation on systems where HOST_NAME_MAX is not defined - Also support in-place editing for images loaded via libcurl or imagemagick. Results will not be written back to disk in this case. - Fixed crash when trying to rotate a JPEG image without having jpegtran / jpegexiforient installed - Handle failing fork() calls gracefully - Fixed invalid key/button definitions mis-assigning keys/buttons to other actions - Added sort mode --sort dirname to sort images by directory instead of by name. - Added navigation keys next_dir (]) and prev_dir ([) to jump to the first image of the nex/previous directory - Fixed toggle_filenames key displaying wrong file numbers in multiwindow mode - Rescale image when resizing a window and --scale-down or --geometry is active. - Fixed --keep-zoom-vp not keeping the viewport x/y offsets - Fixed w (size_to_image) key not updating window size when --scale-down or --geometry is active - Added --insecure option to disable HTTPS certificate checks - Added --no-recursive option to disable recursive directory expansion. - Improve --scale-down in tiling environments. - --action and --action[1..9] now support action titles - -f / --filelist: Do not print useless error message when a correct filelist file is specified - -f / --filelist: Fix bug in "-" / "/dev/stdin" handling affecting feh running in ksh and possibly other environments - Add --xinerama-index option for background setting - When removing the last image in slidsehow mode, stay on the last (previously second-to-last) image - Allow --sort and --randomize to override each other (most recently specified option wins) instead of always preferring --sort - Thumbnail mode: Mark image as processed when executing an action (--action) by clicking on an image - It is now possible to override feh's idea of the active xinerama screen using the --xinerama-index option - Removed (undocumented) feature allowing to override feh's idea of the active xinerama screen by setting the XINERAMA_SCREEN environment variable - Removed obsolete gpg macro Moderate SUSE bug 1034567 SUSE bug 955576 CVE-2017-7875 Security update for virtualbox (Important) openSUSE Leap 42.1 This update to virtualbox 5.0.40 fixes the following issues: These security issues were fixed (bsc#1034854): - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. These non-security issues were fixed: - Storage: fixed a potential hang under rare circumstances - Storage: fixed a potential crash under rare circumstances (asynchronous I/O disabled or during maintenance file operations like merging snapshots) - Storage: fixed a potential crash under rare circumstances (no asynchronous I/O or during maintenance file operations like merging snapshots) - Linux hosts: make the ALSA backend work again as well as Loading the GL libraries on certain hosts - GUI: don't crash on restoring defaults in the appliance import dialog Important SUSE bug 1034854 CVE-2017-3513 CVE-2017-3538 CVE-2017-3558 CVE-2017-3559 CVE-2017-3561 CVE-2017-3563 CVE-2017-3575 CVE-2017-3576 CVE-2017-3587 Security update for GraphicsMagick (Low) openSUSE Leap 42.1 This update for GraphicsMagick fixes one issue. This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c in ImageMagick allowed remote attackers to consume an amount of available memory via a crafted file (boo#1034876). Low SUSE bug 1034876 CVE-2017-7941 Security update for Chromium (Important) openSUSE Leap 42.1 This update to Chromium 58.0.3029.96 fixes one security issue: - CVE-2017-5068: race condition in WebRTC (bsc#1037594) Important SUSE bug 1037594 CVE-2017-5068 Security update for MozillaThunderbird (Moderate) openSUSE Leap 42.1 This update to MozillaThunderbird 51.1.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: boo#1035082, MFSA 2017-13, boo#1028391, MFSA 2017-09) - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5437: Vulnerabilities in Libevent library - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5454; Sandbox escape allowing file system read access through file picker - CVE-2017-5451: Addressbar spoofing with onblur event - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5406: Segmentation fault in Skia with canvas operations - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5412: Buffer overflow read in SVG filters - CVE-2017-5413: Segmentation fault during bidirectional operations - CVE-2017-5414: File picker can choose incorrect default directory - CVE-2017-5416: Null dereference crash in HttpChannel - CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running - CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses - CVE-2017-5419: Repeated authentication prompts lead to DOS attack - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5421: Print preview spoofing - CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink - CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52 - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8 The following non-security changes are included: - Background images not working and other issues related to embedded images when composing email have been fixed - Google Oauth setup can sometimes not progress to the next step - Clicking on a link in an email may not open this link in the external browser - addon blocklist updates - enable ALSA for systems without PulseAudio - Optionally remove corresponding data files when removing an account - Possibility to copy message filter - Calendar: Event can now be created and edited in a tab - Calendar: Processing of received invitation counter proposals - Chat: Support Twitter Direct Messages - Chat: Liking and favoriting in Twitter - Chat: Removed Yahoo! Messenger support Moderate SUSE bug 1028391 SUSE bug 1035082 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5416 CVE-2017-5418 CVE-2017-5419 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 Security update for quagga (Low) openSUSE Leap 42.1 This update for quagga fixes the following issues: This security issue was fixed: - CVE-2017-5495: Quagga was vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication (bsc#1021669). These non-security issues were fixed: - Disabled passwords in default zebra.conf config file, causing to disable vty telnet interface by default. The vty interface is available via "vtysh" utility using pam authentication to permit management access for root without password (boo#1021669). - Changed owner of /etc/quagga to quagga:quagga to permit to manage quagga via vty interface. - Added quagga.log and create and su statemets to logrotate config, changed default zebra log file name from quagga.log to zebra.log. Low SUSE bug 1021669 CVE-2017-5495 Security update for dpkg (Moderate) openSUSE Leap 42.1 This update for dpkg fixes the following issues: This security issue was fixed: - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggered a stack-based buffer overflow (bsc#957160). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 957160 CVE-2015-0860 Security update for zziplib (Moderate) openSUSE Leap 42.1 This update for zziplib fixes the following issues: Secuirty issues fixed: - CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517) - CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528) - CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531) - CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534) - CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533) - CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535) - CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536) - CVE-2017-5981: assertion failure in seeko.c (bsc#1024539) - NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532) - NULL pointer dereference in main (unzzipcat.c) (bsc#1024537) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1024517 SUSE bug 1024528 SUSE bug 1024531 SUSE bug 1024532 SUSE bug 1024533 SUSE bug 1024534 SUSE bug 1024535 SUSE bug 1024536 SUSE bug 1024537 SUSE bug 1024539 CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 Security update for mysql-community-server (Important) openSUSE Leap 42.1 This update for mysql-community-server to version 5.6.36 fixes the following issues: These security issues were fixed: - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (boo#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (boo#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850) - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428). - CVE-2017-3450: Unspecified vulnerability Server: Memcached - CVE-2017-3452: Unspecified vulnerability Server: Optimizer - CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (boo#1034850) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) These non-security issues were fixed: - Set the default umask to 077 in mysql-systemd-helper (boo#1020976) - Change permissions of the configuration dir/files to 755/644. Please note that storing the password in the /etc/my.cnf file is not safe. Use for example an option file that is accessible only by yourself (boo#889126) For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html Important SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1029014 SUSE bug 1029396 SUSE bug 1034850 SUSE bug 889126 CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3450 CVE-2017-3452 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 CVE-2017-3600 Security update for tcpdump, libpcap (Moderate) openSUSE Leap 42.1 This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1 fixes the several issues. These security issues were fixed in tcpdump: - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in print-ah.c:ah_print() (bsc#1020940). - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in print-arp.c:arp_print() (bsc#1020940). - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in print-atm.c:oam_print() (bsc#1020940). - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer overflow in print-sl.c:sl_if_print() (bsc#1020940). - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in print-ether.c:ethertype_print() (bsc#1020940). - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow in print-802_11.c:ieee802_11_radio_print() (bsc#1020940). - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in print-ipcomp.c:ipcomp_print() (bsc#1020940). - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer overflow in print-juniper.c:juniper_parse_header() (bsc#1020940). - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in print-llc.c:llc_print() (bsc#1020940). - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in print-mpls.c:mpls_print() (bsc#1020940). - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in print-pim.c:pimv2_check_checksum() (bsc#1020940). - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in print-ppp.c:ppp_hdlc_if_print() (bsc#1020940). - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in print-udp.c:rtcp_print() (bsc#1020940). - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in print-udp.c:rtp_print() (bsc#1020940). - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in print-udp.c:udp_print() (bsc#1020940). - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in print-udp.c:vat_print() (bsc#1020940). - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in print-zeromq.c:zmtp1_print_frame() (bsc#1020940). - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in print-gre.c, multiple functions (bsc#1020940). - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in print-stp.c, multiple functions (bsc#1020940). - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in print-atalk.c, multiple functions (bsc#1020940). - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in print-ip.c, multiple functions (bsc#1020940). - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in print-tcp.c:tcp_print() (bsc#1020940). - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in print-tftp.c:tftp_print() (bsc#1020940). - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in print-calm-fast.c:calm_fast_print() (bsc#1020940). - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow in print-geonet.c, multiple functions (bsc#1020940). - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer overflow in print-cip.c:cip_if_print() (bsc#1020940). - CVE-2016-7993: A bug in util-print.c:relts_print() in tcpdump could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM) (bsc#1020940). - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in print-fr.c:frf15_print() (bsc#1020940). - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482 (bsc#1020940). - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in print-ip6.c:ip6_print() (bsc#1020940). - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in print-isakmp.c:ikev2_e_print() (bsc#1020940). - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in print-otv.c:otv_print() (bsc#1020940). - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print() (bsc#1020940). - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575 (bsc#1020940). - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in print-snmp.c:asn1_parse() (bsc#1020940). - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in print-atm.c:sig_print() (bsc#1020940). - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in addrtoname.c:lookup_nsap() (bsc#1020940). - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2015-3138: Fixed potential denial of service in print-wb.c (bsc#927637). - CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value (bsc#922220). - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU) (bsc#922221). - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value (bsc#922222). - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors (bsc#922223). - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bsc#905870). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump when run in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bsc#905871). - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bsc#905872). These non-security issues were fixed in tcpdump: - PPKI to Router Protocol: Fix Segmentation Faults and other problems - RPKI to Router Protocol: print strings with fn_printn() - Added a short option '#', same as long option '--number' - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes - M3UA decode added. - Added bittok2str(). - A number of unaligned access faults fixed - The -A flag does not consider CR to be printable anymore - fx.lebail took over coverity baby sitting - Default snapshot size increased to 256K for accomodate USB captures These non-security issues were fixed in libpcap: - Provide a -devel-static subpackage that contains the static libraries and all the extra dependencies which are not needed for dynamic linking. - Fix handling of packet count in the TPACKET_V3 inner loop - Filter out duplicate looped back CAN frames. - Fix the handling of loopback filters for IPv6 packets. - Add a link-layer header type for RDS (IEC 62106) groups. - Handle all CAN captures with pcap-linux.c, in cooked mode. - Removes the need for the "host-endian" link-layer header type. - Have separate DLTs for big-endian and host-endian SocketCAN headers. - Properly check for sock_recv() errors. - Re-impose some of Winsock's limitations on sock_recv(). - Replace sprintf() with pcap_snprintf(). - Fix signature of pcap_stats_ex_remote(). - Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag. - Clean up {DAG, Septel, Myricom SNF}-only builds. - pcap_create_interface() needs the interface name on Linux. - Clean up hardware time stamp support: the "any" device does not support any time stamp types. - Recognize 802.1ad nested VLAN tag in vlan filter. - Support for filtering Geneve encapsulated packets. - Fix handling of zones for BPF on Solaris - Added bpf_filter1() with extensions - EBUSY can now be returned by SNFv3 code. - Don't crash on filters testing a non-existent link-layer type field. - Fix sending in non-blocking mode on Linux with memory-mapped capture. - Fix timestamps when reading pcap-ng files on big-endian machines. - Fixes for byte order issues with NFLOG captures - Handle using cooked mode for DLT_NETLINK in activate_new(). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1020940 SUSE bug 1035686 SUSE bug 905870 SUSE bug 905871 SUSE bug 905872 SUSE bug 922220 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 SUSE bug 927637 CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Security update for ghostscript (Important) openSUSE Leap 42.1 This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032114 SUSE bug 1032120 SUSE bug 1036453 CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Security update for libressl (Moderate) openSUSE Leap 42.1 This update for libressl to version 2.5.1 fixes the following issues: These security issues were fixed: - CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050). - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334). These non-security issues were fixed: - Detect zero-length encrypted session data early - Curve25519 Key Exchange support. - Support for alternate chains for certificate verification. - Added EVP interface for MD5+SHA1 hashes - Fixed DTLS client failures when the server sends a certificate request. - Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. - Allowed protocols and ciphers to be set on a TLS config object in libtls. Moderate SUSE bug 1019334 SUSE bug 968050 CVE-2016-0702 CVE-2016-7056 Security update for the Linux Kernel (Important) openSUSE Leap 42.1 The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340). - CVE-2016-10318: A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel allowed a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service (bnc#1032435). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). The following non-security bugs were fixed: - ata: ahci_xgene: free structure returned by acpi_get_object_info() (bsc#1033518). - doc/README.SUSE: update links to KMP manual - ext4: do not perform data journaling when data is encrypted (bsc#1012876). - ext4: fix use-after-iput when fscrypt contexts are inconsistent (bsc#1012829). - ext4: mark inode dirty after converting inline directory (bsc#1012876). - ext4: reject inodes with negative size (bsc#1012876). - fs, seqfile: always allow oom killer (bsc#1012876). - ipv6: make ECMP route replacement less greedy (bsc#930399). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - mm: filemap: do not plant shadow entries without radix tree node (bsc#1012876). - netfilter: allow logging from non-init namespaces (bsc#970083). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670 CVE#2017-7645). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670 CVE#2017-7645). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670 CVE#2017-7645). Important SUSE bug 1012829 SUSE bug 1012876 SUSE bug 1028415 SUSE bug 1030213 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031440 SUSE bug 1031579 SUSE bug 1032435 SUSE bug 1033336 SUSE bug 1033340 SUSE bug 1033518 SUSE bug 1034670 SUSE bug 930399 SUSE bug 970083 CVE-2016-10318 CVE-2017-2671 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 CVE-2017-7618 Security update for swftools (Moderate) openSUSE Leap 42.1 This update for swftools fixes the following issues: - CVE-2017-8400: out-of-bound write of heap data issue (bsc#1037050) - CVE-2017-8401: out-of-bound read of heap data issue (bsc#1037051) Moderate SUSE bug 1037050 SUSE bug 1037051 CVE-2017-8400 CVE-2017-8401 Security update for graphite2 (Important) openSUSE Leap 42.1 This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1035204 CVE-2017-5436 Security update for rzip (Low) openSUSE Leap 42.1 This update for rzip fixes the following issues: - CVE-2017-8364: heap-based buffer overflow in read_buf function via crafted archive file could lead to crash (boo#1036941) Low SUSE bug 1036941 CVE-2017-8364 Security update for kauth, kdelibs4 (Important) openSUSE Leap 42.1 This update for kauth and kdelibs4 fixes the following issues: - CVE-2017-8422: logic flaw in the KAuth framework allowed privilege escalation (boo#1036244). Important SUSE bug 1036244 CVE-2017-8422 Security update for libcares2 (Low) openSUSE Leap 42.1 This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1007728 CVE-2016-5180 Security update for roundcubemail (Moderate) openSUSE Leap 42.1 This update for roundcubemail fixes one security issues and two bugs. The following vulnerability was fixed: - CVE-2017-8114: Authenticated users may have reset arbitrary passwords (boo#1036955) The following upstream bugs were fixed: - Fix regression in LDAP fuzzy search where it always used prefix search instead - Fix bug where base_dn setting was ignored inside group_filters Moderate SUSE bug 1036955 CVE-2017-8114 Security update for tomcat (Important) openSUSE Leap 42.1 This update for tomcat fixes the following issues: - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) This update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects. Important SUSE bug 1015119 SUSE bug 1033447 SUSE bug 1033448 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 Security update for qemu (Important) openSUSE Leap 42.1 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589) - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491) - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix post script for qemu-guest-agent rpm to actually activate the guest agent at rpm install time - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) - Fixed uint64 property parsing and add regression tests (bsc#937125) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1013285 SUSE bug 1014109 SUSE bug 1014111 SUSE bug 1014702 SUSE bug 1015048 SUSE bug 1015169 SUSE bug 1016779 SUSE bug 1020491 SUSE bug 1020589 SUSE bug 1020928 SUSE bug 1021129 SUSE bug 1022541 SUSE bug 1023004 SUSE bug 1023053 SUSE bug 1023907 SUSE bug 1024972 SUSE bug 937125 CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5667 CVE-2017-5856 CVE-2017-5898 Security update for samba (Important) openSUSE Leap 42.1 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] This update was imported from SUSE:SLE-12-SP1:Update project. NOTE: This update is released in openSUSE Leap 42.1 after its official End Of Life only because of its severity and potential impact for users that have not migrated yet. Please upgrade your openSUSE Leap 42.1 as soon as possible. Important SUSE bug 1038231 CVE-2017-7494 Security update for php5 (Moderate) openSUSE Leap 42.1 This update for php5 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015187 SUSE bug 1015188 SUSE bug 1015189 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 Security update for irssi (Moderate) openSUSE Leap 42.1 irssi was updated to fix four vulnerabilities that could result in denial of service (remote crash) when connecting to malicious servers or receiving specially crafted data. (boo#1018357) - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: out of bounds read in certain incomplete control codes - CVE-2017-5195: out of bounds read in certain incomplete character sequences - CVE-2017-5196: Correct an error when receiving invalid nick message Moderate SUSE bug 1018357 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 Security update for jasper (Important) openSUSE Leap 42.1 This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530) - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977) - CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979) - CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015993 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9591 Security update for encfs (Moderate) openSUSE Leap 42.1 This update for encfs fixes the following issues: - A new option --require-macs was added to address CVE-2014-3462 (boo#878257) This will now trigger a warning if MAC headers were disabled via configuration. In addition, encfs was updated to 1.8.1 including all upstream improvements and fixes. Moderate SUSE bug 878257 CVE-2014-3462 Security update for python-pycrypto (Important) openSUSE Leap 42.1 This update for python-pycrypto fixes the following issues: - A heap buffer overflow in the AES module was fixed that could have lead to remote code execution, if the mode of operation can be specified from the outside (CVE-2013-7459, boo#1017420). Important SUSE bug 1017420 CVE-2013-7459 Security update for wget (Moderate) openSUSE Leap 42.1 This update for wget fixes the following issues: Security issues fixed: - CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Non security issues fixed: - bsc#1005091: Don't call xfree() on string returned by usr_error() - bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1005091 SUSE bug 1012677 SUSE bug 995964 CVE-2016-7098 Security update for ark (Low) openSUSE Leap 42.1 This update for ark fixes the following issues: - CVE-2017-5330: ark could run executable scripts when clicking on them (boo#1018648) Low SUSE bug 1018648 CVE-2017-5330 Security update for gstreamer-plugins-good (Important) openSUSE Leap 42.1 This update for gstreamer-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Important SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Security update for gstreamer-plugins-bad (Moderate) openSUSE Leap 42.1 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659). - CVE-2016-9812: Out of bounds read in gst_mpegts_section_new (bsc#1013678). - CVE-2016-9813: mpegts parser: null pointer deref in _parse_pat (bsc#1013680). Moderate SUSE bug 1013659 SUSE bug 1013678 SUSE bug 1013680 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 Security update for gstreamer-plugins-base (Moderate) openSUSE Leap 42.1 This update for gstreamer-plugins-base fixes the following issues: - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669). Moderate SUSE bug 1013669 CVE-2016-9811 kinit kinit-devel kinit-lang sles-release chromedriver chromium chromium-desktop-gnome chromium-desktop-kde chromium-ffmpegsumo irssi irssi-devel haproxy suse-sle12-cloud-compute-release openstack-cinder openstack-cinder-volume python-cinder openstack-neutron openstack-neutron-dhcp-agent openstack-neutron-ha-tool openstack-neutron-l3-agent openstack-neutron-lbaas-agent openstack-neutron-linuxbridge-agent openstack-neutron-metadata-agent openstack-neutron-metering-agent openstack-neutron-openvswitch-agent openstack-neutron-vpn-agent python-neutron python-Beaker python-keystoneclient python-keystoneclient-doc python-pycrypto python-pymongo python-requests ruby2.1-rubygem-chef rubygem-chef ImageMagick libMagick++-6_Q16-3 libMagickCore-6_Q16-1 libMagickCore-6_Q16-1-32bit libMagickWand-6_Q16-1 sled-release MozillaFirefox MozillaFirefox-translations aaa_base aaa_base-extras accountsservice accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 alsa libasound2 libasound2-32bit argyllcms avahi avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 libdns_sd libdns_sd-32bit bash bash-doc bash-lang libreadline6 libreadline6-32bit readline-doc bind-libs bind-libs-32bit bind-utils bogofilter bzip2 libbz2-1 libbz2-1-32bit cifs-utils clamav colord colord-gtk-lang colord-lang libcolord-gtk1 libcolord2 libcolord2-32bit libcolorhug2 coolkey coreutils coreutils-lang cpio cpio-lang tar tar-lang cpp48 gcc48 gcc48-32bit gcc48-c++ gcc48-gij gcc48-gij-32bit gcc48-info libasan0 libasan0-32bit libatomic1 libatomic1-32bit libffi4 libffi4-32bit libgcc_s1 libgcc_s1-32bit libgcj48 libgcj48-32bit libgcj48-jar libgcj_bc1 libgfortran3 libgomp1 libgomp1-32bit libitm1 libitm1-32bit libquadmath0 libstdc++48-devel libstdc++48-devel-32bit libstdc++6 libstdc++6-32bit libtsan0 cron cronie cups cups-client cups-libs cups-libs-32bit cups-filters cups-filters-cups-browsed cups-filters-foomatic-rip cups-filters-ghostscript cups-pk-helper cups-pk-helper-lang curl libcurl4 libcurl4-32bit cvs cyrus-sasl cyrus-sasl-32bit cyrus-sasl-crammd5 cyrus-sasl-crammd5-32bit cyrus-sasl-digestmd5 cyrus-sasl-digestmd5-32bit cyrus-sasl-gssapi cyrus-sasl-gssapi-32bit cyrus-sasl-plain cyrus-sasl-plain-32bit cyrus-sasl-saslauthd libsasl2-3 libsasl2-3-32bit dbus-1 dbus-1-x11 libdbus-1-3 libdbus-1-3-32bit dbus-1-glib dbus-1-glib-32bit dhcp dhcp-client dia dia-lang dracut ecryptfs-utils ecryptfs-utils-32bit elfutils libasm1 libdw1 libdw1-32bit libebl1 libebl1-32bit libelf1 libelf1-32bit emacs emacs-info emacs-x11 etags empathy empathy-lang telepathy-mission-control-plugin-goa evince evince-lang libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 expat libexpat1 libexpat1-32bit facter fetchmail file file-magic libmagic1 libmagic1-32bit finch libpurple libpurple-lang libpurple-meanwhile libpurple-tcl pidgin flash-player flash-player-gnome freerdp libfreerdp-1_0 libfreerdp-1_0-plugins ft2demos fuse libfuse2 g3utils mgetty gd gd-32bit gdk-pixbuf-lang gdk-pixbuf-query-loaders gdk-pixbuf-query-loaders-32bit libgdk_pixbuf-2_0-0 libgdk_pixbuf-2_0-0-32bit typelib-1_0-GdkPixbuf-2_0 gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-2-2-32bit rsvg-view gdm gdm-branding-upstream gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 gimp gimp-lang gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libgio-fam libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit glibc glibc-32bit glibc-devel glibc-devel-32bit glibc-i18ndata glibc-locale glibc-locale-32bit nscd gnome-keyring gnome-keyring-32bit gnome-keyring-lang gnome-keyring-pam gnome-keyring-pam-32bit libgck-modules-gnome-keyring gnome-online-accounts gnome-online-accounts-lang libgoa-1_0-0 libgoa-backend-1_0-1 typelib-1_0-Goa-1_0 gnome-shell gnome-shell-browser-plugin gnome-shell-calendar gnome-shell-lang gnutls libgnutls28 libgnutls28-32bit gpg2 gpg2-lang gpgme libgpgme11 groff gvim vim vim-data gzip hardlink hplip hplip-hpijs hplip-sane ibus-chewing ibus-pinyin iputils java-1_7_0-openjdk java-1_7_0-openjdk-headless java-1_7_0-openjdk-plugin kbd kernel-default kernel-default-devel kernel-default-extra kernel-devel kernel-macros kernel-source kernel-syms kernel-xen kernel-xen-devel krb5 krb5-32bit krb5-client krb5-appl-clients lcms liblcms1 liblcms1-32bit libHX28 libHX28-32bit libIlmImf-Imf_2_1-21 libIlmImf-Imf_2_1-21-32bit openexr libX11-6 libX11-6-32bit libX11-data libX11-xcb1 libX11-xcb1-32bit libXRes1 libXRes1-32bit libXcursor1 libXcursor1-32bit libXext6 libXext6-32bit libXfixes3 libXfixes3-32bit libXfont1 libXi6 libXi6-32bit libXinerama1 libXinerama1-32bit libXp6 libXp6-32bit libXrandr2 libXrandr2-32bit libXrender1 libXrender1-32bit libXt6 libXt6-32bit libXtst6 libXtst6-32bit libXv1 libXv1-32bit libXvMC1 libXxf86dga1 libXxf86vm1 libXxf86vm1-32bit libaugeas0 libblkid1 libblkid1-32bit libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit python-libmount util-linux util-linux-lang util-linux-systemd uuidd libcgroup1 libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libgensec0 libgensec0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libpdb0 libpdb0-32bit libregistry0 libsamba-credentials0 libsamba-credentials0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-raw0 libsmbclient-raw0-32bit libsmbclient0 libsmbclient0-32bit libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba samba-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit libdmx1 libecpg6 libpq5 libpq5-32bit postgresql93 libevent-2_0-5 libexif12 libexif12-32bit libfbembed2_5 libfreebl3 libfreebl3-32bit libsoftokn3 libsoftokn3-32bit mozilla-nss mozilla-nss-32bit mozilla-nss-certs mozilla-nss-certs-32bit mozilla-nss-tools libfreetype6 libfreetype6-32bit libgadu3 libgc1 libgcrypt20 libgcrypt20-32bit libgnomesu libgnomesu-lang libgnomesu0 libgssglue1 libgssglue1-32bit libgudev-1_0-0 libgudev-1_0-0-32bit libudev1 libudev1-32bit systemd systemd-32bit systemd-bash-completion systemd-sysvinit udev libid3tag0 libipa_hbac0 libsss_idmap0 python-sssd-config sssd sssd-32bit sssd-ad sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libjavascriptcoregtk-1_0-0 libjavascriptcoregtk-1_0-0-32bit libjavascriptcoregtk-3_0-0 libwebkit2gtk-3_0-25 libwebkitgtk-1_0-0 libwebkitgtk-1_0-0-32bit libwebkitgtk-3_0-0 libwebkitgtk2-lang libwebkitgtk3-lang typelib-1_0-JavaScriptCore-3_0 typelib-1_0-WebKit-3_0 libjbig2 libjbig2-32bit libjson-c2 libjson-c2-32bit libltdl7 libltdl7-32bit liblua5_2 lua liblzo2-2 liblzo2-2-32bit libmikmod3 libmikmod3-32bit libmms0 libmodplug1 libmspack0 libmusicbrainz4 libmysqlclient18 libmysqlclient18-32bit libmysqlclient_r18 libmysqlclient_r18-32bit mariadb mariadb-client mariadb-errormessages libneon27 libopenssl0_9_8 libopenssl0_9_8-32bit libopenssl1_0_0 libopenssl1_0_0-32bit openssl libpango-1_0-0 libpango-1_0-0-32bit pango-modules pango-modules-32bit typelib-1_0-Pango-1_0 libpcsclite1 libpcsclite1-32bit pcsc-lite libpng12-0 libpng12-0-32bit libpng16-16 libpng16-16-32bit libpolkit0 libpolkit0-32bit polkit typelib-1_0-Polkit-1_0 libpoppler-glib8 libpoppler-qt4-4 libpoppler44 poppler-tools libproxy1 libproxy1-32bit libproxy1-config-gnome3 libproxy1-config-gnome3-32bit libproxy1-networkmanager libproxy1-networkmanager-32bit libpulse-mainloop-glib0 libpulse-mainloop-glib0-32bit libpulse0 libpulse0-32bit pulseaudio pulseaudio-esound-compat pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils libpython2_7-1_0 libpython2_7-1_0-32bit python-base python-devel python-xml libpython3_4m1_0 python3-base libqt4 libqt4-32bit libqt4-qt3support libqt4-qt3support-32bit libqt4-sql libqt4-sql-32bit libqt4-sql-mysql libqt4-sql-mysql-32bit libqt4-sql-postgresql libqt4-sql-postgresql-32bit libqt4-sql-sqlite libqt4-sql-sqlite-32bit libqt4-sql-unixODBC libqt4-sql-unixODBC-32bit libqt4-x11 libqt4-x11-32bit libraptor2-0 raptor libraw9 libreoffice libreoffice-base libreoffice-base-drivers-mysql libreoffice-base-drivers-postgresql libreoffice-calc libreoffice-calc-extensions libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-icon-theme-tango libreoffice-impress libreoffice-l10n-af libreoffice-l10n-ar libreoffice-l10n-ca libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-gu libreoffice-l10n-hi libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-ko libreoffice-l10n-nb libreoffice-l10n-nl libreoffice-l10n-nn libreoffice-l10n-pl libreoffice-l10n-pt-BR libreoffice-l10n-pt-PT libreoffice-l10n-ru libreoffice-l10n-sk libreoffice-l10n-sv libreoffice-l10n-xh libreoffice-l10n-zh-Hans libreoffice-l10n-zh-Hant libreoffice-l10n-zu libreoffice-mailmerge libreoffice-math libreoffice-officebean libreoffice-pyuno libreoffice-writer libreoffice-writer-extensions librpcsecgss3 libsilc-1_1-2 libsilcclient-1_1-3 silc-toolkit libsmi libsmi2 libsndfile1 libsndfile1-32bit libsnmp30 libsnmp30-32bit net-snmp perl-SNMP snmp-mibs libsoup-2_4-1 libsoup-2_4-1-32bit libsoup-lang typelib-1_0-Soup-2_4 libspice-client-glib-2_0-8 libspice-client-gtk-2_0-4 libspice-client-gtk-3_0-4 libspice-controller0 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 libssh4 libtag1 libtag1-32bit libtag_c0 libtag_c0-32bit taglib libtasn1 libtasn1-6 libtasn1-6-32bit libtiff5 libtiff5-32bit libudisks2-0 udisks2 udisks2-lang libvirt libvirt-client libvirt-client-32bit libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-doc libvorbis0 libvorbis0-32bit libvorbisenc2 libvorbisenc2-32bit libvorbisfile3 libvorbisfile3-32bit libvte9 libxcb-dri2-0 libxcb-dri2-0-32bit libxcb-glx0 libxcb-glx0-32bit libxcb-randr0 libxcb-render0 libxcb-render0-32bit libxcb-shape0 libxcb-shm0 libxcb-shm0-32bit libxcb-sync1 libxcb-xf86dri0 libxcb-xfixes0 libxcb-xfixes0-32bit libxcb-xkb1 libxcb-xkb1-32bit libxcb-xv0 libxcb1 libxcb1-32bit libxerces-c-3_1 libxerces-c-3_1-32bit libxml2-2 libxml2-2-32bit libxml2-tools libyaml-0-2 libzip2 libzmq3 logrotate m4 mipv6d mozilla-nspr mozilla-nspr-32bit mutt ntp ntp-doc opensc openslp openslp-32bit openssh openssh-helpers pam pam-32bit pam-doc pam-modules pam-modules-32bit pam_krb5 pam_krb5-32bit pam_ssh pam_ssh-32bit patch pcsc-ccid perl perl-32bit perl-base perl-doc perl-Config-IniFiles perl-HTML-Parser perl-LWP-Protocol-https perl-Tk perl-YAML-LibYAML pidgin-otr ppp procmail puppet python python-curses python-tk python3 python-cupshelpers system-config-printer system-config-printer-common system-config-printer-common-lang system-config-printer-dbus-service udev-configure-printer python-imaging python-libxml2 python-pyOpenSSL python-pywbem qemu qemu-block-curl qemu-ipxe qemu-kvm qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 radvd rhythmbox rhythmbox-lang rsync rsyslog rtkit ruby shim socat squashfs strongswan strongswan-doc strongswan-ipsec strongswan-libs0 sudo sysconfig sysconfig-netconfig syslog-service sysvinit-tools whois telepathy-gabble telepathy-idle tftp tigervnc xorg-x11-Xvnc unixODBC unixODBC-32bit vino vino-lang vorbis-tools vorbis-tools-lang w3m wdiff wget wireshark xalan-j2 xen xen-kmp-default xen-libs xen-libs-32bit xf86-video-intel xinetd xlockmore xorg-x11 xorg-x11-essentials xrdb xorg-x11-libs xorg-x11-server xorg-x11-server-extra yast2 yast2-core zoo DirectFB lib++dfb-1_7-1 libdirectfb-1_7-1 libdirectfb-1_7-1-32bit autofs binutils busybox dnsmasq e2fsprogs libcom_err2 libcom_err2-32bit libext2fs2 gnome-settings-daemon gnome-settings-daemon-lang gstreamer-0_10-plugins-bad gstreamer-0_10-plugins-bad-lang libgstbasecamerabinsrc-0_10-23 libgstbasecamerabinsrc-0_10-23-32bit libgstbasevideo-0_10-23 libgstbasevideo-0_10-23-32bit libgstcodecparsers-0_10-23 libgstphotography-0_10-23 libgstphotography-0_10-23-32bit libgstsignalprocessor-0_10-23 libgstsignalprocessor-0_10-23-32bit libgstvdp-0_10-23 libgstvdp-0_10-23-32bit hyper-v icu libicu52_1 libicu52_1-32bit libicu52_1-data java-1_8_0-openjdk-plugin java-1_8_0-openjdk java-1_8_0-openjdk-headless libFLAC8 libFLAC8-32bit libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Widgets5 libarchive13 libsamba-passdb0 libsamba-passdb0-32bit postgresql94 mozilla-nss-sysinit mozilla-nss-sysinit-32bit libsss_sudo libjasper1 libjasper1-32bit libjpeg-turbo libjpeg62 libjpeg62-32bit libjpeg62-turbo libjpeg8 libjpeg8-32bit libturbojpeg0 libksba8 libmpfr4 libpng15-15 libruby2_1-2_1 ruby2.1 ruby2.1-stdlib libspice-server1 libssh2-1 libssh2-1-32bit libvdpau1 libvdpau1-32bit libwmf-0_2-7 mailx openvpn p7zip perl-XML-LibXML pigz rpcbind rpm rpm-32bit rpm-build sblim-sfcb tcpdump unzip wpa_supplicant xdg-utils NetworkManager NetworkManager-lang libnm-glib-vpn1 libnm-glib4 libnm-util2 libnm0 typelib-1_0-NM-1_0 typelib-1_0-NMClient-1_0 typelib-1_0-NetworkManager-1_0 at libQtWebKit4 libQtWebKit4-32bit libbonobo libbonobo-32bit libbonobo-lang libkde4 libkde4-32bit libkdecore4 libkdecore4-32bit libksuseinstall1 libksuseinstall1-32bit libnetpbm11 libnetpbm11-32bit netpbm augeas augeas-lenses cracklib libcrack2 libcrack2-32bit ctags dosfstools eog eog-lang evince-browser-plugin evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-psdocument evince-plugin-tiffdocument evince-plugin-xpsdocument nautilus-evince fontconfig fontconfig-32bit libfreerdp2 ghostscript ghostscript-x11 libgoa-1_0-0-32bit grub2 grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen gtk2-data gtk2-lang gtk2-tools gtk2-tools-32bit libgtk-2_0-0 libgtk-2_0-0-32bit typelib-1_0-Gtk-2_0 imobiledevice-tools libimobiledevice6 kdump lhasa liblhasa0 libFLAC++6 libFLAC++6-32bit libQt5Concurrent5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-postgresql libQt5Sql5-sqlite libQt5Sql5-unixODBC libQt5Test5 libQt5Xml5 libQt5WebKit5 libQt5WebKit5-imports libQt5WebKitWidgets5 libXvnc1 libasan2 libasan2-32bit libmpx0 libmpx0-32bit libmpxwrappers0 libmpxwrappers0-32bit libfdisk1 libdcerpc-atsvc0 libsamba-errors0 libsamba-errors0-32bit libgif6 libgif6-32bit libgraphite2-3 libgraphite2-3-32bit libgypsy0 libhogweed2 libhogweed2-32bit libnettle4 libnettle4-32bit libidn11 libidn11-32bit libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles libldap-2_4-2 libldap-2_4-2-32bit openldap2-client libldb1 libldb1-32bit libndp0 libnewt0_52 libopenssl-devel libotr5 libpoppler60 libproxy1-pacrunner-webkit libreoffice-icon-theme-galaxy libreoffice-l10n-ro libreofficekit libspice-client-glib-helper libsqlite3-0 libsqlite3-0-32bit sqlite3 libsrtp1 libsystemd0 libsystemd0-32bit libthai-data libthai0 libthai0-32bit libusbmuxd4 libxcb-dri3-0 libxcb-dri3-0-32bit libxcb-present0 libxcb-present0-32bit libxcb-sync1-32bit libxcb-xinerama0 python3-curses supportutils update-alternatives xfsprogs xscreensaver xscreensaver-data yast2-users apparmor-docs apparmor-parser apparmor-profiles apparmor-utils libapparmor1 libapparmor1-32bit pam_apparmor pam_apparmor-32bit perl-apparmor audiofile libaudiofile1 libaudiofile1-32bit drm-kmp-default libpurple-branding-upstream libpurple-plugin-sametime gegl-0_2 gegl-0_2-lang libgegl-0_2-0 gstreamer gstreamer-lang gstreamer-utils libgstreamer-1_0-0 libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0 gstreamer-0_10-plugins-base gstreamer-0_10-plugins-base-32bit gstreamer-0_10-plugins-base-lang libgstapp-0_10-0 libgstapp-0_10-0-32bit libgstinterfaces-0_10-0 libgstinterfaces-0_10-0-32bit gstreamer-0_10-plugins-good gstreamer-0_10-plugins-good-lang gstreamer-plugins-bad gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 gstreamer-plugins-base gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstapp-1_0-0-32bit libgstaudio-1_0-0 libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstfft-1_0-0-32bit libgstpbutils-1_0-0 libgstpbutils-1_0-0-32bit libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 gstreamer-plugins-good gstreamer-plugins-good-lang guile guile-modules-2_0 libguile-2_0-22 lftp libXpm4 libXpm4-32bit libass5 libcairo-gobject2 libcairo-gobject2-32bit libcairo-script-interpreter2 libcairo2 libcairo2-32bit libcares2 libcares2-32bit postgresql96 libgme0 libsss_nss_idmap0 libopenjp2-7 libopus0 libosip2 libpcre1 libpcre1-32bit libpcre16-0 libpcrecpp0 libpcrecpp0-32bit libplist++3 libplist3 libquicktime0 libreoffice-l10n-pt_BR libreoffice-l10n-pt_PT libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libspice-client-gtk-3_0-5 libtirpc-netconfig libtirpc3 libtirpc3-32bit libvirglrenderer0 libvirt-admin libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-libs libvmtools0 open-vm-tools open-vm-tools-desktop libwireshark8 libwiretap6 libwscodecs1 libwsutil7 wireshark-gtk libxslt-tools libxslt1 libxslt1-32bit libz1 libz1-32bit zlib-devel libzzip-0-13 minicom pidgin-plugin-otr rrdtool rrdtool-cached sane-backends sane-backends-32bit sane-backends-autoconfig unrar cluster-md-kmp-default cluster-network-kmp-default dlm-kmp-default gfs2-kmp-default ocfs2-kmp-default sle-ha-release conntrack-tools ctdb fence-agents libpacemaker3 pacemaker pacemaker-cli pacemaker-cts pacemaker-remote lighttpd python-PyYAML ruby2.1-rubygem-bundler libpcreposix0 sle-module-adv-systems-management-release puppet-server docker sle-module-containers-release cups154 cups154-client cups154-filters cups154-libs sle-module-legacy-release java-1_6_0-ibm java-1_6_0-ibm-fonts java-1_6_0-ibm-jdbc java-1_6_0-ibm-plugin syslog-ng sle-module-public-cloud cpp5 gcc5 gcc5-c++ gcc5-fortran gcc5-info gcc5-locale libffi-devel-gcc5 libstdc++6-devel-gcc5 sle-module-toolchain-release apache2-mod_php5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dom php5-enchant php5-exif php5-fastcgi php5-fileinfo php5-fpm php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-intl php5-json php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pdo php5-pear php5-pgsql php5-pspell php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-suhosin php5-sysvmsg php5-sysvsem php5-sysvshm php5-tokenizer php5-wddx php5-xmlreader php5-xmlrpc php5-xmlwriter php5-xsl php5-zip php5-zlib sle-module-web-scripting apache2-mod_php7 php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-dba php7-dom php7-enchant php7-exif php7-fastcgi php7-fileinfo php7-fpm php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-imap php7-intl php7-json php7-ldap php7-mbstring php7-mcrypt php7-mysql php7-odbc php7-opcache php7-openssl php7-pcntl php7-pdo php7-pear php7-pear-Archive_Tar php7-pgsql php7-phar php7-posix php7-pspell php7-shmop php7-snmp php7-soap php7-sockets php7-sqlite php7-sysvmsg php7-sysvsem php7-sysvshm php7-tokenizer php7-wddx php7-xmlreader php7-xmlrpc php7-xmlwriter php7-xsl php7-zip php7-zlib apache2-mod_wsgi nodejs4 nodejs4-devel nodejs4-docs npm4 nodejs6 nodejs6-devel nodejs6-docs npm6 alsa-docs ant apache-commons-beanutils apache-commons-beanutils-javadoc apache-commons-daemon apache-commons-daemon-javadoc apache-commons-httpclient apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apache2-worker apache2-mod_jk apache2-mod_nss apache2-mod_perl automake avahi-utils bind bind-chrootenv bind-doc bzip2-doc gcc48-locale cvs-doc cyrus-sasl-otp cyrus-sasl-otp-32bit cyrus-sasl-sqlauxprop cyrus-sasl-sqlauxprop-32bit dhcp-relay dhcp-server dovecot22 dovecot22-backend-mysql dovecot22-backend-pgsql dovecot22-backend-sqlite dracut-fips libasm1-32bit emacs-el emacs-nox fetchmailconf freeradius-server freeradius-server-doc freeradius-server-libs freeradius-server-utils git-core glibc-html glibc-info glibc-profile glibc-profile-32bit libgnutls-openssl27 groff-full gxditview guestfs-data guestfs-tools guestfsd libguestfs0 perl-Sys-Guestfs gv jakarta-commons-fileupload jakarta-commons-fileupload-javadoc java-1_7_0-openjdk-demo java-1_7_0-openjdk-devel kernel-default-base kernel-default-man kernel-xen-base krb5-doc krb5-plugin-kdb-ldap krb5-plugin-preauth-otp krb5-plugin-preauth-pkinit krb5-server krb5-appl-servers libapr-util1 libapr-util1-dbd-sqlite3 libapr1 libcgroup-tools postgresql93-contrib postgresql93-docs postgresql93-server libfreebl3-hmac libfreebl3-hmac-32bit libsoftokn3-hmac libsoftokn3-hmac-32bit libgcrypt20-hmac libgcrypt20-hmac-32bit libtool libtool-32bit liblua5_2-32bit mariadb-tools libneon27-32bit libopenssl1_0_0-hmac libopenssl1_0_0-hmac-32bit openssl-doc python-base-32bit qt4-x11-tools tiff libupsclient1 nut nut-drivers-net libvirt-lock-sanlock libvorbis-doc python-vte vte2-lang libxml2-doc logwatch mailman openslp-server openssh-fips openvswitch openvswitch-kmp-default openvswitch-kmp-xen openvswitch-switch opie opie-32bit perl-Cyrus-IMAP perl-Cyrus-SIEVE-managesieve ppc64-diag python-32bit python-demo python-gdbm python-idle qemu-guest-agent qemu-lang qemu-ppc qemu-s390 quagga rsyslog-diag-tools rsyslog-doc rsyslog-module-gssapi rsyslog-module-gtls rsyslog-module-mysql rsyslog-module-pgsql rsyslog-module-relp rsyslog-module-snmp rsyslog-module-udpspoof squid squidGuard squidGuard-doc stunnel systemtap systemtap-runtime systemtap-server tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-2_2-api tomcat-javadoc tomcat-jsp-2_2-api tomcat-lib tomcat-servlet-3_0-api tomcat-webapps xen-doc-html xen-tools xen-tools-domU davfs2 freeradius-server-krb5 freeradius-server-ldap freeradius-server-mysql freeradius-server-perl freeradius-server-postgresql freeradius-server-python freeradius-server-sqlite python-libguestfs ipsec-tools java-1_7_1-ibm java-1_7_1-ibm-alsa java-1_7_1-ibm-jdbc java-1_7_1-ibm-plugin java-1_8_0-ibm java-1_8_0-ibm-alsa java-1_8_0-ibm-plugin java-1_8_0-openjdk-demo java-1_8_0-openjdk-devel postgresql94-contrib postgresql94-docs postgresql94-server libhivex0 perl-Win-Hivex libicu-doc libjansson4 libmpfr4-32bit openldap2 openldap2-back-meta openvpn-auth-pam-plugin powerpc-utils qemu-block-rbd smt smt-support strongswan-hmac tomcat-el-3_0-api tomcat-jsp-2_3-api tomcat-servlet-3_1-api vsftpd flex flex-32bit libbonobo-doc chrony dstat giflib-progs grub2-arm64-efi grub2-powerpc-ieee1275 grub2-s390x-emu virt-p2v virt-v2v libidn-tools libnghttp2-14 libtcnative-1-0 libvirt-nss libvncclient0 libvncserver0 openvswitch-dpdk openvswitch-dpdk-switch qemu-arm qemu-block-ssh res-signingkeys apache2-mod_apparmor crash crash-kmp-default jakarta-taglibs-standard jakarta-taglibs-standard-javadoc postgresql96-contrib postgresql96-docs postgresql96-server libmicrohttpd10 memcached perl-DBD-mysql policycoreutils policycoreutils-python python-doc python-doc-pdf tpm2.0-tools FastCGI perl-FastCGI sle-sdk-release ImageMagick-devel libMagick++-devel perl-PerlMagick MozillaFirefox-devel aaa_base-malloccheck accountsservice-devel alsa-devel ant-jmf ant-scripts ant-swing apache2-devel augeas-devel avahi-compat-howl-devel avahi-compat-mDNSResponder-devel libavahi-devel libhowl0 bash-devel readline-devel bind-devel checkbashisms cifs-utils-devel coolkey-devel ctdb-devel cups-devel cyrus-sasl-devel dbus-1-devel dbus-1-devel-doc dbus-1-glib-devel dhcp-devel dovecot22-devel evince-devel file-devel finch-devel libpurple-devel pidgin-devel firebird-devel libfbembed-devel freeradius-server-devel freerdp-devel freetype2-devel fuse-devel fuse-devel-static libulockmgr1 gc-devel gcc48-ada gcc48-fortran gcc48-java gcc48-obj-c++ gcc48-objc gcc48-objc-32bit libada48 libffi48-devel libgcj48-devel libgfortran3-32bit libobjc4 libobjc4-32bit libquadmath0-32bit gd-devel gdk-pixbuf-devel gdm-devel gimp-devel git git-arch git-cvs git-daemon git-email git-gui git-svn git-web gitk glib2-devel glib2-devel-static glibc-devel-static gnome-online-accounts-devel gnome-shell-devel hplip-devel icecream lzo-devel id3lib kernel-docs kernel-obs-build kernel-zfcpdump krb5-devel lib3ds-1-3 libHX-devel libX11-devel libXcursor-devel libXext-devel libXfixes-devel libXfont-devel libXi-devel libXinerama-devel libXp-devel libXrandr-devel libXrender-devel libXres-devel libXt-devel libXtst-devel libXv-devel libXvMC-devel libXxf86dga-devel libXxf86vm-devel libapr-util1-devel libapr1-devel libasm-devel libdw-devel libebl-devel libelf-devel libblkid-devel libmount-devel libsmartcols-devel libbz2-devel libcgroup-devel libcolord-devel libcolord-gtk-devel typelib-1_0-ColorHug-1_0 typelib-1_0-Colord-1_0 typelib-1_0-ColordGtk-1_0 libcurl-devel libdcerpc-atsvc-devel libdcerpc-devel libdcerpc-samr-devel libdcerpc-samr0 libgensec-devel libndr-devel libndr-krb5pac-devel libndr-nbt-devel libndr-standard-devel libnetapi-devel libpdb-devel libregistry-devel libsamba-credentials-devel libsamba-hostconfig-devel libsamba-policy-devel libsamba-policy0 libsamba-util-devel libsamdb-devel libsmbclient-devel libsmbclient-raw-devel libsmbconf-devel libsmbldap-devel libsmbsharemodes-devel libsmbsharemodes0 libtevent-util-devel libwbclient-devel samba-core-devel samba-test-devel libdmx-devel libevent-devel libexif-devel libexpat-devel libgadu-devel libgcrypt-devel libgnomesu-devel libgnutls-devel libgnutls-openssl-devel libgnutlsxx-devel libgnutlsxx28 libgpgme-devel libgssglue-devel libgudev-1_0-devel libudev-devel systemd-devel typelib-1_0-GUdev-1_0 libguestfs-devel ocaml-libguestfs-devel libid3tag-devel libipa_hbac-devel libsss_idmap-devel libsss_nss_idmap-devel libwebkitgtk-devel libwebkitgtk3-devel typelib-1_0-JavaScriptCore-1_0 typelib-1_0-WebKit-1_0 libjbig-devel libjson-c-devel liblcms-devel libmikmod-devel libmms-devel libmodplug-devel libmspack-devel libmusicbrainz-devel libmysqlclient-devel libmysqld-devel libmysqld18 libneon-devel libpacemaker-devel libpcp3 pcp pcp-import-iostat2pcp pcp-import-mrtg2pcp pcp-import-sar2pcp pcp-import-sheet2pcp perl-PCP-LogImport perl-PCP-LogSummary perl-PCP-MMV perl-PCP-PMDA libpcscspy0 pcsc-lite-devel libpng12-compat-devel libpng12-devel libpng16-compat-devel libpng16-devel libpoppler-devel libpoppler-glib-devel libpoppler-qt4-devel typelib-1_0-Poppler-0_18 libproxy-devel libpulse-devel libqt4-devel libqt4-devel-doc libqt4-devel-doc-data libqt4-linguist libqt4-private-headers-devel libraptor-devel libraw-devel libraw-devel-static librpcsecgss-devel librsvg-devel typelib-1_0-Rsvg-2_0 libserf-1-1 silc-toolkit-devel libsmi-devel libsndfile-devel libsoup-devel libssh-devel libssh-devel-doc libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion subversion-bash-completion subversion-devel subversion-perl subversion-python subversion-server subversion-tools libtag-devel libtasn1-devel libtiff-devel libvirt-devel libvorbis-devel libxcb-composite0 libxcb-damage0 libxcb-devel libxcb-devel-doc libxcb-dpms0 libxcb-record0 libxcb-res0 libxcb-screensaver0 libxcb-xevie0 libxcb-xprint0 libxcb-xtest0 libxcb-xvmc0 libxml2-devel libyaml-devel libzip-devel zeromq-devel lua-devel mozilla-nspr-devel mozilla-nss-devel net-snmp-devel newt-devel newt-static nut-cgi nut-devel openexr-devel openslp-devel osc pam-devel pango-devel perl-Tk-devel php5-devel polkit-devel postgresql93-devel ppp-devel python3-devel quagga-devel rhythmbox-devel ruby-devel spice-gtk-devel typelib-1_0-SpiceClientGtk-2_0 sudo-devel systemtap-sdt-devel udisks2-devel unixODBC-devel vte2-devel wireshark-devel xalan-j2-demo xalan-j2-manual xen-devel xfig xorg-x11-devel xorg-x11-server-sdk yast2-core-devel yast2-devel-doc DirectFB-devel lib++dfb-devel binutils-devel binutils-gold cross-ppc-binutils cross-spu-binutils e2fsprogs-devel libcom_err-devel libext2fs-devel flac-devel gnome-settings-daemon-devel gstreamer-0_10-plugins-bad-devel hivex-devel java-1_7_1-ibm-devel java-1_8_0-ibm-devel libQt5Bootstrap-devel-static libQt5Concurrent-devel libQt5Core-devel libQt5Core-private-headers-devel libQt5DBus-devel libQt5DBus-private-headers-devel libQt5Gui-devel libQt5Gui-private-headers-devel libQt5Network-devel libQt5Network-private-headers-devel libQt5OpenGL-devel libQt5OpenGL-private-headers-devel libQt5OpenGLExtensions-devel-static libQt5PlatformSupport-devel-static libQt5PlatformSupport-private-headers-devel libQt5PrintSupport-devel libQt5PrintSupport-private-headers-devel libQt5Sql-devel libQt5Sql-private-headers-devel libQt5Test-devel libQt5Test-private-headers-devel libQt5Widgets-devel libQt5Widgets-private-headers-devel libQt5Xml-devel libqt5-qtbase-common-devel libqt5-qtbase-devel libqt5-qtbase-doc libqt5-qtbase-private-headers-devel libarchive-devel libsamba-passdb-devel libgypsy-devel libicu-devel libjasper-devel libjpeg62-devel libjpeg8-devel libksba-devel libpcp-devel libspice-server-devel libssh2-devel libtidy-0_99-0 libtidy-0_99-0-devel tidy libvdpau-devel libwmf-devel libwmf-gnome libxerces-c-devel mercurial mpfr-devel openldap2-back-perl postgresql94-devel rpm-devel ruby2.1-devel LibVNCServer-devel NetworkManager-devel python-avahi bsh2 bsh2-classgen bsh2-javadoc cracklib-devel cups-ddk eog-devel libQtWebKit-devel libbonobo-devel libnetpbm-devel mdbtools sgmltool fontconfig-devel ghostscript-devel giflib-devel graphite2-devel gtk2-devel lhasa-devel libQt5PlatformHeaders-devel libQt5WebKit-private-headers-devel libQt5WebKit5-devel libQt5WebKitWidgets-devel libQt5WebKitWidgets-private-headers-devel libidn-devel libimobiledevice-devel libldb-devel pyldb pyldb-devel libnettle-devel libotr-devel libpoppler-cpp0 libreoffice-sdk libtcnative-1-0-devel libusbmuxd-devel libwmf-tools mysql-connector-java ocaml ocaml-compiler-libs ocaml-rpm-macros ocaml-runtime openldap2-devel openldap2-devel-static php7-devel sqlite3-devel webkit2gtk3-devel xfsprogs-devel FastCGI-devel apache-pdfbox apache2-mod_perl-devel audiofile-devel cairo-devel crash-devel gegl-devel git-doc gstreamer-0_10-plugins-base-devel typelib-1_0-GstApp-0_10 typelib-1_0-GstInterfaces-0_10 gstreamer-devel gstreamer-plugins-bad-devel libgstinsertbin-1_0-0 gstreamer-plugins-base-devel typelib-1_0-GstAllocators-1_0 typelib-1_0-GstApp-1_0 typelib-1_0-GstFft-1_0 typelib-1_0-GstRtp-1_0 typelib-1_0-GstRtsp-1_0 typelib-1_0-GstSdp-1_0 guile-devel libguilereadline-v-18-18 libXpm-devel libXpm-tools libapparmor-devel libass-devel libbotan-1_10-0 libbotan-devel libcares-devel libgit2-24 libgme-devel python-ldb python-ldb-devel libmicrohttpd-devel libopus-devel libopus-devel-static libosip2-devel pcre-devel pcre-devel-static pcre-tools libplist++-devel libplist-devel libquicktime-devel libtirpc-devel libunrar-devel libunrar5_0_14 libxslt-devel zziplib-devel postgresql96-devel rrdtool-devel sane-backends-devel virglrenderer-devel yodl zlib-devel-32bit zlib-devel-static sle-we-release libreoffice-l10n-bg libreoffice-l10n-hr libreoffice-l10n-lt libreoffice-l10n-uk sle-bsk-release krb5-mini krb5-mini-devel python-Jinja2 libwmf flute libbase libfonts libformula liblayout libloader librepository librevenge librevenge-devel librevenge-generators-0_0-0 libserializer mdds mdds-devel pentaho-libxml pentaho-reporting-flow-engine sac perl-Capture-Tiny python-tdb python-tevent tdb tevent ghostscript-mini ghostscript-mini-devel go go-doc gcc5-go libgo7 libudev-mini-devel libudev-mini1 systemd-mini systemd-mini-devel udev-mini poppler cracklib-dict-small ocaml-ocamldoc kdelibs4 kdelibs4-branding-upstream kdelibs4-core kdelibs4-doc libkde4-devel libkdecore4-devel libmdbodbc1 mdbtools-devel virtuoso virtuoso-drivers virtuoso-server lynx python-Twisted dpkg firebird libfbclient2 libfbclient2-devel PackageKit PackageKit-branding-upstream flac libssh MozillaFirefox-branding-SLE compat-openssl098 libxml2 freetype2 postgresql93-libs libmspack xerces-c libzip libarchive libssh2_org libksba webkitgtk webkitgtk3 libXfont spice fltk libfltk1 libgcrypt libpng16 libqt4-sql-plugins evolution-data-server evolution-data-server-lang libcamel-1_2-45 libcamel-1_2-45-32bit libebackend-1_2-7 libebackend-1_2-7-32bit libebook-1_2-14 libebook-1_2-14-32bit libebook-contacts-1_2-0 libebook-contacts-1_2-0-32bit libecal-1_2-16 libecal-1_2-16-32bit libedata-book-1_2-20 libedata-book-1_2-20-32bit libedata-cal-1_2-23 libedata-cal-1_2-23-32bit libedataserver-1_2-18 libedataserver-1_2-18-32bit libqt5-qtbase libyaml rpm-python libsndfile zeromq jasper openssh-askpass-gnome mpfr libvdpau apache-commons-logging cmis-client graphite2 hyphen libabw libabw-0_1-1 libcdr libcdr-0_1-1 libcmis-0_5-5 libe-book libe-book-0_1-1 libetonyek libetonyek-0_1-1 libfreehand libfreehand-0_1-1 libgltf libgltf-0_0-0 libhyphen0 libixion libixion-0_10-0 liblangtag liblangtag1 libmspub libmspub-0_1-1 libmwaw libmwaw-0_3-3 libodfgen libodfgen-0_1-1 liborcus liborcus-0_8-0 libpagemaker libpagemaker-0_0-0 libreoffice-share-linker libreoffice-voikko librevenge-0_0-0 librevenge-stream-0_0-0 libvisio libvisio-0_1-1 libvoikko libvoikko1 libwps libwps-0_4-4 malaga-suomi myspell-af_ZA myspell-ar myspell-be_BY myspell-bg_BG myspell-bn_BD myspell-bs_BA myspell-ca myspell-cs_CZ myspell-da_DK myspell-de myspell-dictionaries myspell-el_GR myspell-en myspell-es myspell-et_EE myspell-fr_FR myspell-gu_IN myspell-he_IL myspell-hi_IN myspell-hr_HR myspell-hu_HU myspell-it_IT myspell-lo_LA myspell-lt_LT myspell-lv_LV myspell-nl_NL myspell-no myspell-pl_PL myspell-pt_BR myspell-pt_PT myspell-ro myspell-ru_RU myspell-sk_SK myspell-sl_SI myspell-sr myspell-sv_SE myspell-te_IN myspell-th_TH myspell-vi myspell-zu_ZA libpng12 LibVNCServer gdk-pixbuf ldb libtalloc2 libtalloc2-32bit libtdb1 libtdb1-32bit libtevent0 libtevent0-32bit pytalloc pytalloc-32bit talloc boost boost-license1_54_0 hunspell hunspell-32bit hunspell-tools libOpenCOLLADA0 libboost_atomic1_54_0 libboost_date_time1_54_0 libboost_filesystem1_54_0 libboost_iostreams1_54_0 libboost_program_options1_54_0 libboost_regex1_54_0 libboost_signals1_54_0 libboost_system1_54_0 libboost_thread1_54_0 libixion-0_11-0 liborcus-0_11-0 myspell-af_NA myspell-ar_AE myspell-ar_BH myspell-ar_DZ myspell-ar_EG myspell-ar_IQ myspell-ar_JO myspell-ar_KW myspell-ar_LB myspell-ar_LY myspell-ar_MA myspell-ar_OM myspell-ar_QA myspell-ar_SA myspell-ar_SD myspell-ar_SY myspell-ar_TN myspell-ar_YE myspell-bn_IN myspell-bs myspell-ca_AD myspell-ca_ES myspell-ca_ES_valencia myspell-ca_FR myspell-ca_IT myspell-de_AT myspell-de_CH myspell-de_DE myspell-en_AU myspell-en_BS myspell-en_BZ myspell-en_CA myspell-en_GB myspell-en_GH myspell-en_IE myspell-en_IN myspell-en_JM myspell-en_MW myspell-en_NA myspell-en_NZ myspell-en_PH myspell-en_TT myspell-en_US myspell-en_ZA myspell-en_ZW myspell-es_AR myspell-es_BO myspell-es_CL myspell-es_CO myspell-es_CR myspell-es_CU myspell-es_DO myspell-es_EC myspell-es_ES myspell-es_GT myspell-es_HN myspell-es_MX myspell-es_NI myspell-es_PA myspell-es_PE myspell-es_PR myspell-es_PY myspell-es_SV myspell-es_UY myspell-es_VE myspell-fr_BE myspell-fr_CA myspell-fr_CH myspell-fr_LU myspell-fr_MC myspell-lightproof-en myspell-lightproof-hu_HU myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-nb_NO myspell-nl_BE myspell-nn_NO myspell-pt_AO myspell-ro_RO myspell-sr_CS myspell-sr_Latn_CS myspell-sr_Latn_RS myspell-sr_RS myspell-sv_FI myspell-te myspell-vi_VN openCOLLADA giflib libnettle postgresql94-libs libotr libcilkrts5 libcilkrts5-32bit libffi-gcc5 liblsan0 libstdc++6-locale libubsan0 libubsan0-32bit python-backports.ssl_match_hostname python-tornado cairo yast2-ntp-client poppler-qt imap libc-client2007e_suse libimobiledevice libimobiledevice-tools libimobiledevice4 libusbmuxd2 usbmuxd libidn libstorage libstorage-ruby libstorage6 libX11 libXfixes libXi libXrandr libXrender libXtst libXv libXvMC gtk2 pcre gc libass libgme libgstegl-1_0-0 libpng15 opus libXpm zlib libquicktime gegl zziplib libpcap libpcap1 libpcap1-32bit apparmor firebird-classic libtirpc libtirpc1 libtirpc1-32bit libxslt libplist libplist++1 libplist1 openjpeg2 libncurses5 libncurses5-32bit libncurses6 libncurses6-32bit ncurses ncurses-devel ncurses-utils tack terminfo terminfo-base libixion-0_12-0 liborcus-0_12-0 libstaroffice libstaroffice-0_0-0 libzmf libzmf-0_0-0 myspell-uk_UA libICE libICE6 libICE6-32bit libXdmcp libXdmcp6 libXdmcp6-32bit libical libical1 libical1-32bit libzypp zypper zypper-log librsvg libsoup libraw postgresql96-libs liblouis liblouis-data liblouis9 python3-louis xerces-j2 SuSEfirewall2 webkit2gtk3 libwpd libwpd-0_10-10 shadow ceph ceph-common libcephfs1 librados2 libradosstriper1 librbd1 python-cephfs python-rados python-rbd kernel-firmware ucode-amd libXcursor virglrenderer libQtQuick5 libqt5-qtdeclarative libvpx libvpx1 libvpx1-32bit vpx-tools libexif libevent libvorbis transfig spice-vdagent db48-utils libdb-4_8 libdb-4_8-32bit libwavpack1 wavpack libyaml-cpp0_5 yaml-cpp shotwell shotwell-lang libcdio libcdio14 libcdio14-32bit libiso9660-8 ucode-intel libid3tag gwenhywfar gwenhywfar-lang gwenhywfar-tools libgwengui-gtk2-0 libgwenhywfar60 libgwenhywfar60-plugins yast2-pkg-bindings drm python-talloc python-talloc-32bit spice-gtk virt-install virt-manager virt-manager-common PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 rzsz zsh gnome-documents gnome-documents-lang gnome-documents_books-common gnome-shell-search-provider-documents libboost_locale1_54_0 libboost_random1_54_0 libepubgen libepubgen-0_1-1 libixion-0_13-0 liborcus-0_13-0 libqxp libqxp-0_0-0 libreoffice-branding-upstream libreoffice-gtk2 libreoffice-icon-themes myspell-id myspell-id_ID libnetfilter_cthelper libnetfilter_cthelper0 libnetfilter_cttimeout libnetfilter_cttimeout1 hawk2 hawk hawk-templates ldirectord monitoring-plugins-metadata resource-agents kgraft-patch-3_12_38-44-default kgraft-patch-3_12_38-44-xen kgraft-patch-SLE12_Update_3 sle-live-patching-release kgraft-patch-3_12_39-47-default kgraft-patch-3_12_39-47-xen kgraft-patch-SLE12_Update_4 kgraft-patch-3_12_32-33-default kgraft-patch-3_12_32-33-xen kgraft-patch-3_12_36-38-default kgraft-patch-3_12_36-38-xen kgraft-patch-SLE12_Update_1 kgraft-patch-SLE12_Update_2 kgraft-patch-3_12_43-52_6-default kgraft-patch-3_12_43-52_6-xen kgraft-patch-SLE12_Update_5 kgraft-patch-3_12_44-52_10-default kgraft-patch-3_12_44-52_10-xen kgraft-patch-SLE12_Update_6 kgraft-patch-3_12_44-52_18-default kgraft-patch-3_12_44-52_18-xen kgraft-patch-SLE12_Update_7 kgraft-patch-3_12_48-52_27-default kgraft-patch-3_12_48-52_27-xen kgraft-patch-SLE12_Update_8 kgraft-patch-3_12_51-52_31-default kgraft-patch-3_12_51-52_31-xen kgraft-patch-SLE12_Update_9 kgraft-patch-3_12_51-60_20-default kgraft-patch-3_12_51-60_20-xen kgraft-patch-SLE12-SP1_Update_1 kgraft-patch-3_12_60-52_49-default kgraft-patch-3_12_60-52_49-xen kgraft-patch-SLE12_Update_14 kgraft-patch-3_12_59-60_41-default kgraft-patch-3_12_59-60_41-xen kgraft-patch-SLE12-SP1_Update_5 kgraft-patch-3_12_59-60_45-default kgraft-patch-3_12_59-60_45-xen kgraft-patch-SLE12-SP1_Update_6 kgraft-patch-3_12_60-52_54-default kgraft-patch-3_12_60-52_54-xen kgraft-patch-SLE12_Update_15 kgraft-patch-3_12_51-52_34-default kgraft-patch-3_12_51-52_34-xen kgraft-patch-SLE12_Update_10 kgraft-patch-3_12_49-11-default kgraft-patch-3_12_49-11-xen kgraft-patch-SLE12-SP1_Update_0 kgraft-patch-3_12_57-60_35-default kgraft-patch-3_12_57-60_35-xen kgraft-patch-SLE12-SP1_Update_4 kgraft-patch-3_12_53-60_30-default kgraft-patch-3_12_53-60_30-xen kgraft-patch-SLE12-SP1_Update_3 kgraft-patch-3_12_51-60_25-default kgraft-patch-3_12_51-60_25-xen kgraft-patch-SLE12-SP1_Update_2 kgraft-patch-3_12_62-60_62-default kgraft-patch-3_12_62-60_62-xen kgraft-patch-SLE12-SP1_Update_7 kgraft-patch-3_12_51-52_39-default kgraft-patch-3_12_51-52_39-xen kgraft-patch-SLE12_Update_11 kgraft-patch-3_12_62-60_64_8-default kgraft-patch-3_12_62-60_64_8-xen kgraft-patch-SLE12-SP1_Update_8 kgraft-patch-3_12_67-60_64_18-default kgraft-patch-3_12_67-60_64_18-xen kgraft-patch-SLE12-SP1_Update_9 kgraft-patch-3_12_67-60_64_21-default kgraft-patch-3_12_67-60_64_21-xen kgraft-patch-SLE12-SP1_Update_10 kgraft-patch-4_4_21-84-default kgraft-patch-SLE12-SP2_Update_2 kgraft-patch-4_4_21-90-default kgraft-patch-SLE12-SP2_Update_3 kgraft-patch-4_4_21-69-default kgraft-patch-SLE12-SP2_Update_0 kgraft-patch-3_12_67-60_64_24-default kgraft-patch-3_12_67-60_64_24-xen kgraft-patch-SLE12-SP1_Update_11 kgraft-patch-4_4_21-81-default kgraft-patch-SLE12-SP2_Update_1 kgraft-patch-3_12_55-52_42-default kgraft-patch-3_12_55-52_42-xen kgraft-patch-SLE12_Update_12 kgraft-patch-3_12_55-52_45-default kgraft-patch-3_12_55-52_45-xen kgraft-patch-SLE12_Update_13 kgraft-patch-4_4_59-92_24-default kgraft-patch-SLE12-SP2_Update_9 kgraft-patch-4_4_74-92_29-default kgraft-patch-SLE12-SP2_Update_10 kgraft-patch-4_4_59-92_17-default kgraft-patch-SLE12-SP2_Update_7 kgraft-patch-4_4_59-92_20-default kgraft-patch-SLE12-SP2_Update_8 kgraft-patch-4_4_49-92_11-default kgraft-patch-SLE12-SP2_Update_5 kgraft-patch-4_4_49-92_14-default kgraft-patch-SLE12-SP2_Update_6 kgraft-patch-4_4_38-93-default kgraft-patch-SLE12-SP2_Update_4 kgraft-patch-4_4_74-92_32-default kgraft-patch-SLE12-SP2_Update_11 kgraft-patch-4_4_74-92_35-default kgraft-patch-SLE12-SP2_Update_12 kgraft-patch-4_4_74-92_38-default kgraft-patch-SLE12-SP2_Update_13 kgraft-patch-4_4_90-92_45-default kgraft-patch-SLE12-SP2_Update_14 kgraft-patch-4_4_90-92_50-default kgraft-patch-SLE12-SP2_Update_15 kgraft-patch-4_4_103-92_53-default kgraft-patch-SLE12-SP2_Update_16 kgraft-patch-3_12_69-60_64_29-default kgraft-patch-3_12_69-60_64_29-xen kgraft-patch-SLE12-SP1_Update_12 kgraft-patch-3_12_69-60_64_32-default kgraft-patch-3_12_69-60_64_32-xen kgraft-patch-SLE12-SP1_Update_13 kgraft-patch-3_12_69-60_64_35-default kgraft-patch-3_12_69-60_64_35-xen kgraft-patch-SLE12-SP1_Update_14 kgraft-patch-3_12_74-60_64_40-default kgraft-patch-3_12_74-60_64_40-xen kgraft-patch-SLE12-SP1_Update_15 kgraft-patch-4_4_103-92_56-default kgraft-patch-SLE12-SP2_Update_17 kgraft-patch-4_4_114-92_64-default kgraft-patch-SLE12-SP2_Update_18 kgraft-patch-4_4_120-92_70-default kgraft-patch-SLE12-SP2_Update_20 kgraft-patch-4_4_73-5-default kgraft-patch-SLE12-SP3_Update_0 kgraft-patch-4_4_82-6_3-default kgraft-patch-SLE12-SP3_Update_1 kgraft-patch-4_4_82-6_6-default kgraft-patch-SLE12-SP3_Update_2 kgraft-patch-4_4_92-6_18-default kgraft-patch-SLE12-SP3_Update_4 kgraft-patch-4_4_82-6_9-default kgraft-patch-SLE12-SP3_Update_3 kgraft-patch-4_4_92-6_30-default kgraft-patch-SLE12-SP3_Update_5 kgraft-patch-4_4_103-6_33-default kgraft-patch-SLE12-SP3_Update_6 kgraft-patch-4_4_103-6_38-default kgraft-patch-SLE12-SP3_Update_7 kgraft-patch-4_4_114-94_11-default kgraft-patch-SLE12-SP3_Update_8 kgraft-patch-4_4_120-94_17-default kgraft-patch-SLE12-SP3_Update_10 kgraft-patch-4_4_114-94_14-default kgraft-patch-SLE12-SP3_Update_9 kgraft-patch-4_4_126-94_22-default kgraft-patch-SLE12-SP3_Update_11 salt salt-api salt-bash-completion salt-cloud salt-doc salt-master salt-minion salt-proxy salt-ssh salt-syndic salt-zsh-completion ruby2.1-rubygem-puppet rubygem-puppet ruby2.1-rubygem-passenger rubygem-passenger rubygem-passenger-apache2 python-setuptools ruby2.1-rubygem-rack-1_4 rubygem-rack-1_4 sles12-docker-image sles12sp1-docker-image containerd ruby2.1-rubygem-docker-api ruby2.1-rubygem-excon rubygem-docker-api rubygem-excon runc sles11sp4-docker-image portus sles12sp2-docker-image docker-libnetwork docker-runc golang-github-docker-libnetwork docker-distribution docker-distribution-registry libpmi0 libslurm29 libslurm31 pdsh perl-slurm slurm slurm-auth-none slurm-devel slurm-doc slurm-lua slurm-munge slurm-pam_slurm slurm-plugins slurm-sched-wiki slurm-slurmdb-direct slurm-slurmdbd slurm-sql slurm-torque slurmlibs sle-module-hpc-release compat-libldap-2_3-0 compat-libgcrypt11 kernel-ec2 kernel-ec2-devel kernel-ec2-extra python-rsa python-tablib python-paramiko python-PyJWT gcc5-32bit gcc5-ada gcc5-ada-32bit gcc5-c++-32bit gcc5-fortran-32bit libada5 libada5-32bit libffi-devel-gcc5-32bit libstdc++6-devel-gcc5-32bit php5-opcache php5-posix php5-imap php5-phar nodejs-common sle-pos-release libfpm_pb0 libospf0 libospfapiclient0 libquagga_pb0 libzebra1 python-louis tcmu-runner xerces-j2-xml-apis xerces-j2-xml-resolver libshibsp-lite6 libshibsp6 shibboleth-sp libsaml8 opensaml opensaml-bin opensaml-schemas dovecot libmicrohttpd libxmltooling6 xmltooling xmltooling-schemas librelp librelp0 kernel-compute kernel-compute-base kernel-compute-devel kernel-compute_debug kernel-compute_debug-devel kernel-devel-rt kernel-rt kernel-rt-base kernel-rt-devel kernel-rt_debug kernel-rt_debug-devel kernel-source-rt kernel-syms-rt SUSE-Linux-Enterprise-RT-release cluster-md-kmp-rt cluster-network-kmp-rt dlm-kmp-rt gfs2-kmp-rt ocfs2-kmp-rt crash-kmp-rt SUSE_SLES_SAP-release libstorage5 kgraft-patch-3_12_60-52_57-default kgraft-patch-3_12_60-52_57-xen kgraft-patch-SLE12_Update_16 kgraft-patch-3_12_60-52_60-default kgraft-patch-3_12_60-52_60-xen kgraft-patch-SLE12_Update_17 kgraft-patch-3_12_60-52_63-default kgraft-patch-3_12_60-52_63-xen kgraft-patch-SLE12_Update_18 clamsap kgraft-patch-3_12_61-52_80-default kgraft-patch-3_12_61-52_80-xen kgraft-patch-SLE12_Update_23 kgraft-patch-3_12_61-52_77-default kgraft-patch-3_12_61-52_77-xen kgraft-patch-SLE12_Update_22 kgraft-patch-3_12_61-52_66-default kgraft-patch-3_12_61-52_66-xen kgraft-patch-SLE12_Update_19 kgraft-patch-3_12_61-52_69-default kgraft-patch-3_12_61-52_69-xen kgraft-patch-SLE12_Update_20 kgraft-patch-3_12_61-52_72-default kgraft-patch-3_12_61-52_72-xen kgraft-patch-SLE12_Update_21 kgraft-patch-3_12_61-52_83-default kgraft-patch-3_12_61-52_83-xen kgraft-patch-SLE12_Update_24 kgraft-patch-3_12_61-52_86-default kgraft-patch-3_12_61-52_86-xen kgraft-patch-SLE12_Update_25 lighttpd-mod_cml lighttpd-mod_magnet lighttpd-mod_mysql_vhost lighttpd-mod_rrdtool lighttpd-mod_trigger_b4_dl lighttpd-mod_webdav kgraft-patch-3_12_74-60_64_48-default kgraft-patch-3_12_74-60_64_48-xen kgraft-patch-SLE12-SP1_Update_17 kgraft-patch-3_12_74-60_64_45-default kgraft-patch-3_12_74-60_64_45-xen kgraft-patch-SLE12-SP1_Update_16 kgraft-patch-3_12_74-60_64_51-default kgraft-patch-3_12_74-60_64_51-xen kgraft-patch-SLE12-SP1_Update_18 kgraft-patch-3_12_74-60_64_54-default kgraft-patch-3_12_74-60_64_54-xen kgraft-patch-SLE12-SP1_Update_19 kgraft-patch-3_12_74-60_64_57-default kgraft-patch-3_12_74-60_64_57-xen kgraft-patch-SLE12-SP1_Update_20 kgraft-patch-3_12_74-60_64_60-default kgraft-patch-3_12_74-60_64_60-xen kgraft-patch-SLE12-SP1_Update_21 kgraft-patch-3_12_74-60_64_63-default kgraft-patch-3_12_74-60_64_63-xen kgraft-patch-SLE12-SP1_Update_22 kgraft-patch-3_12_74-60_64_66-default kgraft-patch-3_12_74-60_64_66-xen kgraft-patch-SLE12-SP1_Update_23 kgraft-patch-3_12_74-60_64_69-default kgraft-patch-3_12_74-60_64_69-xen kgraft-patch-SLE12-SP1_Update_24 kgraft-patch-3_12_74-60_64_82-default kgraft-patch-3_12_74-60_64_82-xen kgraft-patch-SLE12-SP1_Update_25 kgraft-patch-3_12_74-60_64_85-default kgraft-patch-3_12_74-60_64_85-xen kgraft-patch-SLE12-SP1_Update_26 cryptctl kgraft-patch-4_4_114-92_67-default kgraft-patch-SLE12-SP2_Update_19 python-magic fltk-devel fltk-devel-static evolution-data-server-devel typelib-1_0-EBook-1_2 typelib-1_0-EBookContacts-1_2 typelib-1_0-EDataServer-1_2 libnetfilter_cthelper-devel libnetfilter_cttimeout-devel libffi48 hyphen-devel libabw-devel libabw-devel-doc libcdr-devel libcdr-devel-doc libcmis-c-0_5-5 libcmis-c-devel libcmis-devel libe-book-devel libe-book-devel-doc libetonyek-devel libetonyek-devel-doc libfreehand-devel libfreehand-devel-doc libixion-devel liblangtag-devel libmspub-devel libmspub-devel-doc libmwaw-devel libmwaw-devel-doc libodfgen-devel libodfgen-devel-doc liborcus-devel libvisio-devel libvisio-devel-doc libvoikko-devel libwps-devel hivex libtalloc-devel libtdb-devel libtevent-devel pytalloc-devel boost-devel hunspell-devel hunspell-devel-32bit libboost_chrono1_54_0 libboost_graph1_54_0 libboost_graph_parallel1_54_0 libboost_log1_54_0 libboost_math1_54_0 libboost_mpi1_54_0 libboost_python1_54_0 libboost_serialization1_54_0 libboost_test1_54_0 libboost_timer1_54_0 libboost_wave1_54_0 libhyphen0-32bit yast2-ntp-client-devel-doc imap-devel obs-service-source_validator libstorage-devel yast2-users-devel-doc typelib-1_0-GstRiff-1_0 libpcap-devel Botan libgit2 libICE-devel libXdmcp-devel libical-devel libical-devel-static libzypp-devel libzypp-devel-doc nasm liblouis-devel tcmu-runner-devel xerces-j2-demo xerces-j2-scripts libwpd-devel libwpd-devel-doc libcephfs-devel librados-devel libradosstriper-devel librbd-devel shibboleth-sp-devel libsaml-devel build build-initvm-s390 build-initvm-x86_64 build-mkbaselibs libqt5-qtdeclarative-devel libqt5-qtdeclarative-private-headers-devel libqt5-qtdeclarative-tools libxmltooling-devel libvpx-devel libdb-4_8-devel wavpack-devel libcdio++0 libcdio-devel libudf0 librelp-devel memcached-devel gwenhywfar-devel libgwengui-qt4-0 yast2-pkg-bindings-devel-doc python-talloc-devel PackageKit-devel libpackagekit-glib2-devel libboost_context1_54_0 libepubgen-devel libqxp-devel libqxp-doc libqxp-tools ruby2.1-rubygem-sle2docker sle2docker apache2-mod_auth_kerb apache2-mod_security2 tdb-tools apache-commons-collections apache-commons-collections-javadoc cyrus-imapd kgraft-patch-3_12_61-52_89-default kgraft-patch-3_12_61-52_89-xen kgraft-patch-SLE12_Update_26 kgraft-patch-3_12_61-52_92-default kgraft-patch-3_12_61-52_92-xen kgraft-patch-SLE12_Update_27 kgraft-patch-3_12_61-52_101-default kgraft-patch-3_12_61-52_101-xen kgraft-patch-SLE12_Update_28 kgraft-patch-3_12_61-52_106-default kgraft-patch-3_12_61-52_106-xen kgraft-patch-SLE12_Update_29 kgraft-patch-3_12_61-52_111-default kgraft-patch-3_12_61-52_111-xen kgraft-patch-SLE12_Update_30 kgraft-patch-3_12_61-52_119-default kgraft-patch-3_12_61-52_119-xen kgraft-patch-SLE12_Update_31 kgraft-patch-3_12_61-52_122-default kgraft-patch-3_12_61-52_122-xen kgraft-patch-SLE12_Update_32 kgraft-patch-3_12_61-52_125-default kgraft-patch-3_12_61-52_125-xen kgraft-patch-SLE12_Update_33 lttng-modules lttng-modules-kmp-default ncurses-devel-32bit tboot libvirt-daemon-hooks libtcmu1 qemu-block-iscsi dnsmasq-utils python-glanceclient python-keystonemiddleware python-novaclient python-novaclient-doc python-swiftclient python-swiftclient-doc openstack-ceilometer openstack-ceilometer-agent-compute openstack-nova openstack-nova-compute openstack-suse openstack-suse-sudo python-ceilometer python-nova python-python-memcached iperf iperf-devel libiperf0 MozillaThunderbird MozillaThunderbird-buildsymbols MozillaThunderbird-devel MozillaThunderbird-translations-common MozillaThunderbird-translations-other kde-cli-tools5 kde-cli-tools5-lang go1.4 go1.4-doc kcoreaddons kcoreaddons-devel kcoreaddons-devel-32bit kcoreaddons-lang libKF5CoreAddons5 libKF5CoreAddons5-32bit ffmpeg ffmpeg-devel libavcodec-devel libavcodec56 libavcodec56-32bit libavdevice-devel libavdevice56 libavdevice56-32bit libavfilter-devel libavfilter5 libavfilter5-32bit libavformat-devel libavformat56 libavformat56-32bit libavresample-devel libavresample2 libavresample2-32bit libavutil-devel libavutil54 libavutil54-32bit libpostproc-devel libpostproc53 libpostproc53-32bit libswresample-devel libswresample1 libswresample1-32bit libswscale-devel libswscale3 libswscale3-32bit imlib2 imlib2-devel imlib2-filters imlib2-loaders libImlib2-1 libprotobuf-lite8 libprotobuf8 libprotoc8 mosh ninja perl-Switch protobuf protobuf-devel protobuf-java python-protobuf znc znc-devel znc-perl znc-python3 znc-tcl karchive karchive-devel karchive-devel-32bit libKF5Archive5 libKF5Archive5-32bit redis freexl freexl-devel libfreexl1 openjpeg2-devel libopenjpeg1 openjpeg openjpeg-devel SDL2 lame lame-doc lame-mp3rtp libSDL2-2_0-0 libSDL2-devel libavcodec57 libavdevice57 libavfilter6 libavformat57 libavresample3 libavutil55 libmp3lame-devel libmp3lame0 libpostproc54 libswresample2 libswscale4 libtwolame-devel libtwolame0 twolame libopenjp2-7-32bit libmbedtls9 libmbedtls9-32bit mbedtls mbedtls-devel libgit2-devel jq libjq-devel libjq1 libSDL2-2_0-0-32bit libSDL2-devel-32bit ansible mongodb mongodb-mongoperf mongodb-mongos mongodb-server mongodb-shell tor erlang erlang-debugger erlang-debugger-src erlang-dialyzer erlang-dialyzer-src erlang-diameter erlang-diameter-src erlang-doc erlang-epmd erlang-et erlang-et-src erlang-gs erlang-gs-src erlang-jinterface erlang-jinterface-src erlang-observer erlang-observer-src erlang-reltool erlang-reltool-src erlang-src erlang-wx erlang-wx-src enigmail phpMyAdmin kopete kopete-devel nginx kdelibs4-apidocs kio kio-32bit kio-core kio-core-32bit kio-devel kio-devel-32bit kio-lang libksuseinstall-devel geotiff geotiff-devel libgeotiff2 libavcodec57-32bit libavdevice57-32bit libavfilter6-32bit libavformat57-32bit libavresample3-32bit libavutil55-32bit libpostproc54-32bit libswresample2-32bit libswscale4-32bit kauth kauth-devel kauth-devel-32bit libKF5Auth5 libKF5Auth5-32bit libKF5Auth5-lang ffmpeg2 ffmpeg2-devel akonadi_resources akregator5 blogilo5 kaddressbook5 kalarm5 kdepim kmail5 knotes5 kontact5 korganizer5 ktnef5 messagelib messagelib-devel ark libkerfuffle15 libkerfuffle16 libre2-0 re2 re2-devel libre2-0-32bit drkonqi5 plasma5-workspace plasma5-workspace-devel plasma5-workspace-lang plasma5-workspace-libs libsox3 sox sox-devel libmad libmad-devel libmad0 libmad0-32bit libmp3lame0-32bit go-race go1.9 go1.9-doc go1.9-race go1.8 go1.8-doc go1.8-race python-Django vim-plugin-nginx pdns-recursor hdf5 hdf5-devel hdf5-devel-data hdf5-devel-static hdf5-examples hdf5-openmpi hdf5-openmpi-devel hdf5-openmpi-devel-static libhdf5-10 libhdf5-10-openmpi libhdf5_cpp12 libhdf5_fortran10 libhdf5_fortran10-openmpi libhdf5_hl10 libhdf5_hl10-openmpi libhdf5_hl_cpp11 libhdf5hl_fortran10 libhdf5hl_fortran10-openmpi NetworkManager-glib NetworkManager-gnome OpenEXR OpenEXR-32bit OpenEXR-x86 hal hal-32bit hal-doc hal-x86 libpackagekit-glib10 PolicyKit PolicyKit-32bit PolicyKit-doc PolicyKit-x86 amavisd-new php5-dbase php5-hash libavahi-client3-x86 libavahi-common3-x86 libavahi-core5 libdns_sd-x86 bind-libs-x86 boost-license libboost_program_options1_36_0 libboost_regex1_36_0 libboost_signals1_36_0 libbz2-1-x86 cifs-mount ldapsmb libsmbclient0-x86 libtalloc1 libtalloc1-32bit libtalloc1-x86 libtdb1-x86 libwbclient0-x86 samba-client-x86 samba-krb-printing samba-winbind-x86 samba-x86 cups-libs-x86 libcurl4-x86 dbus-1-32bit dbus-1-x86 libcom_err2-x86 enscript evince-doc evolution-data-server-32bit evolution-data-server-x86 libexpat1-x86 file-32bit file-x86 findutils findutils-locate freeradius-server-dialupadmin freetype2-32bit freetype2-x86 fvwm2 ghostscript-fonts-other ghostscript-fonts-rus ghostscript-fonts-std ghostscript-library ghostscript-omni libgimpprint glib2 glib2-doc libgio-2_0-0-x86 libglib-2_0-0-x86 libgmodule-2_0-0-x86 libgobject-2_0-0-x86 libgthread-2_0-0-x86 gmime gmime-2_4 gmime-doc libgmime-2_0-3 libgmime-2_4-2 gnome-screensaver gnome-screensaver-lang libgnutls26 libgnutls26-32bit libgnutls26-x86 gstreamer-0_10-plugins-base-doc gstreamer-0_10-plugins-base-x86 libgstapp-0_10-0-x86 libgstinterfaces-0_10-0-x86 gstreamer-0_10-plugins-good-doc gtk2-32bit gtk2-doc gtk2-x86 vim-base java-1_4_2-ibm java-1_4_2-ibm-jdbc java-1_4_2-ibm-plugin java-1_6_0-ibm-alsa kde4-kgreeter-plugins kdebase4-wallpapers kdebase4-workspace kdebase4-workspace-ksysguardd kdm kwin kdebase3-runtime kdebase3-runtime-32bit kdebase3-runtime-x86 kdelibs3 kdelibs3-32bit kdelibs3-default-style kdelibs3-default-style-32bit kdelibs3-default-style-x86 kdelibs3-x86 libkde4-x86 libkdecore4-x86 kernel-pae kernel-pae-base kernel-pae-devel kernel-ppc64 kernel-ppc64-base kernel-ppc64-devel kernel-trace kernel-trace-base kernel-trace-devel krb5-apps-clients krb5-apps-servers krb5-x86 kvm liblcms1-x86 libMagickCore1 libMagickCore1-32bit libQtWebKit4-x86 libqt4-qt3support-x86 libqt4-sql-x86 libqt4-x11-x86 libqt4-x86 libadns1 libapr-util1-32bit libapr1-32bit libarchive2 libdrm libdrm-32bit libdrm-x86 libexif-32bit libexif-x86 libexiv2-4 libgtop libgtop-2_0-7 libgtop-doc libgtop-lang libicu libicu-32bit libicu-x86 libltdl7-x86 libtool-x86 libmysqlclient15 libmysqlclient15-32bit libmysqlclient15-x86 libmysqlclient_r15 mysql mysql-Max mysql-client libneon27-x86 neon libnetpbm10 libnetpbm10-32bit libnetpbm10-x86 libopensc2 libopensc2-32bit libopensc2-x86 opensc-32bit opensc-x86 libopenssl0_9_8-x86 libpng12-0-x86 libpoppler-glib4 libpoppler-qt4-3 libpoppler5 libpulse-browse0 libpulse0-x86 libpython2_6-1_0 libpython2_6-1_0-32bit libpython2_6-1_0-x86 python-base-x86 pyxml librpcsecgss libsamplerate libsamplerate-32bit libsamplerate-x86 libsndfile-32bit libsndfile-x86 libsnmp15 libsnmp15-32bit libsnmp15-x86 libsoup-2_4-1-x86 libtiff3 libtiff3-32bit libtiff3-x86 libvirt-python libvorbis-32bit libvorbis-x86 libxml2-32bit libxml2-x86 libxslt-32bit libxslt-x86 log4net man mono-core mono-data mono-data-postgresql mono-data-sqlite mono-locale-extras mono-nunit mono-web mono-winforms mozilla-xulrunner190 mozilla-xulrunner190-32bit mozilla-xulrunner190-gnomevfs mozilla-xulrunner190-translations mozilla-xulrunner190-x86 mozilla-xulrunner191 mozilla-xulrunner191-32bit mozilla-xulrunner191-gnomevfs mozilla-xulrunner191-translations mozilla-xulrunner191-x86 nagios nagios-www nagios-plugins nagios-plugins-extras openssh-askpass openswan openswan-doc pam-x86 pam_krb5-x86 pam_ldap pam_ldap-32bit pam_ldap-x86 pam_mount pam_mount-32bit pam_mount-x86 perl-x86 perl-spamassassin spamassassin postgresql postgresql-contrib postgresql-docs postgresql-libs postgresql-libs-32bit postgresql-libs-x86 postgresql-server python-x86 qt3 qt3-32bit qt3-x86 ruby-doc-html ruby-tk star sysstat sysstat-isag systemtap-client xen-doc-pdf xen-kmp-pae xorg-x11-xauth xpdf-tools xterm acpid apache2-mod_php53 php53 php53-bcmath php53-bz2 php53-calendar php53-ctype php53-curl php53-dba php53-dom php53-exif php53-fastcgi php53-fileinfo php53-ftp php53-gd php53-gettext php53-gmp php53-iconv php53-intl php53-json php53-ldap php53-mbstring php53-mcrypt php53-mysql php53-odbc php53-openssl php53-pcntl php53-pdo php53-pear php53-pgsql php53-pspell php53-shmop php53-snmp php53-soap php53-suhosin php53-sysvmsg php53-sysvsem php53-sysvshm php53-tokenizer php53-wddx php53-xmlreader php53-xmlrpc php53-xmlwriter php53-xsl php53-zip php53-zlib dbus-1-glib-x86 dhcpcd dhcpv6 ecryptfs-utils-x86 ed foomatic-filters glibc-locale-x86 glibc-profile-x86 glibc-x86 kdenetwork4-filesharing kget krdc krfb libtalloc2-x86 libcap-progs libcap2 libcap2-32bit libcap2-x86 libfreebl3-x86 mozilla-nss-x86 libgdiplus0 mysql-tools newt python-newt librsvg-32bit librsvg-x86 libxcrypt libxcrypt-32bit libxcrypt-x86 pam-modules-x86 pwdutils pwdutils-plugin-audit libzip1 lvm2 mozilla-xulrunner192 mozilla-xulrunner192-32bit mozilla-xulrunner192-gnome mozilla-xulrunner192-translations mozilla-xulrunner192-x86 ofed ofed-doc ofed-kmp-default ofed-kmp-pae ofed-kmp-ppc64 ofed-kmp-trace openslp-x86 opie-x86 pango pango-32bit pango-doc pango-x86 pcsc-lite-32bit pcsc-lite-x86 perl-libwww-perl pure-ftpd squid3 system-config-printer-lang t1lib tgt tomcat6 tomcat6-admin-webapps tomcat6-docs-webapp tomcat6-javadoc tomcat6-jsp-2_1-api tomcat6-lib tomcat6-servlet-2_5-api tomcat6-webapps vte vte-doc vte-lang xorg-x11-libs-32bit xorg-x11-libs-x86 Mesa Mesa-32bit Mesa-x86 ant-trax kcalc kcharselect kdessh kdf kfloppy kgpg ktimer kwalletmanager kwikdisk okteta libboost_thread1_36_0 libldap-2_4-2-x86 libgnutls-extra26 ibutils ibutils-32bit jakarta-commons-httpclient3 java-1_7_0-ibm java-1_7_0-ibm-alsa java-1_7_0-ibm-jdbc java-1_7_0-ibm-plugin jpeg libjpeg libjpeg-32bit libjpeg-x86 postgresql91 postgresql91-contrib postgresql91-docs postgresql91-server libsoftokn3-x86 libopenssl0_9_8-hmac libopenssl0_9_8-hmac-32bit libotr2 libproxy0 libproxy0-32bit libproxy0-config-gnome libproxy0-config-kde4 libproxy0-networkmanager libproxy0-x86 libtspi1 libtspi1-32bit libtspi1-x86 trousers nut-classic nfs-client openCryptoki openCryptoki-32bit openCryptoki-64bit perl-Module-Build perl-Test-Simple python-pam taglib-32bit taglib-x86 unixODBC_23 virt-utils x3270 xorg-x11-libxcb xorg-x11-libxcb-32bit xorg-x11-libxcb-x86 xorg-x11-server-dmx xorg-x11-server-rdp a2ps bash-x86 libreadline5 libreadline5-32bit libreadline5-x86 boost-license1_49_0 libboost_system1_49_0 libboost_thread1_49_0 coreutils-x86 libdw1-x86 libebl1-x86 libelf1-x86 fastjar kdebase4-runtime kdirstat libFLAC8-x86 libblkid1-x86 libuuid1-x86 uuid-runtime libevent-1_4-2 libgcc_s1-x86 libstdc++6-x86 libgcrypt11 libgcrypt11-32bit libgcrypt11-x86 libjasper libjasper-32bit libjasper-x86 liblzo2-2-x86 libmpfr1 libmpfr1-32bit libmpfr1-x86 libmysql55client18 libmysql55client18-32bit libmysql55client18-x86 libmysql55client_r18 libmysql55client_r18-32bit libmysql55client_r18-x86 libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-x86 libpulse-mainloop-glib0-x86 libtasn1-3 libtasn1-3-32bit libtasn1-3-x86 libtevent0-x86 libwsman1 openwsman-client openwsman-server suseRegister lxc mozilla-nspr-x86 nagios-nrpe nagios-nrpe-doc nagios-plugins-nrpe nfs-doc nfs-kernel-server popt popt-32bit popt-x86 rpm-x86 python-lxml sendmail xorg-x11-libX11 xorg-x11-libX11-32bit xorg-x11-libX11-x86 xorg-x11-libXext xorg-x11-libXext-32bit xorg-x11-libXext-x86 xorg-x11-libXfixes xorg-x11-libXfixes-32bit xorg-x11-libXfixes-x86 xorg-x11-libXp xorg-x11-libXp-32bit xorg-x11-libXp-x86 xorg-x11-libXrender xorg-x11-libXrender-32bit xorg-x11-libXrender-x86 xorg-x11-libXt xorg-x11-libXt-32bit xorg-x11-libXt-x86 xorg-x11-libXv xorg-x11-libXv-32bit xorg-x11-libXv-x86 GraphicsMagick libGraphicsMagick2 perl-GraphicsMagick libMagick++1 libMagickWand1 libMagickWand1-32bit Mesa-devel Mesa-devel-32bit OpenEXR-devel hal-devel libpackagekit-glib10-devel libpackagekit-qt10 libpackagekit-qt10-devel PolicyKit-devel Xerces-c libXerces-c-devel libXerces-c28 a2ps-devel ant-antlr ant-apache-bcel ant-apache-bsf ant-apache-log4j ant-apache-oro ant-apache-regexp ant-apache-resolver ant-commons-logging ant-javadoc ant-javamail ant-jdepend ant-junit ant-manual ant-nodeps apache2-mod_fcgid bind-devel-32bit binutils-devel-32bit boinc-client boinc-client-devel boost-devel-32bit boost-doc libboost_date_time1_36_0 libboost_date_time1_36_0-32bit libboost_filesystem1_36_0 libboost_filesystem1_36_0-32bit libboost_graph1_36_0 libboost_graph1_36_0-32bit libboost_iostreams1_36_0 libboost_iostreams1_36_0-32bit libboost_math1_36_0 libboost_math1_36_0-32bit libboost_mpi1_36_0 libboost_program_options1_36_0-32bit libboost_python1_36_0 libboost_python1_36_0-32bit libboost_regex1_36_0-32bit libboost_serialization1_36_0 libboost_serialization1_36_0-32bit libboost_signals1_36_0-32bit libboost_system1_36_0 libboost_system1_36_0-32bit libboost_test1_36_0 libboost_test1_36_0-32bit libboost_thread1_36_0-32bit libboost_wave1_36_0 libboost_wave1_36_0-32bit bytefx-data-mysql mono-data-firebird mono-data-oracle mono-data-sybase mono-devel mono-extras mono-jscript mono-wcf mono-winfxcore monodoc-core gcc48-fortran-32bit cscope cyrus-imapd-devel derby libcom_err-devel-32bit libext2fs-devel-32bit libext2fs2-32bit libext2fs2-x86 empathy-devel evolution evolution-devel evolution-lang fileshareset kdebase3 kdebase3-32bit kdebase3-devel misc-console-font libFLAC++6-x86 freetype2-devel-32bit gdk-pixbuf-32bit ghostscript-ijs-devel libgimpprint-devel glib2-devel-32bit gmime-2_4-devel gmime-devel gmime-sharp gnucash gnucash-devel gnucash-lang gtk2-devel-32bit ibutils-devel ibutils-devel-32bit libicu-devel-32bit imlib imlib-32bit imlib-config imlib-devel imlib-x86 inkscape inkscape-extensions-dia inkscape-extensions-extra inkscape-extensions-fig inkscape-extensions-gimp inkscape-lang kdebase4-workspace-devel kdelibs3-arts kdelibs3-arts-32bit kdelibs3-arts-x86 kdelibs3-devel kdelibs3-doc krb5-devel-32bit libqt4-sql-mysql-x86 libqt4-sql-postgresql-x86 libqt4-sql-sqlite-x86 libqt4-sql-unixODBC-x86 libadns-devel libapr-util1-devel-32bit libapr1-devel-32bit libblkid-devel-32bit libuuid-devel-32bit libcap-devel libdhcp6client-1_0-2 libdhcp6client-devel libdrm-devel libdrm-devel-32bit libexiv2-4-32bit libexiv2-4-x86 libexiv2-devel libgadu libgcrypt-devel-32bit libgnutls-extra-devel libgpgme11-32bit libgpgme11-x86 libgtop-2_0-7-32bit libgtop-2_0-7-x86 libgtop-devel libjpeg-devel libjpeg-devel-32bit liblcms-devel-32bit python-lcms samba-devel samba-test libmikmod mpfr-devel-32bit libmysqlclient_r15-32bit libmysqlclient_r15-x86 libnetpbm-devel-32bit pcp-devel libpixman-1-0-devel libpng-devel libpng-devel-32bit libpoppler-qt2 libpoppler-qt3-devel readline-devel-32bit libreoffice-base-extensions libreoffice-draw-extensions libreoffice-impress-extensions libreoffice-kde libreoffice-kde4 libreoffice-l10n-prebuilt libreoffice-mono libreoffice-l10n-el libreoffice-l10n-en-GB libreoffice-l10n-gu-IN libreoffice-l10n-hi-IN libreoffice-l10n-pt libreoffice-l10n-zh-CN libreoffice-l10n-zh-TW libreoffice-help-cs libreoffice-help-da libreoffice-help-de libreoffice-help-en-GB libreoffice-help-en-US libreoffice-help-es libreoffice-help-fr libreoffice-help-gu-IN libreoffice-help-hi-IN libreoffice-help-hu libreoffice-help-it libreoffice-help-ja libreoffice-help-ko libreoffice-help-nl libreoffice-help-pl libreoffice-help-pt libreoffice-help-pt-BR libreoffice-help-ru libreoffice-help-sv libreoffice-help-zh-CN libreoffice-help-zh-TW libreoffice-testtool libsamplerate-devel net-snmp-devel-32bit libsoup-devel-32bit libssh2 libssh2-1-x86 libsss_sudo-devel libthai libthai-devel libtiff-devel-32bit libtunepimp libtunepimp-devel libtunepimp5 libvirt-devel-32bit libwebkit-1_0-1 libwebkit-1_0-2 libwebkit-devel libwebkit-lang libwmf-32bit libwmf-gnome-32bit libwmf-gnome-x86 libwmf-x86 libwpd-0_8-8 libwsman-devel openwsman-python libxcrypt-devel libxine-devel libxine1 libxine1-32bit libxine1-gnome-vfs libxine1-pulse libxml libxml-32bit libxml-devel libxml2-devel-32bit libxslt-devel-32bit lxc-devel lzo-devel-32bit mozilla-xulrunner192-devel mozilla-xulrunner192-gnome-32bit mozilla-xulrunner192-translations-32bit nagios-devel netatalk netatalk-devel novell-ipsec-tools novell-ipsec-tools-devel obex-data-server ofed-devel openCryptoki-devel openldap2-devel-32bit opensc-devel pam-devel-32bit pango-devel-32bit perl-DBD-Pg perl-base-32bit php53-devel php53-imap php53-posix php53-readline php53-sockets php53-sqlite php53-tidy popt-devel popt-devel-32bit rpm-devel-32bit postgresql-devel pwlib pwlib-devel python-crypto python-imaging-sane python-logilab-common python-lxml-doc qt3-devel qt3-devel-32bit qt3-devel-doc qt3-devel-tools qt3-devel-tools-32bit ruby-doc-ri ruby-examples ruby-test-suite rubygem-actionmailer-3_2 rubygem-actionpack-3_2 rubygem-activemodel-3_2 rubygem-activeresource-3_2 rubygem-rails-3_2 rubygem-railties-3_2 rubygem-activerecord-3_2 rubygem-activesupport-3_2 rubygem-bundler rubygem-i18n-0_6 rubygem-json_pure rubygem-rack-ssl rubygem-rdoc rubygem-sprockets-2_2 rxvt-unicode sendmail-devel struts struts-javadoc struts-manual t1lib-devel taglib-devel texlive texlive-arab texlive-bin texlive-bin-cjk texlive-bin-devel texlive-bin-dvilj texlive-bin-jadetex texlive-bin-latex texlive-bin-metapost texlive-bin-musictex texlive-bin-omega texlive-bin-tex4ht texlive-bin-tools texlive-bin-xetex texlive-bin-xmltex texlive-cjk texlive-context texlive-devel texlive-doc texlive-dvilj texlive-jadetex texlive-latex texlive-latex-doc texlive-metapost texlive-musictex texlive-omega texlive-ppower4 texlive-tex4ht texlive-tools texlive-xetex texlive-xmltex trousers-devel unixODBC_23-devel valgrind valgrind-devel vte-devel xalan-j2-javadoc xorg-x11-devel-32bit xorg-x11-libX11-devel xorg-x11-libX11-devel-32bit xorg-x11-libXext-devel xorg-x11-libXext-devel-32bit xorg-x11-libXfixes-devel xorg-x11-libXfixes-devel-32bit xorg-x11-libXp-devel xorg-x11-libXp-devel-32bit xorg-x11-libXrender-devel xorg-x11-libXrender-devel-32bit xorg-x11-libXt-devel xorg-x11-libXt-devel-32bit xorg-x11-libXv-devel xorg-x11-libXv-devel-32bit xorg-x11-libxcb-devel xorg-x11-libxcb-devel-32bit php5-ncurses php5-readline php5-tidy beagle beagle-devel beagle-lang inn inn-devel inst-source-utils java-1_4_2-ibm-devel java-1_6_0-ibm-devel java-1_7_0-ibm-devel postgresql91-devel libxslt-python perl-base-x86 python-httplib2 rubygem-rack-1_3 rubygem-rack rubygem-actionmailer-2_3 rubygem-actionpack-2_3 rubygem-activerecord-2_3 rubygem-activeresource-2_3 rubygem-activesupport-2_3 rubygem-rails rubygem-rails-2_3 rubygem-actionpack-2_1 rubygem-mail-2_3 rubygem-rack-cache-1_1 giflib-devel-32bit kde4-l10n-de-data kde4-l10n-de-doc liblcms2-devel postgresql91-libs gnu-efi libtidy libtidy-devel libbotan-1_6_5 firefox-fontconfig firefox-fontconfig-devel bsdtar fontconfig-devel-32bit cpp43 gcc43 gcc43-ada gcc43-fortran gcc43-fortran-32bit gcc43-obj-c++ gcc43-objc gcc43-objc-32bit libada43 libobjc43 libobjc43-32bit libcap-ng libcap-ng-devel python-capng libdb-4_5 libdb-4_5-devel libdb_java-4_5 libical0-32bit google-carlito-fonts libmythes-1_2-0 mythes mythes-devel python-importlib libmxml1 mxml libopenssl-devel-32bit perl-SOAP-Lite rubygem-mail-2_4 sane-backends-x86 portaudio portaudio-devel xorg-x11-libICE xorg-x11-libICE-devel xorg-x11-libICE-devel-32bit xorg-x11-libXdmcp xorg-x11-libXdmcp-32bit xorg-x11-libXdmcp-devel xorg-x11-libXdmcp-devel-32bit xorg-x11-libXpm xorg-x11-libXpm-devel xorg-x11-libXpm-devel-32bit yast2-storage yast2-storage-devel curl-openssl1 libcurl4-openssl1 libcurl4-openssl1-32bit libcurl4-openssl1-x86 libopenssl1-devel libopenssl1_0_0-x86 openssl1 openssl1-doc libldap-openssl1-2_4-2 libldap-openssl1-2_4-2-32bit libldap-openssl1-2_4-2-x86 openldap2-client-openssl1 openssh-openssl1 openssh-openssl1-helpers openvpn-openssl1 openvpn-openssl1-down-root-plugin sblim-sfcb-openssl1 wget-openssl1 acroread acroread-cmaps acroread-fonts-ja acroread-fonts-ko acroread-fonts-zh_CN acroread-fonts-zh_TW acroread_ja ibm-data-db2 compat-openssl097g compat-openssl097g-32bit MozillaFirefox-branding-SLED beagle-evolution beagle-firefox beagle-gui mhtml-firefox flash-player-kde4 icedtea-web java-1_6_0-openjdk java-1_6_0-openjdk-demo java-1_6_0-openjdk-devel kernel-pae-extra kernel-trace-extra kernel-xen-extra xen-kmp-trace permissions libproxy0-config-gnome-32bit libproxy0-networkmanager-32bit libxml2-python openssl-certs quota vm-install xrdp cabextract compat-wireless-kmp-default compat-wireless-kmp-pae compat-wireless-kmp-xen giflib-32bit libgstbasecamerabinsrc-0_10-0 libgstbasecamerabinsrc-0_10-0-32bit libgstbasevideo-0_10-0 libgstbasevideo-0_10-0-32bit libgstphotography-0_10-0 libgstphotography-0_10-0-32bit libgstsignalprocessor-0_10-0 libgstsignalprocessor-0_10-0-32bit libgstvdp-0_10-0 libgstvdp-0_10-0-32bit kde4-l10n-ar kde4-l10n-cs kde4-l10n-da kde4-l10n-da-data kde4-l10n-da-doc kde4-l10n-de kde4-l10n-en_GB kde4-l10n-es kde4-l10n-es-data kde4-l10n-es-doc kde4-l10n-fr kde4-l10n-fr-data kde4-l10n-fr-doc kde4-l10n-hu kde4-l10n-it kde4-l10n-it-data kde4-l10n-it-doc kde4-l10n-ja kde4-l10n-ko kde4-l10n-nb kde4-l10n-nl kde4-l10n-nl-data kde4-l10n-nl-doc kde4-l10n-pl kde4-l10n-pl-data kde4-l10n-pl-doc kde4-l10n-pt kde4-l10n-pt_BR kde4-l10n-pt_BR-data kde4-l10n-pt_BR-doc kde4-l10n-ru kde4-l10n-ru-data kde4-l10n-ru-doc kde4-l10n-sv kde4-l10n-sv-data kde4-l10n-sv-doc kde4-l10n-zh_CN kde4-l10n-zh_TW kdebase4-runtime-xine kernel-bigsmp-devel kernel-bigsmp lcms2 liblcms2-2 novell-qtgui novell-qtgui-cli novell-ui-base orca orca-lang pwlib-plugins-avc pwlib-plugins-dc pwlib-plugins-v4l2 wpa_supplicant-gui sle-hae-release cluster-network-kmp-bigsmp cluster-network-kmp-pae cluster-network-kmp-ppc64 cluster-network-kmp-trace cluster-network-kmp-xen gfs2-kmp-bigsmp gfs2-kmp-pae gfs2-kmp-ppc64 gfs2-kmp-trace gfs2-kmp-xen ocfs2-kmp-bigsmp ocfs2-kmp-pae ocfs2-kmp-ppc64 ocfs2-kmp-trace ocfs2-kmp-xen drbd-kmp-bigsmp cluster-network cluster-network-kmp-bigmem drbd drbd-bash-completion drbd-heartbeat drbd-kmp drbd-kmp-bigmem drbd-kmp-default drbd-kmp-pae drbd-kmp-ppc64 drbd-kmp-trace drbd-kmp-xen drbd-pacemaker drbd-udev drbd-utils drbd-xen gfs2 gfs2-kmp-bigmem ocfs2 ocfs2-kmp-bigmem firefox-gcc5 firefox-libffi-gcc5 firefox-libffi4 firefox-libstdc++6 POS_Image-Minimal3 POS_Image-Netboot-hooks POS_Image-Tools POS_Image3 POS_Migration POS_Server-Admin3 POS_Server-AdminGUI POS_Server-AdminTools3 POS_Server-BranchTools3 POS_Server-Modules3 POS_Server3 admind admind-client posbios gcc43-c++ gcc43-info gcc43-locale libstdc++43-devel kernel-ec2-base microcode_ctl iscsitarget-kmp-rt brocade-bna-kmp-rt cluster-network-kmp-rt_trace drbd-kmp-rt drbd-kmp-rt_trace kernel-rt_trace kernel-rt_trace-base kernel-rt_trace-devel ocfs2-kmp-rt_trace ofed-kmp-rt iscsitarget-kmp-rt_trace lttng-modules-kmp-rt lttng-modules-kmp-rt_trace ofed-kmp-rt_trace gfs2-kmp-rt_trace java-1_4_2-ibm-sap java-1_4_2-ibm-sap-devel sap_suse_cluster_connector rhn-virtualization-common rhn-virtualization-host rhncfg rhncfg-actions rhncfg-client rhncfg-management koan rhnmd spacewalk-backend-libs spacewalk-certs-tools rhnlib spacecmd spacewalk-backend spacewalk-check spacewalk-client-setup spacewalk-client-tools gconf2 gconf2-32bit gconf2-x86 libidl libidl-32bit libidl-x86 orbit2 orbit2-32bit orbit2-x86 procps acl libacl libacl-32bit libacl-x86 libgcc43 libgcc43-32bit libgcc43-x86 libstdc++43 libstdc++43-32bit libstdc++43-x86 keyutils-libs keyutils-libs-32bit keyutils-libs-x86 libidn-32bit libidn-x86 cyrus-sasl-crammd5-x86 cyrus-sasl-gssapi-x86 cyrus-sasl-otp-x86 cyrus-sasl-plain-x86 cyrus-sasl-x86 gtkhtml2 gtkhtml2-lang cdparanoia cdparanoia-32bit cdparanoia-x86 desktop-file-utils fam fam-32bit fam-x86 gnome-vfs2 gnome-vfs2-32bit gnome-vfs2-x86 gstreamer-0_10 libogg0 libogg0-32bit libogg0-x86 liboil liboil-32bit liboil-x86 libgpg-error0 libgpg-error0-32bit libgpg-error0-x86 iscsitarget iscsitarget-kmp-default iscsitarget-kmp-pae iscsitarget-kmp-ppc64 iscsitarget-kmp-vmi iscsitarget-kmp-xen java-1_5_0-bea java-1_5_0-bea-console java-1_5_0-bea-fonts java-1_5_0-bea-jdbc java-1_6_0-ibm-alsa-x86 java-1_6_0-ibm-x86 kde4-akonadi kde4-akregator kde4-kaddressbook kde4-kalarm kde4-kjots kde4-kmail kde4-knode kde4-knotes kde4-kontact kde4-korganizer kde4-ktimetracker kde4-ktnef kdepim4 kdepim4-wizards kdepimlibs4 libakonadi4 libkdepim4 libkdepimlibs4 kde4-gwenview kde4-kcolorchooser kde4-kruler kde4-ksnapshot kde4-okular libkipi5 kde4-kdm kde4-kwin kde4-kget kde4-knewsticker kde4-kopete kde4-krdc kde4-krfb utempter utempter-32bit utempter-x86 ext4dev-kmp-default ext4dev-kmp-pae ext4dev-kmp-ppc64 ext4dev-kmp-vmi ext4dev-kmp-xen kernel-kdump kernel-vmi kernel-vmi-base oracleasm-kmp-default kvm-kmp-default kvm-kmp-pae libHX13 libHX13-32bit libHX13-x86 libesmtp zlib-32bit zlib-x86 libpoppler4 libtheora0 libtheora0-32bit libtheora0-x86 libvolume_id1 open-iscsi perl-IO-Socket-SSL websphere-as_ce libcmpiutil libvirt-cim virt-viewer yast2-ldap-server ConsoleKit ConsoleKit-32bit ConsoleKit-x11 ConsoleKit-x86 apache2-mod_python arpwatch mozilla-kde4-integration firefox-libgcc_s1 gwenview kcolorchooser kruler ksnapshot libkexiv2-7 libkipi6 okular btrfs-kmp-default btrfs-kmp-pae btrfs-kmp-xen ext4dev-kmp-trace hyper-v-kmp-default hyper-v-kmp-pae hyper-v-kmp-trace libopenssl0_9_8-hmac-x86 libpciaccess0 libpciaccess0-32bit libpciaccess0-x86 libraptor1 man-pages firefox-gcc47 cxgb3-firmware perf perl-Config-General postfix postfix-doc postfix-mysql postgresql-init quota-nfs libpq5-x86 MozillaFirefox-branding-SLES-for-VMware gcc43-32bit libstdc++43-devel-32bit giflib-x86 jakarta-commons-collections jakarta-commons-collections-javadoc jakarta-commons-collections-tomcat5 kde4-l10n-bg kde4-l10n-ca kde4-l10n-csb kde4-l10n-el kde4-l10n-et kde4-l10n-eu kde4-l10n-fi kde4-l10n-ga kde4-l10n-gl kde4-l10n-hi kde4-l10n-is kde4-l10n-kk kde4-l10n-km kde4-l10n-ku kde4-l10n-lt kde4-l10n-lv kde4-l10n-mk kde4-l10n-ml kde4-l10n-nds kde4-l10n-nn kde4-l10n-pa kde4-l10n-ro kde4-l10n-sl kde4-l10n-th kde4-l10n-tr kde4-l10n-uk kde4-l10n-wa kernel-bigsmp-base iscsitarget-kmp-bigsmp ofed-kmp-bigsmp oracleasm-kmp-bigsmp krb5-plugins NetworkManager-kde4 NetworkManager-kde4-lang NetworkManager-kde4-libs NetworkManager-openvpn-kde4 NetworkManager-pptp-kde4 plasmoid-networkmanagement apport apport-crashdb-sle apport-gtk audiofile-32bit audiofile-x86 suseRegisterInfo cracklib-32bit cracklib-x86 fontconfig-x86 gnome-session gnome-session-lang intel-SINIT kernel-bigmem kernel-bigmem-base kernel-bigmem-devel lha libcap-ng-utils libcap-ng0 libcap-ng0-32bit db-doc db-utils db-utils-doc libdb-4_5-32bit libdb-4_5-x86 libical0 liblouis0 perl-Sys-Virt libncurses5-x86 libncurses6-x86 libsqlite3-0-x86 xorg-x11-libICE-32bit xorg-x11-libICE-x86 xorg-x11-libXdmcp-x86 xorg-x11-libXpm-32bit xorg-x11-libXpm-x86 yast2-storage-lib suse-cloud-release crowbar-barclamp-trove crowbar-barclamp-neutron openstack-neutron-doc openstack-neutron-ibm-agent openstack-neutron-mlnx-agent openstack-neutron-nec-agent openstack-neutron-nvsd-agent openstack-neutron-plugin-cisco openstack-neutron-restproxy-agent openstack-neutron-ryu-agent openstack-neutron-server novnc openstack-ceilometer-agent-central openstack-ceilometer-agent-ipmi openstack-ceilometer-agent-notification openstack-ceilometer-alarm-evaluator openstack-ceilometer-alarm-notifier openstack-ceilometer-api openstack-ceilometer-collector openstack-ceilometer-doc openstack-cinder-api openstack-cinder-backup openstack-cinder-doc openstack-cinder-scheduler openstack-glance openstack-glance-doc openstack-heat openstack-heat-api openstack-heat-api-cfn openstack-heat-api-cloudwatch openstack-heat-doc openstack-heat-engine openstack-keystone openstack-keystone-doc openstack-sahara openstack-sahara-api openstack-sahara-doc openstack-sahara-engine python-glance python-heat python-keystone python-oslo.i18n python-oslo.utils python-oslotest python-sahara python-six crowbar-barclamp-nova_dashboard openstack-dashboard python-django_openstack_auth python-horizon openstack-nova-api openstack-nova-cells openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-consoleauth openstack-nova-doc openstack-nova-novncproxy openstack-nova-objectstore openstack-nova-scheduler openstack-nova-serialproxy openstack-nova-vncproxy openstack-swift openstack-swift-account openstack-swift-container openstack-swift-doc openstack-swift-object openstack-swift-proxy python-swift openstack-trove openstack-trove-api openstack-trove-conductor openstack-trove-doc openstack-trove-guestagent openstack-trove-taskmanager python-trove python-Pillow python-openstackclient ruby2.1-rubygem-sprockets-2_11 ruby2.1-rubygem-actionpack-4_1 rubygem-actionpack-4_1 ruby2.1-rubygem-actionview-4_1 rubygem-actionview-4_1 ruby2.1-rubygem-activemodel-4_1 rubygem-activemodel-4_1 ruby2.1-rubygem-activerecord-4_1 rubygem-activerecord-4_1 ruby2.1-rubygem-activesupport-4_1 rubygem-activesupport-4_1 ruby2.1-rubygem-bson-1_11 ruby2.1-rubygem-easy_diff ruby2.1-rubygem-redcarpet rubygem-bson-1_11 rubygem-easy_diff rubygem-redcarpet rubygem-sprockets-2_11 ruby2.1-rubygem-rack suse-openstack-cloud-release couchdb crowbar-openstack openstack-heat-plugin-heat_docker openstack-heat-templates openstack-ironic openstack-ironic-api openstack-ironic-conductor python-ironic rabbitmq-server rabbitmq-server-plugins ruby2.1-rubygem-actionpack-4_2 ruby2.1-rubygem-actionview-4_2 ruby2.1-rubygem-activemodel-4_2 ruby2.1-rubygem-activerecord-4_2 ruby2.1-rubygem-activesupport-4_2 ruby2.1-rubygem-chef-expander ruby2.1-rubygem-chef-server ruby2.1-rubygem-chef-server-api ruby2.1-rubygem-chef-solr rubygem-chef-expander rubygem-chef-server-api rubygem-chef-solr ruby2.1-rubygem-extlib ruby2.1-rubygem-multi_xml ruby2.1-rubygem-rails-html-sanitizer ruby2.1-rubygem-railties-4_2 openstack-designate openstack-designate-agent openstack-designate-api openstack-designate-central openstack-designate-doc openstack-designate-sink openstack-ironic-doc openstack-neutron-vpnaas openstack-neutron-vpnaas-doc openstack-nova-docker openstack-tempest openstack-tempest-test python-designate python-neutron-vpnaas python-tempest openstack-ceilometer-polling openstack-manila openstack-manila-api openstack-manila-doc openstack-manila-scheduler openstack-manila-share openstack-neutron-fwaas openstack-neutron-fwaas-doc openstack-neutron-lbaas openstack-neutron-lbaas-doc openstack-resource-agents python-manila python-networking-cisco python-neutron-fwaas python-neutron-lbaas openstack-horizon-plugin-manila-ui python-horizon-plugin-manila-ui python-suds-jurko rubygem-actionview-4_2 ruby2.1-rubygem-actionmailer-4_2 ruby2.1-rubygem-activejob-4_2 ruby2.1-rubygem-rails-4_2 rubygem-actionmailer-4_2 rubygem-actionpack-4_2 rubygem-activejob-4_2 rubygem-activemodel-4_2 rubygem-activerecord-4_2 rubygem-activesupport-4_2 rubygem-rails-4_2 rubygem-rails-html-sanitizer rubygem-railties-4_2 python-defusedxml python-pysaml2 python-oslo.middleware python-XStatic-jquery-ui openstack-glance-api openstack-glance-glare openstack-glance-registry openstack-aodh openstack-aodh-api openstack-aodh-doc openstack-aodh-evaluator openstack-aodh-expirer openstack-aodh-listener openstack-aodh-notifier python-aodh monasca-installer storm storm-nimbus storm-supervisor openstack-nova-placement-api openstack-magnum openstack-magnum-api openstack-magnum-conductor openstack-magnum-doc python-magnum openstack-heat-test openstack-manila-data libQt5Bootstrap-devel-static-32bit libQt5Concurrent-devel-32bit libQt5Concurrent5-32bit libQt5Core-devel-32bit libQt5Core5-32bit libQt5DBus-devel-32bit libQt5DBus5-32bit libQt5Gui-devel-32bit libQt5Gui5-32bit libQt5Network-devel-32bit libQt5Network5-32bit libQt5OpenGL-devel-32bit libQt5OpenGL5-32bit libQt5OpenGLExtensions-devel-static-32bit libQt5PlatformSupport-devel-static-32bit libQt5PrintSupport-devel-32bit libQt5PrintSupport5-32bit libQt5Sql-devel-32bit libQt5Sql5-32bit libQt5Sql5-mysql-32bit libQt5Sql5-postgresql-32bit libQt5Sql5-sqlite-32bit libQt5Sql5-unixODBC-32bit libQt5Test-devel-32bit libQt5Test5-32bit libQt5Widgets-devel-32bit libQt5Widgets5-32bit libQt5Xml-devel-32bit libQt5Xml5-32bit libqt5-qtbase-examples libqt5-qtbase-examples-32bit libqt5-qtbase-platformtheme-gtk2 openSUSE-release MozillaFirefox-branding-upstream MozillaFirefox-buildsymbols MozillaFirefox-translations-common MozillaFirefox-translations-other GraphicsMagick-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2 ImageMagick-doc ImageMagick-extra android-tools aria2 aria2-lang avahi-autoipd bogofilter-common bogofilter-db claws-mail claws-mail-lang libgcc_s1-gcc48-32bit libgcj_bc1-gcc48 libstdc++6-gcc48-locale crash-kmp-xen cyradm dhcp-doc exif gcab gcab-lang libgcab-1_0-0 gimp-help-browser gimp-plugin-aa glibc-extra gnome-games gnome-games-recommended wdiff-lang htmldoc icedtea-web-javadoc jhead kdebase4-workspace-libs python-kdebase4 kdnssd kppp kernel-pv-devel kio-extras5 kwebkitpart kwebkitpart-lang klogd konversation konversation-lang libFS6 libbotan-1_10-1 libexiv2-14 systemd-logger liblightdm-gobject-1-0 lightdm lightdm-lang libminiupnpc10 libmono-2_0-1 libmono-2_0-devel libmonoboehm-2_0-1 libmonoboehm-2_0-devel libmonosgen-2_0-1 mono-mvc pango-tools pango-tools-32bit libpgf6 libproxy1-config-kde4 pulseaudio-bash-completion libraw10 libreoffice-icon-theme-breeze libreoffice-icon-theme-hicontrast libreoffice-icon-theme-oxygen libreoffice-icon-theme-sifr librsync2 python-SpiceClientGtk libthunarx-2-0 thunar thunar-lang libvirt-daemon-driver-uml libvirt-daemon-driver-vbox links monitoring-tools nano nano-lang nbd nbd-doc nspluginwrapper obs-service-set_version openconnect openconnect-devel plasma5-desktop plasma5-desktop-lang privoxy pwgen python3-dbm python3-tk system-config-printer-applet python3-pip python3-requests qemu-extra qemu-linux-user sddm sddm-branding-openSUSE tnftp transmission-common transmission-gtk transmission-gtk-lang unzip-doc viewvc virtualbox virtualbox-guest-kmp-default virtualbox-guest-tools virtualbox-guest-x11 virtualbox-host-kmp-default virtualbox-qt wireshark-ui-gtk nodejs nodejs-devel nodejs-doc nodejs-docs nodejs-npm libcrypto36 libcrypto36-32bit libressl libressl-devel libressl-devel-32bit libressl-devel-doc libssl37 libssl37-32bit libtls9 libtls9-32bit wireshark-ui-qt sudo-test audiofile-devel-32bit audiofile-doc libmount-devel-32bit libpotrace0 potrace potrace-devel bouncycastle bouncycastle-javadoc polkit-doc seamonkey seamonkey-dom-inspector seamonkey-irc seamonkey-translations-common seamonkey-translations-other xulrunner xulrunner-32bit xulrunner-devel roundcubemail cross-aarch64-gcc48-icecream-backend cross-armv6hl-gcc48-icecream-backend cross-armv7hl-gcc48-icecream-backend cross-hppa-gcc48-icecream-backend cross-i386-gcc48-icecream-backend cross-ia64-gcc48-icecream-backend cross-ppc-gcc48-icecream-backend cross-ppc64-gcc48-icecream-backend cross-ppc64le-gcc48-icecream-backend cross-s390-gcc48-icecream-backend cross-s390x-gcc48-icecream-backend gcc48-ada-32bit gcc48-testresults gdb gdb-testresults gdbserver libada48-32bit libatomic1-gcc48 libatomic1-gcc48-32bit libffi4-gcc48 libffi4-gcc48-32bit libffi48-devel-32bit libgcc_s1-gcc48 libgcj48-devel-32bit libgfortran3-gcc48 libgfortran3-gcc48-32bit libgomp1-gcc48 libgomp1-gcc48-32bit libitm1-gcc48 libitm1-gcc48-32bit libquadmath0-gcc48 libquadmath0-gcc48-32bit libstdc++48-doc libstdc++6-gcc48 libstdc++6-gcc48-32bit libtsan0-gcc48 java-1_7_0-openjdk-accessibility java-1_7_0-openjdk-bootstrap java-1_7_0-openjdk-bootstrap-devel java-1_7_0-openjdk-bootstrap-headless java-1_7_0-openjdk-javadoc java-1_7_0-openjdk-src putty xscreensaver-data-extra libminiupnpc-devel libminiupnpc10-32bit miniupnpc python-miniupnpc docker-bash-completion docker-test docker-zsh-completion strongswan-mysql strongswan-nm strongswan-sqlite libsndfile-progs libpng16-compat-devel-32bit libpng16-devel-32bit libpng16-tools libpng12-compat-devel-32bit libpng12-devel-32bit cyrus-imapd-snmp cyrus-imapd-snmp-mibs cyrus-imapd-utils linuxvnc kernel-debug kernel-debug-base kernel-debug-devel kernel-docs-html kernel-docs-pdf kernel-obs-qa kernel-obs-qa-xen kernel-pv kernel-pv-base kernel-source-vanilla kernel-vanilla kernel-vanilla-devel libmysql56client18 libmysql56client18-32bit libmysql56client_r18 libmysql56client_r18-32bit mysql-community-server mysql-community-server-bench mysql-community-server-client mysql-community-server-errormessages mysql-community-server-test mysql-community-server-tools libXfont-devel-32bit libXfont1-32bit quassel quassel-base quassel-client quassel-core quassel-mono ldb-tools libdcerpc-atsvc0-32bit libdcerpc-samr0-32bit libregistry0-32bit libsamba-policy0-32bit pyldb-32bit python-tdb-32bit python-tevent-32bit samba-pidl samba-python subversion-ruby bind-lwresd calibre fcitx-qt5 fcitx-qt5-32bit fcitx-qt5-devel frameworkintegration frameworkintegration-devel frameworkintegration-devel-32bit frameworkintegration-plugin frameworkintegration-plugin-32bit kwayland kwayland-32bit kwayland-devel kwayland-devel-32bit kwin5 kwin5-devel kwin5-lang libKF5Style5 libKF5Style5-32bit libKF5Style5-lang libQt53DCollision-devel libQt53DCollision5 libQt53DCollision5-32bit libQt53DCore-devel libQt53DCore5 libQt53DCore5-32bit libQt53DInput-devel libQt53DInput5 libQt53DInput5-32bit libQt53DLogic-devel libQt53DLogic5 libQt53DLogic5-32bit libQt53DQuick-devel libQt53DQuick5 libQt53DQuick5-32bit libQt53DQuickRenderer-devel libQt53DQuickRenderer5 libQt53DQuickRenderer5-32bit libQt53DRenderer-devel libQt53DRenderer5 libQt53DRenderer5-32bit libQt5Bluetooth5 libQt5Bluetooth5-32bit libQt5Bluetooth5-imports libQt5CLucene5 libQt5CLucene5-32bit libQt5Compositor5 libQt5Compositor5-32bit libQt5Declarative5 libQt5Declarative5-32bit libQt5Designer5 libQt5Designer5-32bit libQt5DesignerComponents5 libQt5DesignerComponents5-32bit libQt5Help5 libQt5Help5-32bit libQt5Location5 libQt5Location5-32bit libQt5Multimedia5 libQt5Multimedia5-32bit libQt5Nfc5 libQt5Nfc5-32bit libQt5Nfc5-imports libQt5Positioning5 libQt5Positioning5-32bit libQt5Script5 libQt5Script5-32bit libQt5Sensors5 libQt5Sensors5-32bit libQt5Sensors5-imports libQt5SerialPort5 libQt5SerialPort5-32bit libQt5Svg5 libQt5Svg5-32bit libQt5WaylandClient5 libQt5WaylandClient5-32bit libQt5WebChannel5 libQt5WebChannel5-32bit libQt5WebChannel5-imports libQt5WebKit5-32bit libQt5WebKit5-devel-32bit libQt5WebKitWidgets-devel-32bit libQt5WebKitWidgets5-32bit libQt5WebSockets5 libQt5WebSockets5-32bit libQt5WebSockets5-imports libQt5X11Extras5 libQt5X11Extras5-32bit libQt5XmlPatterns5 libQt5XmlPatterns5-32bit libQtQuick5-32bit libqt5-creator libqt5-linguist libqt5-linguist-devel libqt5-qt3d libqt5-qt3d-devel libqt5-qt3d-examples libqt5-qt3d-imports libqt5-qt3d-private-headers-devel libqt5-qtconnectivity libqt5-qtconnectivity-devel libqt5-qtconnectivity-devel-32bit libqt5-qtconnectivity-examples libqt5-qtconnectivity-private-headers-devel libqt5-qtconnectivity-tools libqt5-qtct libqt5-qtdeclarative-devel-32bit libqt5-qtdeclarative-examples libqt5-qtdoc libqt5-qtgraphicaleffects libqt5-qtimageformats libqt5-qtimageformats-32bit libqt5-qtimageformats-devel libqt5-qtlocation libqt5-qtlocation-devel libqt5-qtlocation-devel-32bit libqt5-qtlocation-examples libqt5-qtlocation-private-headers-devel libqt5-qtmultimedia libqt5-qtmultimedia-devel libqt5-qtmultimedia-devel-32bit libqt5-qtmultimedia-examples libqt5-qtmultimedia-private-headers-devel libqt5-qtquick1 libqt5-qtquick1-devel libqt5-qtquick1-devel-32bit libqt5-qtquick1-examples libqt5-qtquick1-private-headers-devel libqt5-qtquickcontrols libqt5-qtquickcontrols-examples libqt5-qtscript libqt5-qtscript-devel libqt5-qtscript-devel-32bit libqt5-qtscript-examples libqt5-qtscript-private-headers-devel libqt5-qtsensors libqt5-qtsensors-devel libqt5-qtsensors-devel-32bit libqt5-qtsensors-examples libqt5-qtsensors-private-headers-devel libqt5-qtserialport libqt5-qtserialport-devel libqt5-qtserialport-devel-32bit libqt5-qtserialport-private-headers-devel libqt5-qtsvg libqt5-qtsvg-devel libqt5-qtsvg-devel-32bit libqt5-qtsvg-examples libqt5-qtsvg-private-headers-devel libqt5-qttools libqt5-qttools-32bit libqt5-qttools-devel libqt5-qttools-devel-32bit libqt5-qttools-examples libqt5-qttools-private-headers-devel libqt5-qttranslations libqt5-qtwayland libqt5-qtwayland-32bit libqt5-qtwayland-devel libqt5-qtwayland-devel-32bit libqt5-qtwayland-examples libqt5-qtwayland-private-headers-devel libqt5-qtwebchannel libqt5-qtwebchannel-devel libqt5-qtwebchannel-devel-32bit libqt5-qtwebchannel-examples libqt5-qtwebchannel-private-headers-devel libqt5-qtwebengine libqt5-qtwebengine-32bit libqt5-qtwebengine-devel libqt5-qtwebengine-devel-32bit libqt5-qtwebengine-examples libqt5-qtwebengine-private-headers-devel libqt5-qtwebkit libqt5-qtwebkit-examples libqt5-qtwebsockets libqt5-qtwebsockets-devel libqt5-qtwebsockets-devel-32bit libqt5-qtwebsockets-examples libqt5-qtwebsockets-private-headers-devel libqt5-qtx11extras libqt5-qtx11extras-devel libqt5-qtx11extras-devel-32bit libqt5-qtxmlpatterns libqt5-qtxmlpatterns-devel libqt5-qtxmlpatterns-devel-32bit libqt5-qtxmlpatterns-examples libqt5-qtxmlpatterns-private-headers-devel lxqt-powermanagement lxqt-powermanagement-lang lxqt-qtplugin gummi gummi-lang claws-mail-devel grub2-branding-upstream grub2-i386-efi typo3-cms-4_7 pdns pdns-backend-ldap pdns-backend-lua pdns-backend-mydns pdns-backend-mysql pdns-backend-postgresql pdns-backend-sqlite3 ImageMagick-devel-32bit libMagick++-6_Q16-3-32bit libMagick++-devel-32bit libMagickWand-6_Q16-1-32bit typo3-cms-4_5 openldap2-back-sql openldap2-doc cracklib-devel-32bit libpwquality libpwquality-devel libpwquality-lang libpwquality-tools libpwquality1 pam_pwquality python-pwquality tomcat-embed tomcat-jsvc java-1_8_0-openjdk-accessibility java-1_8_0-openjdk-javadoc java-1_8_0-openjdk-src libstorage-python libstorage-testsuite libsrtp libsrtp-devel libsrtp1-32bit mariadb-bench mariadb-test gdk-pixbuf-devel-32bit ocaml-compiler-libs-devel ocaml-docs ocaml-emacs ocaml-source ocaml-x11 libtorrent-rasterbar libtorrent-rasterbar-devel libtorrent-rasterbar-doc libtorrent-rasterbar8 python-libtorrent-rasterbar drbd-kmp-pv hdjmod hdjmod-kmp-default hdjmod-kmp-pae hdjmod-kmp-pv hdjmod-kmp-xen ipset ipset-devel ipset-kmp-default ipset-kmp-pae ipset-kmp-pv ipset-kmp-xen libipset3 lttng-modules-kmp-pv pcfclock pcfclock-kmp-default pcfclock-kmp-pae pcfclock-kmp-pv vhba-kmp vhba-kmp-default vhba-kmp-pae vhba-kmp-pv vhba-kmp-xen opera openssh-cavs file-roller file-roller-lang nautilus-file-roller ctdb-tests gtk2-branding-SLED gtk2-branding-openSUSE gtk2-branding-upstream gtk2-engine-clearlooks gtk2-engine-clearlooks-32bit gtk2-engine-crux gtk2-engine-crux-32bit gtk2-engine-glide gtk2-engine-glide-32bit gtk2-engine-hcengine gtk2-engine-industrial gtk2-engine-industrial-32bit gtk2-engine-mist gtk2-engine-mist-32bit gtk2-engine-redmond95 gtk2-engine-redmond95-32bit gtk2-engine-thinice gtk2-engine-thinice-32bit gtk2-engines gtk2-engines-devel gtk2-immodule-amharic gtk2-immodule-amharic-32bit gtk2-immodule-inuktitut gtk2-immodule-inuktitut-32bit gtk2-immodule-multipress gtk2-immodule-multipress-32bit gtk2-immodule-thai gtk2-immodule-thai-32bit gtk2-immodule-vietnamese gtk2-immodule-vietnamese-32bit gtk2-immodule-xim gtk2-immodule-xim-32bit gtk2-immodules-tigrigna gtk2-immodules-tigrigna-32bit gtk2-theme-clearlooks gtk2-theme-crux gtk2-theme-industrial gtk2-theme-mist gtk2-theme-redmond95 gtk2-theme-thinice libcurl-devel-32bit libgcrypt-cavs libopenjpeg1-32bit openjpeg-devel-32bit php5-firebird php5-mssql libecpg6-32bit postgresql94-plperl postgresql94-plpython postgresql94-pltcl postgresql94-test npm libreoffice-gdb-pretty-printers libreoffice-glade libreoffice-gtk3 libreoffice-l10n-as libreoffice-l10n-bn libreoffice-l10n-br libreoffice-l10n-cy libreoffice-l10n-dz libreoffice-l10n-et libreoffice-l10n-eu libreoffice-l10n-fa libreoffice-l10n-ga libreoffice-l10n-gl libreoffice-l10n-he libreoffice-l10n-kk libreoffice-l10n-kn libreoffice-l10n-lv libreoffice-l10n-mai libreoffice-l10n-ml libreoffice-l10n-mr libreoffice-l10n-nr libreoffice-l10n-nso libreoffice-l10n-or libreoffice-l10n-pa libreoffice-l10n-si libreoffice-l10n-sl libreoffice-l10n-sr libreoffice-l10n-ss libreoffice-l10n-st libreoffice-l10n-ta libreoffice-l10n-te libreoffice-l10n-th libreoffice-l10n-tn libreoffice-l10n-tr libreoffice-l10n-ts libreoffice-l10n-ve libreoffice-sdk-doc libreofficekit-devel nss-myhostname nss-myhostname-32bit systemd-journal-gateway systemd-mini-sysvinit libX11-devel-32bit libXfixes-devel-32bit libXi-devel-32bit libXrandr-devel-32bit libXrender-devel-32bit libXtst-devel-32bit libXv-devel-32bit libXvMC-devel-32bit libXvMC1-32bit dbus-1-devel-32bit libGraphicsMagick++-Q16-11 libGraphicsMagick++-devel guile1 libguile-srfi-srfi-1-v-3-3 libguile-srfi-srfi-13-14-v-3-3 libguile-srfi-srfi-4-v-3-3 libguile-srfi-srfi-60-v-2-2 libguile1-devel libguile17 libguilereadline-v-17-17 qemu-testsuite python-ipa_hbac python-sss_nss_idmap libraw-tools privoxy-doc monit monit-doc dovecot22-fts dovecot22-fts-lucene dovecot22-fts-solr dovecot22-fts-squat gnuchess bash-loadables pitivi pitivi-lang containerd-ctr containerd-test runc-test tar-backup-scripts tar-tests libarchive13-32bit libass5-32bit libpcre16-0-32bit libpcreposix0-32bit pcre-doc apache-commons-dbcp apache-commons-dbcp-javadoc apache-commons-pool2 apache-commons-pool2-javadoc w3m-inline-image ruby2.1-rubygem-rails-html-sanitizer-doc ruby2.1-rubygem-rails-html-sanitizer-testsuite gstreamer-0_10-plugins-bad-32bit gstreamer-0_10-plugins-bad-doc libgstcodecparsers-0_10-23-32bit python-Twisted-doc gstreamer-plugins-bad-32bit gstreamer-plugins-bad-doc libgstbadbase-1_0-0-32bit libgstbadvideo-1_0-0-32bit libgstbasecamerabinsrc-1_0-0-32bit libgstcodecparsers-1_0-0-32bit libgstgl-1_0-0-32bit libgstinsertbin-1_0-0-32bit libgstmpegts-1_0-0-32bit libgstphotography-1_0-0-32bit libgsturidownloader-1_0-0-32bit libgstwayland-1_0-0 libgstwayland-1_0-0-32bit ruby2.1-rubygem-mail-2_5 ruby2.1-rubygem-mail-doc-2_5 rubygem-mail-2_4-doc rubygem-mail-2_5 shellinabox libGraphicsMagick++-Q16-12 ruby2.1-rubygem-actionpack-doc-4_2 ruby2.1-rubygem-actionview-doc-4_2 ruby2.1-rubygem-activemodel-doc-4_2 ruby2.1-rubygem-activerecord-doc-4_2 ruby2.1-rubygem-activesupport-doc-4_2 cacti cacti-spine libnettle-devel-32bit nettle libvlc5 libvlccore8 vlc vlc-devel vlc-gnome vlc-noX vlc-noX-lang vlc-qt glibc-devel-static-32bit glibc-obsolete glibc-testsuite glibc-utils glibc-utils-32bit obs-service-download_files obs-service-extract_file obs-service-recompress obs-service-verify_file postgresql93-plperl postgresql93-plpython postgresql93-pltcl postgresql93-test attica-qt5 attica-qt5-devel attica-qt5-devel-32bit baloo5 baloo5-devel baloo5-file baloo5-imports baloo5-kioslaves baloo5-lang baloo5-tools bluez-qt bluez-qt-devel bluez-qt-imports bluez-qt-udev breeze5-icons extra-cmake-modules kactivities5 kactivities5-devel kactivities5-devel-32bit kactivities5-imports kapidox kbookmarks kbookmarks-devel kbookmarks-devel-32bit kcmutils kcmutils-devel kcmutils-devel-32bit kcodecs kcodecs-devel kcodecs-devel-32bit kcompletion kcompletion-devel kcompletion-devel-32bit kconf_update5 kconfig kconfig-devel kconfig-devel-32bit kconfigwidgets kconfigwidgets-devel kconfigwidgets-devel-32bit kcrash kcrash-devel kcrash-devel-32bit kdbusaddons kdbusaddons-devel kdbusaddons-devel-32bit kdbusaddons-tools kdeclarative kdeclarative-components kdeclarative-components-32bit kdeclarative-devel kdeclarative-devel-32bit kdeclarative-tools kded kded-devel kded-lang kdelibs4support kdelibs4support-32bit kdelibs4support-devel kdelibs4support-devel-32bit kdelibs4support-lang kdesignerplugin kdesignerplugin-devel kdesignerplugin-lang kdesu kdesu-devel kdesu-devel-32bit kdewebkit kdewebkit-devel kdewebkit-devel-32bit kdnssd-framework kdnssd-framework-devel kdnssd-framework-devel-32bit kdoctools kdoctools-devel kdoctools-lang kemoticons kemoticons-devel kemoticons-devel-32bit kfilemetadata5 kfilemetadata5-32bit kfilemetadata5-devel kfilemetadata5-lang kglobalaccel kglobalaccel-devel kglobalaccel-devel-32bit kglobalaccel5 kguiaddons kguiaddons-devel kguiaddons-devel-32bit khtml khtml-devel khtml-devel-32bit ki18n ki18n-devel ki18n-devel-32bit kiconthemes kiconthemes-devel kiconthemes-devel-32bit kidletime kidletime-devel kidletime-devel-32bit kimageformats kimageformats-32bit kinit-32bit kitemmodels kitemmodels-devel kitemmodels-devel-32bit kitemviews kitemviews-devel kitemviews-devel-32bit kjobwidgets kjobwidgets-devel kjobwidgets-devel-32bit kjs kjs-devel kjs-devel-32bit kjsembed kjsembed-devel kjsembed-devel-32bit kmediaplayer kmediaplayer-devel kmediaplayer-devel-32bit knewstuff knewstuff-devel knewstuff-devel-32bit knotifications knotifications-devel knotifications-devel-32bit knotifyconfig knotifyconfig-devel knotifyconfig-devel-32bit kpackage kpackage-32bit kpackage-devel kpackage-devel-32bit kpackage-lang kparts kparts-devel kparts-devel-32bit kpeople5 kpeople5-32bit kpeople5-devel kpeople5-devel-32bit kpeople5-lang kplotting kplotting-devel kplotting-devel-32bit kpty kpty-devel kpty-devel-32bit kross kross-32bit kross-devel kross-devel-32bit kross-lang krunner krunner-devel krunner-devel-32bit kservice kservice-32bit kservice-devel kservice-devel-32bit kservice-lang kssl ktexteditor ktexteditor-32bit ktexteditor-devel ktexteditor-devel-32bit ktexteditor-lang ktextwidgets ktextwidgets-devel ktextwidgets-devel-32bit kunitconversion kunitconversion-devel kunitconversion-devel-32bit kwallet kwallet-devel kwallet-devel-32bit kwallet-tools kwallet-tools-lang kwalletd5 kwalletd5-lang kwidgetsaddons kwidgetsaddons-devel kwidgetsaddons-devel-32bit kwindowsystem kwindowsystem-devel kwindowsystem-devel-32bit kxmlgui kxmlgui-devel kxmlgui-devel-32bit kxmlrpcclient5 kxmlrpcclient5-devel kxmlrpcclient5-devel-32bit libKF5Activities5 libKF5Activities5-32bit libKF5Activities5-lang libKF5Attica5 libKF5Attica5-32bit libKF5Baloo5 libKF5Baloo5-32bit libKF5BalooEngine5 libKF5BalooEngine5-32bit libKF5BluezQt6 libKF5Bookmarks5 libKF5Bookmarks5-32bit libKF5Bookmarks5-lang libKF5CalendarEvents5 libKF5CalendarEvents5-32bit libKF5Codecs5 libKF5Codecs5-32bit libKF5Codecs5-lang libKF5Completion5 libKF5Completion5-32bit libKF5Completion5-lang libKF5ConfigCore5 libKF5ConfigCore5-32bit libKF5ConfigCore5-lang libKF5ConfigGui5 libKF5ConfigGui5-32bit libKF5ConfigWidgets5 libKF5ConfigWidgets5-32bit libKF5ConfigWidgets5-lang libKF5Crash5 libKF5Crash5-32bit libKF5DBusAddons5 libKF5DBusAddons5-32bit libKF5DBusAddons5-lang libKF5DNSSD5 libKF5DNSSD5-32bit libKF5DNSSD5-lang libKF5Declarative5 libKF5Declarative5-32bit libKF5Declarative5-lang libKF5Emoticons5 libKF5Emoticons5-32bit libKF5GlobalAccel5 libKF5GlobalAccel5-32bit libKF5GlobalAccel5-lang libKF5GlobalAccelPrivate5 libKF5GuiAddons5 libKF5GuiAddons5-32bit libKF5I18n5 libKF5I18n5-32bit libKF5I18n5-lang libKF5IconThemes5 libKF5IconThemes5-32bit libKF5IconThemes5-lang libKF5IdleTime5 libKF5IdleTime5-32bit libKF5ItemModels5 libKF5ItemModels5-32bit libKF5ItemViews5 libKF5ItemViews5-32bit libKF5ItemViews5-lang libKF5JS5 libKF5JS5-32bit libKF5JSApi5 libKF5JSApi5-32bit libKF5JobWidgets5 libKF5JobWidgets5-32bit libKF5JobWidgets5-lang libKF5JsEmbed5 libKF5JsEmbed5-32bit libKF5JsEmbed5-lang libKF5KCMUtils5 libKF5KCMUtils5-32bit libKF5KCMUtils5-lang libKF5KDELibs4Support5 libKF5KDELibs4Support5-32bit libKF5KHtml5 libKF5KHtml5-32bit libKF5KHtml5-lang libKF5MediaPlayer5 libKF5MediaPlayer5-32bit libKF5ModemManagerQt libKF5ModemManagerQt-devel libKF5ModemManagerQt6 libKF5NetworkManagerQt libKF5NetworkManagerQt-devel libKF5NetworkManagerQt-devel-32bit libKF5NetworkManagerQt6 libKF5NetworkManagerQt6-32bit libKF5NewStuff5 libKF5NewStuff5-32bit libKF5NewStuff5-lang libKF5Notifications5 libKF5Notifications5-32bit libKF5Notifications5-lang libKF5NotifyConfig5 libKF5NotifyConfig5-32bit libKF5NotifyConfig5-lang libKF5Parts5 libKF5Parts5-32bit libKF5Parts5-lang libKF5Plotting5 libKF5Plotting5-32bit libKF5Pty5 libKF5Pty5-32bit libKF5Pty5-lang libKF5QuickAddons5 libKF5QuickAddons5-32bit libKF5Runner5 libKF5Runner5-32bit libKF5Solid5 libKF5Solid5-32bit libKF5Solid5-lang libKF5SonnetCore5 libKF5SonnetCore5-32bit libKF5SonnetCore5-lang libKF5SonnetUi5 libKF5SonnetUi5-32bit libKF5Su5 libKF5Su5-32bit libKF5Su5-lang libKF5TextWidgets5 libKF5TextWidgets5-32bit libKF5TextWidgets5-lang libKF5ThreadWeaver5 libKF5ThreadWeaver5-32bit libKF5UnitConversion5 libKF5UnitConversion5-32bit libKF5UnitConversion5-lang libKF5Wallet5 libKF5Wallet5-32bit libKF5WebKit5 libKF5WebKit5-32bit libKF5WidgetsAddons5 libKF5WidgetsAddons5-32bit libKF5WidgetsAddons5-lang libKF5WindowSystem5 libKF5WindowSystem5-32bit libKF5WindowSystem5-lang libKF5XmlGui5 libKF5XmlGui5-32bit libKF5XmlGui5-lang libKF5XmlRpcClient5 libKF5XmlRpcClient5-32bit libKF5XmlRpcClient5-lang libkwalletbackend5-5 libkwalletbackend5-5-32bit oxygen5-icon-theme oxygen5-icon-theme-large oxygen5-icon-theme-scalable plasma-framework plasma-framework-32bit plasma-framework-components plasma-framework-components-32bit plasma-framework-devel plasma-framework-devel-32bit plasma-framework-lang plasma-framework-private plasma-framework-private-32bit solid solid-devel solid-devel-32bit solid-imports solid-tools sonnet sonnet-devel sonnet-devel-32bit threadweaver threadweaver-devel threadweaver-devel-32bit gajim gajim-lang libpng15-15-32bit libnghttp2-devel libnghttp2_asio-devel libnghttp2_asio1 nghttp2 nghttp2-doc python-nghttp2 salt-fish-completion salt-raet libotr-tools libotr2-devel libotr2-tools exim eximon eximstats-html libssh4-32bit python-Pillow-tk libjavascriptcoregtk-4_0-18-32bit libwebkit2gtk-4_0-37-32bit typelib-1_0-WebKit2WebExtension-4_0 webkit-jsc-4 bsh2-bsf bsh2-demo bsh2-manual bsh2-src git-credential-gnome-keyring cgit libebml libebml-devel libebml4 libebml4-32bit libmatroska libmatroska-devel libmatroska6 libmatroska6-32bit dropbear libjavascriptcoregtk-3_0-0-32bit libwebkitgtk-3_0-0-32bit webkit-jsc-1 webkit-jsc-3 clamav-database mercurial-lang optipng gcc5-go-32bit gcc5-testresults libgo7-32bit atheme atheme-devel libathemecore1 proftpd proftpd-devel proftpd-doc proftpd-lang proftpd-ldap proftpd-mysql proftpd-pgsql proftpd-radius proftpd-sqlite gdk-pixbuf-loader-rsvg-32bit python-virtualbox virtualbox-devel virtualbox-guest-desktop-icons virtualbox-host-source virtualbox-websrv cups-filters-devel libexpat-devel-32bit iproxy libimobiledevice-doc libimobiledevice6-32bit libusbmuxd libusbmuxd4-32bit python-imobiledevice libpoppler-qt5-1 libpoppler-qt5-devel poppler-qt5 libvirt-daemon-uml libvirt-daemon-vbox libvirt-login-shell libtasn1-devel-32bit libav libav-tools libavcodec-libav-devel libavcodec-libav56 libavdevice-libav-devel libavdevice-libav55 libavfilter-libav-devel libavfilter-libav5 libavformat-libav-devel libavformat-libav56 libavresample-libav-devel libavresample-libav2 libavutil-libav-devel libavutil-libav54 libswscale-libav-devel libswscale-libav3 libgimp-2_0-0-32bit libgimpui-2_0-0-32bit spice-client libircclient libircclient-devel libircclient-doc libircclient1 cronic hunspell-static libetonyek-tools libixion-python3 libixion-tools liborcus-python3 liborcus-tools libvisio-tools libwps-tools mdds-1_0 mdds-1_0-devel myspell-an myspell-an_ES myspell-br_FR myspell-gd_GB myspell-gl myspell-gl_ES myspell-gug myspell-gug_PY myspell-is myspell-is_IS myspell-kmr_Latn myspell-kmr_Latn_SY myspell-kmr_Latn_TR myspell-ne_NP myspell-oc_FR myspell-si_LK myspell-sw_TZ apache2-event gnugk h323plus h323plus-devel libh323-1_26_5 mupdf mupdf-devel-static bsdiff libpcre2-16-0 libpcre2-16-0-32bit libpcre2-32-0 libpcre2-32-0-32bit libpcre2-8-0 libpcre2-8-0-32bit libpcre2-posix1 libpcre2-posix1-32bit pcre2 pcre2-devel pcre2-devel-static pcre2-doc pcre2-tools sqlite3-doc harfbuzz harfbuzz-devel harfbuzz-tools libharfbuzz-icu0 libharfbuzz-icu0-32bit libharfbuzz0 libharfbuzz0-32bit libpython3_4m1_0-32bit python3-32bit python3-base-32bit python3-doc python3-doc-pdf python3-idle python3-testsuite python3-tools icinga icinga-devel icinga-doc icinga-idoutils icinga-idoutils-mysql icinga-idoutils-oracle icinga-idoutils-pgsql icinga-plugins-downtimes icinga-plugins-eventhandlers icinga-www icinga-www-config icoutils libpcscspy0-32bit libgit2-22 libgit2-22-32bit libgme0-32bit xtrabackup xtrabackup-test libXvnc-devel gstreamer-0_10-plugin-esd gstreamer-0_10-plugin-esd-32bit gstreamer-0_10-plugins-good-32bit gstreamer-0_10-plugins-good-extra gstreamer-0_10-plugins-good-extra-32bit gstreamer-0_10-plugin-gnomevfs liblcms2-2-32bit liblcms2-devel-32bit liblcms2-doc bzrtp bzrtp-devel libbzrtp0 libbzrtp0-32bit libgnutls-devel-32bit libcrypto37 libcrypto37-32bit libssl38 libssl38-32bit libtls10 libtls10-32bit libplist++3-32bit libplist3-32bit plistutil python-plist postfixadmin ffmpeg3 libvmtools-devel libopus0-32bit firebird-32bit firebird-doc firebird-superserver libfbclient2-32bit libfbembed2_5-32bit profanity profanity-mini profanity-standard libquicktime-tools libquicktime0-32bit syncthing syncthing-gtk syncthing-gtk-lang libXpm-devel-32bit gstreamer-plugins-base-32bit gstreamer-plugins-base-doc libgstallocators-1_0-0-32bit libgstriff-1_0-0-32bit libgstrtp-1_0-0-32bit libgstrtsp-1_0-0-32bit libgstsdp-1_0-0-32bit gstreamer-32bit gstreamer-doc munin munin-node cacti-doc perl-Image-Info bitlbee bitlbee-devel bitlbee-doc pax-utils libmxml1-32bit mxml-devel qbittorrent qbittorrent-nox partclone partclone-lang libruby2_2-2_2 libruby2_3-2_3 ruby2.2 ruby2.2-devel ruby2.2-devel-extra ruby2.2-doc ruby2.2-doc-ri ruby2.2-stdlib ruby2.2-tk ruby2.3 ruby2.3-devel ruby2.3-devel-extra ruby2.3-doc ruby2.3-doc-ri ruby2.3-stdlib ruby2.3-tk apparmor-abstractions apparmor-parser-lang apparmor-utils-lang python3-apparmor ruby-apparmor slrn slrn-lang zlib-devel-static-32bit gstreamer-plugins-good-32bit gstreamer-plugins-good-doc gstreamer-plugins-good-extra gstreamer-plugins-good-extra-32bit backintime backintime-lang backintime-qt4 ruby2.1-devel-extra ruby2.1-doc ruby2.1-doc-ri feh dpkg-devel dpkg-lang libzzip-0-13-32bit zziplib-devel-32bit libpcap-devel-32bit libpcap-devel-static libcrypto41 libcrypto41-32bit libssl43 libssl43-32bit libtls15 libtls15-32bit swftools rzip encfs encfs-lang 0:5.20.0-5.2 12.1 0:53.0.2785.89-96.1 12 0:0.8.20-9.1 0:54.0.2840.59-109.1 0:1.5.4-1.10 5 0:2014.2.3.dev13-1.1 0:2014.2.2.dev26-3.1 0:1.6.4-0.7.1 0:1.0.0-14.1 0:2.6.1-1.18 0:2.6.3-2.20 0:2.3.0-1.6 0:10.32.2-3.1 0:6.8.8.1-5.21 0:31.1.0esr-1.20 0:13.2+git20140911.61c1681-1.16 0:0.6.35-1.126 0:1.0.27.2-11.10 0:1.6.3-1.179 0:0.6.31-20.59 0:4.2-75.2 0:6.2-75.2 0:9.9.5P1-1.10 0:1.2.4-3.56 0:1.0.6-27.1129 0:6.4-3.5 0:0.98.4-1.46 0:1.1.7-2.42 0:0.1.25-3.113 0:1.1.0-147.71 0:8.22-5.17 0:2.11-26.182 0:1.27.1-2.22 0:4.8.3+r212056-6.3 0:4.2-55.3 0:1.4.11-55.3 0:1.7.5-2.7 0:1.0.58-2.6 0:0.2.5-3.75 0:7.37.0-2.5 0:1.12.12-181.63 0:2.1.26-7.1 0:1.8.8-1.5 0:1.8.8-1.12 0:0.100.2-3.58 0:4.2.6-7.3 0:0.97.2-13.253 0:037-34.4 0:103-5.35 0:0.158-3.200 0:24.3-14.44 0:3.10.3-1.131 0:3.10.3-1.213 0:2.1.0-13.232 0:2.0.2-1.6 0:6.3.26-5.18 0:5.19-2.149 0:2.10.9-5.15 0:11.2.202.406-1.3 0:1.0.2-7.9 0:2.5.3-2.11 0:2.9.3-3.65 0:1.1.36-54.100 0:2.1.0-3.12 0:2.30.6-1.23 0:2.40.2-1.13 0:3.10.0.1-13.3 0:2.8.10-1.164 0:2.38.2-5.12 0:2.19-17.72 0:3.10.1-4.1 0:3.10.5-1.11 0:3.10.4-22.13 0:3.2.15-1.8 0:2.0.24-1.5 0:1.5.1-1.12 0:1.22.2-5.429 0:7.4.326-2.62 0:1.6-7.392 0:1.0-6.45 0:3.14.6-3.14 0:1.4.10.1-2.25 0:1.5.0-2.13 0:s20121221-2.19 0:1.7.0.65-3.7 0:1.5.1-1.13 0:1.15.5-7.12 0:3.12.28-4.6 0:1.12.1-6.3 0:1.0.3-1.5 0:1.19-17.31 0:3.18-1.19 0:2.1.0-4.5 0:1.6.2-4.12 0:1.0.7-3.54 0:1.1.14-3.60 0:1.3.2-3.61 0:5.0.1-3.53 0:1.4.7-2.9 0:1.7.2-3.62 0:1.1.3-3.55 0:1.0.2-3.58 0:1.4.2-3.56 0:0.9.8-3.56 0:1.1.4-3.59 0:1.2.2-3.60 0:1.0.10-3.57 0:1.0.8-3.57 0:1.1.3-3.54 0:1.2.0-1.5 0:2.25-6.69 0:2.25-6.5 0:2.25-6.1 0:0.41.rc1-1.30 0:4.1.12-3.2 0:1.1.3-3.52 0:9.3.5-2.3 0:9.3.5-2.24 0:2.0.21-4.1 0:0.6.21-6.4 0:2.5.2.26539-13.42 0:3.16.4-5.2 0:2.5.3-2.18 0:1.11.4-1.12 0:7.2d-3.77 0:1.6.1-9.1 0:1.0.0-352.84 0:0.4-3.83 0:210-44.1 0:0.15.1b-182.58 0:1.11.5.1-5.20 0:2.2.7-3.63 0:2.0-12.13 0:0.11-2.22 0:2.4.2-14.60 0:5.2.2-4.2 0:2.08-1.13 0:3.2.0-4.59 0:0.6.2-15.8 0:0.8.8.4-13.69 0:0.4-3.64 0:2.1.5-27.86 0:10.0.11-6.4 0:0.30.0-3.65 0:0.9.8j-59.11 0:1.0.1i-2.12 0:1.36.3-4.14 0:1.8.10-3.7 0:1.2.50-8.21 0:1.6.8-2.24 0:0.112-2.189 0:0.24.4-3.14 0:0.24.4-3.13 0:0.4.11-11.2 0:0.4.11-11.6 0:5.0-2.7 0:2.7.7-2.36 0:3.4.1-2.38 0:4.8.6-2.11 0:4.8.6-2.6 0:2.0.10-3.67 0:0.15.4-3.88 0:4.3.1.2-3.7 0:0.19-16.56 0:1.1.10-24.128 0:0.4.8-18.63 0:1.0.25-18.75 0:5.7.2.1-3.8 0:2.44.2-1.46 0:0.25-3.4 0:0.6.3-1.4 0:1.9.1-1.265 0:3.7-2.13 0:4.0.3-9.78 0:2.1.3-1.14 0:1.2.5-13.3 0:1.3.3-8.23 0:0.28.2-17.83 0:1.10-1.21 0:3.1.1-1.6 0:2.9.1-6.2 0:0.1.6-1.19 0:0.11.1-4.62 0:4.0.4-2.1 0:3.8.7-3.21 0:1.4.16-15.74 0:2.0.2.umip.0.4-19.77 0:4.10.7-1.13 0:1.5.21-44.38 0:4.2.6p5-24.3 0:0.13.0-1.122 0:2.0.0-2.9 0:6.6p1-4.6 0:1.1.8-11.57 0:12.1-23.12 0:2.4.4-4.5 0:2.0-1.40 0:2.7.1-5.191 0:1.4.14-1.45 0:5.18.2-3.7 0:2.82-3.14 0:3.71-1.178 0:6.04-5.4 0:804.031-3.82 0:0.38-7.61 0:4.0.0-6.18 0:2.4.7-1.7 0:3.22-267.12 0:3.6.2-3.62 0:2.7.7-2.12 0:3.4.1-2.76 0:1.4.5-1.5 0:1.1.7-21.15 0:0.14-1.7 0:0.7.0-4.7 0:2.0.0-40.7 0:1.0.0-40.7 0:1.7.4-40.7 0:8-40.7 0:1.9.7-2.17 0:3.0.2-1.92 0:3.1.0-2.7 0:8.4.0-2.2 0:0.11_git201205151338-8.17 0:2.1-1.6 0:0.7-14.2 0:1.7.2.4-1.2 0:4.3-1.15 0:5.1.3-4.1 0:1.8.10p3-1.62 0:0.83.7-2.1 0:2.0-778.1 0:2.88+-94.13 0:5.1.1-1.17 0:0.18.1-3.268 0:0.2.0-1.62 0:5.2-8.84 0:1.3.0-17.3 0:2.3.1-4.95 0:3.10.1-1.86 0:1.4.0-16.9 0:0.5.3-153.145 0:1.2.1-3.64 0:1.14-4.83 0:1.10.9-1.11 0:2.7.0-264.133 0:4.4.1_06-2.2 0:4.4.1_06_k3.12.28_4-2.2 0:2.99.914-4.1 0:2.3.15-7.7 0:5.43-5.33 0:7.6_1-14.17 0:1.1.0-3.58 0:7.6-45.14 0:7.6_1.15.2-12.17 0:3.1.108-1.16 0:3.1.11-1.9 0:2.10-1020.62 0:1.7.1-4.1 0:6.8.8.1-8.2 0:38.4.0esr-51.1 0:13.2+git20140911.61c1681-9.1 0:0.6.35-3.10 0:5.0.9-8.1 0:9.9.6P1-30.2 0:2.25.0-13.1 0:1.21.1-3.3 0:6.4-6.4 0:0.98.7-13.1 0:1.1.7-5.3 0:8.22-9.1 0:2.11-29.1 0:4.8.5-24.1 0:4.2-58.3 0:1.4.11-58.3 0:1.7.5-9.1 0:1.0.58-8.1 0:7.37.0-15.1 0:1.8.16-14.1 0:4.3.3-2.2 0:2.71-8.3 0:037-66.2 0:1.42.11-7.1 0:0.158-6.1 0:2.0.2-6.1 0:5.19-9.1 0:2.10.9-8.1 0:11.2.202.548-111.1 0:2.5.5-7.5.1 0:2.9.3-5.1 0:2.1.0-5.1 0:3.10.0.1-23.1 0:2.19-31.9 0:3.10.1-11.1 0:3.10.2-20.1 0:3.10.4-40.1 0:3.2.15-11.1 0:0.10.23-17.1 0:6-11.1 0:52.1-7.1 0:1.7.0.91-21.2 0:1.6.1-2.3.1 0:1.6.1-2.4.21 0:1.8.0.65-1.13 0:1.15.5-8.4.1 0:3.12.49-11.1 0:1.12.1-19.1 0:1.3.0-6.1 0:5.3.2-1.81 0:1.4.7-4.1 0:1.7.4-9.2 0:3.1.2-9.1 0:1.2.0-3.1 0:2.25-30.1 0:2.25-30.4 0:0.41.rc1-4.1 0:4.2.4-4.19 0:9.4.5-4.1 0:9.4.5-4.5 0:3.19.2.1-29.1 0:1.6.1-16.1 0:210-83.2 0:1.11.5.1-14.1 0:1.900.1-170.1 0:2.4.8-16.2 0:1.3.1-30.3 0:62.1.0-30.1 0:1.3.1-30.1 0:8.0.2-30.3 0:1.3.0-9.1 0:3.1.2-7.1 0:0.4-10.1 0:10.0.21-1.17 0:0.9.8j-81.1 0:1.0.1i-34.1 0:1.5.22-2.2 0:1.6.8-5.1 0:0.113-4.1 0:2.7.9-20.6 0:3.4.1-12.1 0:4.8.6-4.2 0:4.8.6-4.1 0:5.0.2.2-13.14 0:2.1.2-9.1 0:1.0.25-21.1 0:5.7.3-4.2 0:0.29-1.4 0:0.12.5-2.2 0:1.4.3-11.1 0:0.6.3-8.1 0:3.7-4.1 0:4.0.4-12.2 0:0.8-3.1 0:1.2.18.1-4.22 0:0.2.8.4-242.3 0:3.1.1-4.1 0:2.9.1-10.1 0:0.1.6-7.1 0:0.11.1-9.1 0:4.0.4-13.1 0:12.5-25.15 0:4.10.10-9.1 0:1.5.21-49.1 0:4.2.8p4-1.3 0:2.0.0-5.1 0:6.6p1-29.1 0:2.3.8-16.3.1 0:9.20.1-3.2 0:1.1.8-14.1 0:2.7.5-7.1 0:2.0019-5.3 0:0.38-10.1 0:2.3-5.1 0:2.7.9-20.2 0:2.3.0-6.5.2 0:2.3.1-5.7 0:1.0.0-5.7 0:1.8.1-5.7 0:8-5.7 0:0.2.1_rc4-16.2 0:4.11.2-10.1 0:8.4.0-8.3 0:1.4.8-8.2 0:0.9-2.14 0:5.1.3-18.1 0:0.83.8-7.1 0:1.27.1-4.1 0:4.5.1-7.1 0:5.2-10.3 0:1.4.3-7.2 0:6.00-32.1 0:1.4.0-26.1 0:1.14-7.1 0:1.12.7-15.1 0:2.2-8.1 0:20140630-5.1 0:4.5.1_12-2.3 0:4.5.1_12_k3.12.49_11-2.3 0:2.99.914-7.1 0:7.6_1.15.2-36.21 0:3.1.155-1.13 0:3.1.18-1.5 0:1.7.1-6.1 12.2 0:6.8.8.1-33.1 0:45.4.0esr-81.1 0:1.0.12-8.6 0:13.2+git20140911.61c1681-28.1 0:0.6.42-14.2 0:1.6.3-3.3 0:3.1.14-7.3 0:4.8.6+2.3.3-3.1 0:2.32.1-16.1 0:4.12.0-7.3 0:10.66.3-4.1 0:1.2.0-10.1 0:5.0.9-21.6 0:0.6.32-30.36 0:4.3-78.39 0:6.3-78.39 0:9.9.9P1-46.1 0:2.26.1-9.12.1 0:1.2.4-5.3 0:1.0.6-29.2 0:6.5-8.9 0:0.99.2-25.1 0:1.3.3-10.14 0:0.1.26-6.3 0:8.25-12.8 0:4.8.5-30.1 0:2.9.0-7.1 0:5.8-7.1 0:1.7.5-12.4 0:1.0.58-13.1 0:7.37.0-28.1 0:1.8.16-19.1 0:4.3.3-9.1 0:0.97.3-15.63 0:2.71-10.1 0:3.0.26-6.5 0:044-87.1 0:103-7.1 0:24.3-16.32 0:3.12.12-5.12 0:3.20.4-7.7 0:3.20.1-5.66 0:2.1.0-17.1 0:6.3.26-12.3 0:2.11.0-12.5 0:2.11.1-7.1 0:2.0.0~git.1463131968.4e66df7-11.69 0:2.6.3-7.8.3 0:2.1.0-12.1 0:2.34.0-16.2 0:2.40.15-4.5 0:3.10.0.1-52.5 0:9.15-6.5 0:2.8.18-4.7 0:2.48.2-10.2 0:2.22-49.16 0:3.20.0-27.2 0:3.20.4-7.2 0:3.20.1-40.5 0:3.20.4-70.4 0:2.0.24-3.2 0:2.02~beta2-104.16 0:0.10.23-20.51 0:2.24.31-7.11 0:7-13.1 0:1.4.14-4.11 0:1.5.0-7.10 0:1.2.0-7.31 0:1.7.0.111-33.1 0:1.8.0.101-14.3 0:1.15.5-8.7.1 0:0.8.15-28.5 0:4.4.21-69.1 0:1.12.5-39.1 0:0.2.0-5.1 0:1.3.0-11.1 0:5.6.1-11.7 0:5.6.1-9.4 0:1.5.1-10.3 0:1.5.0-6.2 0:1.6.0-12.6 0:3.1.2-22.1 0:5.3.1+r233831-9.1 0:2.28-40.28 0:2.28-40.17 0:2.28-40.1 0:4.2.4-26.2 0:4.4.2-29.4 0:9.4.9-14.1 0:3.21.1-46.2 0:2.6.3-7.8.2 0:1.6.1-16.33.1 0:5.0.5-12.1 0:2.0.0-353.6.2 0:1.3.1-6.1 0:0.9-6.24 0:2.7.1-9.1 0:1.28-4.1 0:1.13.4-18.10 0:2.4.11-23.20 0:2.12.5-1.12 0:1.3.0-23.1 0:2.4.41-18.25.1 0:1.1.26-10.4 0:0.4-14.4 0:10.0.27-12.1 0:1.6-2.2 0:0.52.16-1.83 0:1.0.2j-55.1 0:0.9.8j-102.1 0:4.0.0-9.1 0:1.40.1-9.5 0:1.2.50-13.1 0:1.5.22-4.1 0:1.6.8-11.1 0:0.113-5.6.1 0:0.43.0-15.1 0:0.24.4-12.1 0:0.4.13-16.3 0:0.4.13-16.6 0:2.7.9-24.2 0:4.8.6-7.1 0:5.1.5.2-29.4 0:2.1.2-12.3 0:1.0.25-25.1 0:2.54.1-4.5 0:0.31-7.2 0:0.12.7-6.3 0:3.8.10.2-3.1 0:1.5.2-2.1 0:1.4.3-19.1 0:0.6.3-11.1 0:228-117.12 0:3.7-11.1 0:0.1.25-4.2 0:4.0.6-26.3 0:1.0.10-2.3 0:1.1.1-6.73 0:2.0.0-26.2 0:0.28.2-19.7 0:1.10-3.1 0:3.1.1-12.3 0:2.9.4-27.1 0:0.11.1-12.1 0:4.0.4-6.1 0:12.5-28.1 0:4.12-15.2 0:1.6.0-54.1 0:4.2.8p8-14.1 0:2.0.0-11.1 0:7.2p2-55.1 0:2.3.8-16.6.4 0:9.20.1-6.1 0:5.18.2-11.1 0:4.0.0-11.6 0:3.8.5-5.1 0:2.7.9-24.1 0:1.5.7-7.5 0:16.0.0-2.3.2 0:2.8.1-6.11.1 0:2.6.1-27.15 0:1.0.0-27.15 0:1.9.1-27.15 0:8-27.15 0:3.4-6.14 0:0.2.3-21.4 0:4.11.2-15.1 0:3.1.0-12.1 0:8.4.0-14.1 0:0.9-20.3 0:1.7.2.4-3.1 0:4.3-6.2 0:5.1.3-22.1 0:1.8.10p3-6.16 0:3.0-85.1 0:0.84.0-13.1 0:2.88+-96.1 0:1.27.1-8.1 0:4.5.1-10.1 0:0.18.3-5.7 0:2.3.4-6.5 0:1.18.4-14.216 0:3.20.2-5.8 0:0.5.3-157.1 0:1.14-10.3 0:1.12.13-31.1 0:2.2-14.2 0:4.7.0_12-23.4 0:2.99.917.641_ge4ef6e9-12.3 0:4.3.0-8.8 0:7.6_1.18.3-57.34 0:5.22-7.1 0:3.1.206-37.1.2 0:3.1.23-6.38 0:3.1.57-16.7 12.3 0:6.8.8.1-70.1 0:52.2.0esr-108.3 0:1.0.12-12.4 0:13.2+git20140911.61c1681-36.1 0:1.0.27.2-15.1 0:2.8.2-49.21 0:0.3.6-10.1 0:1.2.0-15.3 0:5.0.9-27.2 0:4.3-82.1 0:6.3-82.1 0:9.9.9P1-62.1 0:0.99.2-32.1 0:1.3.3-12.13 0:2.11-35.1 0:1.7.5-19.1 0:1.0.58-17.11 0:0.2.5-5.1 0:7.37.0-36.1 0:1.8.22-28.19 0:1.8.22-28.14 0:2.76-17.1 0:044-113.10 0:4.9.33_k4.4.73_5-2.4 0:1.42.11-15.1 0:24.3-19.2 0:3.12.12-7.3 0:2.1.0-20.2 0:2.4.6-11.3 0:2.12.0-1.33 0:2.6.3-7.10.1 0:2.1.0-23.1 0:2.34.0-18.1 0:0.2.0-14.3 0:9.15-22.1 0:2.8.18-8.1 0:2.22-61.3 0:3.20.5-9.6 0:3.20.1-49.3 0:3.20.4-76.3 0:3.3.27-1.10 0:2.0.24-8.1 0:2.02-2.12 0:1.8.3-9.5 0:0.10.23-25.1 0:0.10.36-17.13 0:0.10.31-16.1 0:1.8.3-17.2 0:1.8.3-12.11 0:1.8.3-15.1 0:2.0.9-8.3 0:7.4.326-16.1 0:3.16.11-1.33 0:1.5.0-11.2 0:1.7.0.141-42.1 0:1.6.2-2.8.3 0:1.6.2-2.10.3 0:1.8.0.131-26.3 0:0.8.16-5.1 0:4.4.73-5.1 0:4.7.4-1.13 0:5.6.2-5.9 0:5.6.2-1.31 0:1.6.2-11.1 0:5.0.1-7.1 0:1.7.4-17.1 0:3.5.11-5.1 0:0.9.8-7.1 0:1.2.2-7.1 0:1.0.10-7.1 0:1.0.8-7.1 0:1.6.0-18.11.1 0:3.1.2-25.1 0:5.3.1+r233831-12.1 0:0.10.2-3.1 0:2.29.2-2.3 0:2.29.2-2.2 0:1.15.2-24.1 0:1.9.1-5.1 0:0.41.rc1-9.1 0:4.6.5+git.27.6afd48b1083-2.11 0:9.6.3-2.1 0:9.6.3-2.4 0:2.5.2.26539-15.1 0:3.29.5-57.1 0:7.2d-5.1 0:1.6.1-16.39.1 0:0.6.0-5.1 0:1.3.1-9.1 0:2.7.1-12.1 0:1.13.4-33.2 0:1.900.14-194.1 0:4.12.0-10.1 0:2.4.41-18.29.1 0:1.1.29-1.13 0:2.4.2-16.1 0:5.2.4-6.1 0:10.0.30-28.1 0:10.66.3-7.1 0:2.1.0-3.1 0:1.0.2j-59.1 0:0.9.8j-105.1 0:1.1-3.1 0:3.5.0-20.1 0:8.39-7.1 0:1.8.10-6.1 0:1.12-19.1 0:1.2.50-19.1 0:1.5.22-9.1 0:1.6.8-14.1 0:5.0-4.1 0:2.7.13-27.1 0:3.4.6-24.1 0:1.2.4-10.1 0:5.2.5.1-42.13 0:2.1.9-18.1 0:1.0.25-35.1 0:0.33-1.33 0:0.12.8-1.17 0:3.8.10.2-8.1 0:228-142.1 0:4.9-1.7 0:4.0.7-43.1 0:1.0.1-16.1 0:0.5.0-11.1 0:3.3.0-4.28 0:10.1.5-2.17 0:2.2.7-47.1 0:2.9.4-45.1 0:1.1.28-16.1 0:1.2.8-11.1 0:4.0.4-14.1 0:0.13.62-9.1 0:3.11.0-1.15 0:2.7-3.1 0:4.13.1-18.1 0:4.2.8p10-63.3 0:2.0.0-17.1 0:7.2p2-69.1 0:2.3.8-16.17.1 0:1.1.8-23.1 0:1.4.25-4.1 0:4.0.2-1.29 0:2.4.7-3.4 0:3.8.5-14.1 0:2.8.1-6.16.1 0:2.9.0-5.10 0:1.0.0-5.10 0:1.10.2-5.10 0:8-5.10 0:0.2.3-23.1 0:1.4.7-20.1 0:8.24.0-1.20 0:1.0.24-3.1 0:1.4.8-16.1 0:0.9-23.14 0:5.1.3-25.1 0:1.8.20p2-1.3 0:3.0-94.1 0:2.88+-99.15 0:1.27.1-14.1 0:4.9.0-13.1 0:5.0.14-3.1 0:0.5.3.git20161120-160.1 0:1.14-20.1 0:4.9.0_08-2.2 0:2.99.917.770_gcb6ba2da-1.23 0:4.3.0-12.1 0:7.6_1.18.3-71.1 0:3.2.36-1.11 0:3.2.2-1.29 0:3.2.11-1.47 0:1.4.2-5.2 0:4.0.22+git.1455008135.15c5e92-8.93 0:1.6.5-5.9 0:1.1.15-19.15 0:1.4.35-1.34 0:3.10-17.1 0:1.7.3-3.8 0:4.0.25+git.1485179354.eb43835-2.19 0:1.6.11-10.2 0:1.1.16-4.8 0:1.4.35-3.1 0:12-0 0:1.6.2-31.2 0:3.10-15.1 0:1.5.4-2.5 0:1.6.0_sr16.1-5.9 0:3.4.5-3.5 0:5.5.14-4.20 0:7.0.7-15.1 0:4.4.13-2.1 0:4.5.0-5.1 0:6.9.5-7.1 0:13.2+git20140911.61c1681-1.8 0:0.6.35-1.96 0:1.0.27.2-11.4 0:1.9.4-1.6 0:1.9.2-1.27 0:1.0.15-4.221 0:3.1-4.498 0:2.4.10-6.1 0:1.2.40-1.6 0:1.0.8-9.8 0:2.0.8-8.3 0:1.13.4-4.56 0:9.9.5P1-1.7 0:1.0.6-27.886 0:8.22-5.5 0:4.8.3+r212056-6.4 0:1.2.0-3.12 0:2.2.13-2.7 0:103-5.8 0:0.158-3.82 0:6.3.26-5.9 0:5.19-2.32 0:3.0.3-3.3 0:2.5.3-2.8 0:1.1.36-54.75 0:2.1.0-3.8 0:1.8.5.2-2.5 0:2.38.2-5.9 0:3.10.4-22.2 0:1.26.9-1.23 0:3.7.4-1.39 0:3.14.6-3.5 0:6-7.3 0:1.5.0-2.9 0:1.1.1-120.238 0:1.7.0.6-33.3 0:1.15.5-7.7 0:6.8.8.1-5.8 0:1.5.3-1.77 0:1.5.1-2.7 0:2.5.3-2.9 0:3.10.5-1.6 0:2.0-12.6 0:2.08-1.6 0:1.0.1i-2.7 0:1.36.3-4.2 0:0.24.4-3.8 0:0.24.4-3.9 0:4.8.6-2.8 0:4.8.6-2.9 0:3.7-2.6 0:2.7.1-4.84 0:1.3.3-8.6 0:7.4.0-13.131 0:2.1.17-1.18 0:4.10.7-1.6 0:2.1.2-8.9 0:2.1.2_k3.12.28_4-8.9 0:2.1.2_k3.12.28_4-8.14 0:2.4-724.65 0:12.1-23.6 0:2.3.18-35.71 0:2.6.7-2.1 0:3.22-267.3 0:2.7.7-2.7 0:1.1.7-21.8 0:0.99.22.1-3.128 0:4.3-1.9 0:3.3.13-1.8 0:1.4-23.1 0:5.00-1.19 0:2.5-1.55 0:2.88+-94.6 0:7.0.55-2.8 0:1.10.9-1.5 0:2.7.0-264.38 0:7.6_1-14.8 0:7.6-45.7 0:3.1.108-1.6 0:1.9.4-1.31 0:1.9.2-1.149 0:2.4.16-5.1 0:1.2.40-5.2 0:1.0.8-13.3 0:2.0.8-11.43 0:1.5.2-2.3 0:3.0.3-10.1 0:1.8.5.6-11.10 0:1.26.10-4.27 0:0.8.0-11.2 0:1.7.1_sr3.10-14.1 0:1.8.0_sr1.10-2.36 0:1.3.10-4.1 0:2.7-1.2 0:4.8.6-4.6 0:2.4.41-18.3.1 0:2.1.2-4.5.8 0:2.1.2_k3.12.49_11-4.5.8 0:1.2.26-6.1 0:2.6.9-2.1 0:3.0.8-1.4 0:3.3.13-4.2 0:5.00-3.1 0:2.5-4.44 0:8.0.23-1.80 0:3.0.2-24.1 0:2.4.23-14.7 0:1.0.14-18.3 0:2.5.37-8.1 0:1.13.4-6.2 0:2.3-3.110 0:0.7.2-1.2 0:1.8.5.6-18.1 0:1.32.4-14.18 0:0.8.0-15.16 0:1.7.1_sr3.50-28.2 0:1.8.0_sr3.0-10.1 0:1.7.1-1.84 0:4.8.6-7.3 0:1.1.32-9.1 0:0.9.9-16.1 0:7.4.3-15.65 0:2.5.1-24.15 0:1.3.2-17.1 0:2.7.1-5.6 0:0.99.22.1-12.1 0:3.0.18-26.1 0:3.5.21-23.4 0:3.0-7.15 0:8.0.36-11.4 0:3.0.2-31.1 0:1.0.15-6.10 0:2.4.23-28.1 0:7.1.8-3.9 0:7.1.8_k4.4.73_5-3.9 0:2.2.30.2-14.2 0:3.0.14-1.8 0:2.12.3-26.1 0:1.32.4-19.24 0:0.8.0-18.1 0:1.1.1-255.2 0:1.7.1_sr4.5-37.1 0:1.8.0_sr4.5-29.1 0:0.9.30-5.1 0:1.1.34-12.1 0:1.4.33-3.1 0:2.7.0-2.29 0:4.021-11.1 0:2.5-9.1 0:1.3.3-5.3 0:2.7.3-1.17 0:3.12-25.1 0:0.99.22.1-15.1 0:3.0.25-48.1 0:3.5.21-25.1 0:1.4-29.1 0:3.0-10.15 0:8.0.43-23.1 0:2.0.0-2.1 0:3.0.2-39.1 0:1.0.15-4.181 0:3.1-4.364 0:1.4.16-15.67 0:1.1.0-147.67 0:0.2.5-3.72 0:1.12.12-181.54 0:2.2.13-2.3 0:1.5.1-1.11 0:1.22.2-5.287 0:3.7.4-1.36 0:1.2.1-3.56 0:7.4.326-2.14 0:1.6-7.209 0:1.0-6.38 0:s20121221-2.17 0:1.1.1-120.113 0:1.0.3-1.2 0:3.18-1.18 0:2.1.0-4.3 0:1.6.2-4.10 0:1.0.7-3.53 0:1.1.14-3.59 0:1.3.2-3.60 0:5.0.1-3.52 0:1.0.2-3.57 0:0.9.8-3.55 0:1.1.4-3.57 0:1.2.2-3.59 0:1.0.10-3.56 0:1.0.8-3.56 0:1.1.4-3.58 0:1.1.3-3.53 0:1.5.3-1.46 0:1.5.1-2.3 0:1.1.3-3.51 0:0.6.21-6.3 0:7.2d-3.75 0:0.4-3.76 0:0.9-6.22 0:0.11-2.15 0:1.19-17.28 0:2.4.2-14.30 0:0.8.8.4-13.63 0:2.1.5-27.79 0:0.30.0-3.64 0:1.8.10-3.4 0:5.0-2.2 0:2.0.10-3.63 0:0.4.8-18.55 0:1.9.1-1.218 0:2.1.3-1.13 0:2.7.1-4.55 0:3.8.7-3.14 0:2.0.2.umip.0.4-19.63 0:0.13.0-1.107 0:2.4-724.56 0:2.4.4-4.4 0:2.0-1.39 0:1.4.14-1.42 0:2.82-3.12 0:3.71-1.145 0:804.031-3.76 0:2.4.7-1.4 0:0.7.0-4.3 0:1.9.7-2.12 0:0.11_git201205151338-8.14 0:2.1-1.4 0:5.1.1-1.16 0:2.3.15-7.3 0:5.43-5.30 0:1.1.0-3.57 0:3.1.206-36.3 0:2.10-1020.56 0:2.4.0-167.1 0:2.12.6-3.42 0:2.5.3-4.13 0:3.0.3-3.10 0:1.8.5.2-2.32 0:1.0.1-5.1 0:3.8.3-261.135 0:3.12.28-4.3 0:3.12.28-4.2 0:1.3.0-25.5 0:1.1.12-7.1 0:3.6.10-4.124 0:4.8.6-2.29 0:1.3.7-1.37 0:1.8.10-1.25 0:0.148.1-1.7 0:1.7.3-1.2 0:3.2.5c-2.8 0:2.5.5-1.3 0:3.12.49-11.2 0:1.1.13-10.4 0:1.8.10-15.1 0:1.0.20100204cvs-25.3 0:2.8.2-3.1 0:0.152.0-11.1 0:5.5.14-39.1 0:2.0.0.b5-3.2 0:0.7-5.1 0:1.0.9-1075.1 0:1.11.4-1.7 0:3.6.10-4.97 0:0.15.4-3.89 0:1.3.7-1.8 0:1.8.10-24.1 0:2.2.7-3.26 0:2.8.2-9.1 0:5.1.35-3.1 0:4.03.0-6.9.1 0:5.5.14-73.1 0:2.4.0-168.1 0:1.8.12-1.29 0:1.10.9-3.1 0:0.24.1-6.1 0:0.24.4-14.3.1 0:2.8.2-14.1 0:0.158.0-14.1 0:5.5.14-108.1 0:7.0.7-49.1 0:3.03.0-3.1 0:4.3.5.2-10.1 0:4.3.3.2-6.1 0:1.7.5-5.1 0:3.12.38-44.1 0:3.12.39-47.1 0:3.12.32-33.1 0:3.12.43-52.6.1 0:1.12.1-16.1 0:3.12.44-52.10.1 0:2.7.3-4.1 0:3.12.36-38.1 0:3.12.44-52.18.1 0:3.12.48-52.27.1 0:1.12.1-9.1 0:1.3.0-4.2 0:1.1.3-4.3 0:1.1.3-4.9 0:0.2.10-4.8 0:1.1.3-3.2 0:0.0.2-4.1 0:1.1.2-4.3 0:0.12.1-3.1 0:0.9.4-4.5 0:1.3-4.1 0:0.23-4.1 0:3.12.51-52.31.1 0:1.12.1-22.2 0:1.3.8-2.3.1 0:0.9.26-3.3.1 0:3.12.60-52.49.1 0:3.12.60-52.54.2 0:5.1.3.2-22.9 0:3.12.51-52.34.1 0:3.12.51-52.39.1 0:1.12.1-25.1 0:3.12.55-52.42.1 0:9.15-6.1 0:1.5.3-17.1 0:1.12.1-28.1 0:1.5.4-20.3 0:1.6.1-23.1 0:210-70.48.1 0:3.12.55-52.45.1 0:3.12.51-60.20.1 0:1.3.8-4.1 0:0.9.26-4.1 0:3.12.59-60.41.2 0:3.12.59-60.45.2 0:3.12.51-60.25.1 0:3.12.62-60.62.1 0:1.12.1-36.2 0:4.02.3-6.6.14 0:6.1.6-10.1 0:210-114.1 0:9.15-11.1 0:3.12.62-60.64.8.2 0:9.15-14.1 0:9.15-17.1 0:3.12.67-60.64.18.1 0:3.12.67-60.64.21.1 0:3.12.67-60.64.24.1 0:3.12.53-60.30.1 0:3.12.57-60.35.1 0:210-104.1 0:3.12.69-60.64.29.1 0:3.12.69-60.64.32.1 0:2.8.7-27.1 0:3.12.69-60.64.35.1 0:15.2.1-8.1 0:1.16.10-12.6.1 0:9.15-20.1 0:3.12.74-60.64.40.1 0:4.4.21-84.1 0:4.4.21-90.1 0:4.4.59-92.24.2 0:228-149.2 0:5.3.3.2-40.5.9 0:4.4.74-92.29.1 0:228-150.7.1 0:0.43.0-16.5.1 0:4.4.74-92.32.1 0:4.4.74-92.35.1 0:2.6.1-10.3.1 0:228-132.1 0:4.4.74-92.38.1 0:1.12.5-40.13.1 0:4.4.90-92.45.1 0:1.12.5-40.16.1 0:2.8.7-28.3.1 0:4.4.90-92.50.1 0:4.4.103-92.53.1 0:4.4.49-92.11.1 0:4.4.49-92.14.1 0:4.4.59-92.17.3 0:4.4.38-93.1 0:4.4.59-92.20.2 0:4.4.103-92.56.1 0:228-150.29.1 0:9.15-23.7.1 0:4.4.114-92.64.1 0:5.4.5.1-40.24.1 0:228-150.32.1 0:1.7.5-20.3.1 0:4.4.103-92.59.1 0:4.4.120-92.70.1 0:1.12.5-40.23.1 0:228-150.9.2 0:4.4.82-6.3.1 0:5.3.5.2-43.5.4 0:4.4.82-6.6.1 0:4.4.92-6.18.1 0:4.4.92-6.30.1 0:4.4.103-6.33.1 0:4.4.103-6.38.1 0:4.4.114-94.11.3 0:5.4.5.1-43.19.1 0:0.9.34-3.3.2 0:4.4.120-94.17.1 0:4.03.0-8.3.1 0:4.4.126-94.22.1 0:1.1.3-24.6.1 0:6.0.3.2-43.30.2 0:4.4.103-94.6.1 0:1.3.0-22.3 0:3.2.15-4.1 0:11.2.202.425-19.1 0:12.5-22.1 0:4.2.6p5-31.1 0:2.3.2-11.1 0:1.8.12-6.5 0:1.8.12-6.1 0:4.5.1-4.1 0:0.6.3-4.1 0:11.2.202.411-4.1 0:1.7.0.71-6.2 0:8.4.0-5.1 0:11.2.202.418-11.1 0:31.3.0esr-15.2 0:31.0-9.1 0:3.17.2-12.4 0:2.7.7-9.3 0:2.7.7-9.1 0:0.9.8j-66.3 0:1.0.1i-9.3 0:11.2.202.424-15.1 0:5.19-5.2 0:4.4.3_06-22.15.1 0:4.4.3_06_k3.12.48_52.27-22.15.1 0:38.5.0esr-54.1 0:9.9.6P1-28.6.1 0:0.9.8j-87.1 0:7.6_1.15.2-21.1 0:3.2.1-3.5 0:2.02~beta2-56.9.4 0:11.2.202.559-117.1 0:31.5.0esr-24.1 0:2.5.3-5.1 0:9.3.6-5.1 0:9.3.6-5.2 0:6.00-28.1 0:11.2.202.451-77.1 0:1.7.0.75-11.3 0:2.19-20.3 0:1.0.1i-20.1 0:0.9.8j-73.2 0:4.4.1_10-9.1 0:4.4.1_10_k3.12.36_38-9.1 0:31.5.3esr-27.1 0:1.10.13-8.1 0:0.11.1-6.1 0:4.4.2_02-15.1 0:4.4.2_02_k3.12.38_44-15.1 0:31.6.0esr-30.1 0:11.2.202.457-80.1 0:3.2.15-7.2 0:10.0.16-15.1 0:1.7.0.79-15.1 0:1.0.58-5.1 0:3.10.0.1-16.1 0:7.6_1.15.2-17.2 0:11.2.202.429-23.1 0:4.2.6p5-44.1 0:11.2.202.460-83.1 0:0.12.4-6.1 0:2.0.2-46.1 0:1.0.0-46.1 0:1.7.4-46.1 0:8-46.1 0:4.4.2_04-18.1 0:4.4.2_04_k3.12.39_47-18.1 0:1.3.2-10.2 0:1.4.1-32.1 0:31.7.0esr-34.1 0:2.71-4.1 0:1.4.0-23.1 0:31.4.0esr-20.1 0:3.17.3-16.1 0:4.4.2_06-21.1 0:4.4.2_06_k3.12.39_47-21.1 0:11.2.202.466-86.1 0:1.10.14-12.1 0:2.4.39-16.1 0:7.6_1.15.2-28.4 0:11.2.202.468-89.1 0:1.0.1i-25.1 0:0.9.8j-78.1 0:7.37.0-5.1 0:1.6.1-13.1 0:9.9.6P1-18.1 0:11.2.202.481-93.1 0:11.2.202.491-96.1 0:9.3.8-8.1 0:31.8.0esr-37.3 0:3.19.2_CKBI_1.98-21.1 0:4.10.8-3.1 0:10.0.20-18.1 0:4.4.2_08-22.5.1 0:4.4.2_08_k3.12.43_52.6-22.5.1 0:9.9.6P1-23.1 0:1.7.0.85-18.2 0:9.9.5P1-8.1 0:2.7.9-14.1 0:3.10.4-5.11 0:11.2.202.508-99.1 0:31.8.0esr-40.1 0:4.4.2_10-22.8.1 0:4.4.2_10_k3.12.44_52.10-22.8.1 0:5.3.1-4.4.2 0:0.1.6-4.1 0:1.0.1i-27.3.1 0:11.2.202.438-27.1 0:11.2.202.440-31.1 0:2.24-7.1 0:38.2.1esr-45.1 0:31.0-14.1 0:3.19.2.0-26.2 0:9.9.6P1-26.1 0:0.98.5-6.1 0:1.900.1-166.1 0:2.0.2-48.4.1 0:1.0.0-48.4.1 0:1.7.4-48.4.1 0:8-48.4.1 0:1.0.1i-17.1 0:5.7.2.1-4.3.2 0:11.2.202.442-67.1 0:11.2.202.521-102.1 0:1.2.5-21.1 0:38.3.0esr-48.1 0:4.10.9-6.1 0:0.2.1_rc4-13.3.1 0:3.12.48-52.27.2 0:2.25-10.1 0:2.25-10.3 0:0.12.4-8.5.1 0:11.2.202.535-105.1 0:4.2.6p5-37.2 0:11.2.202.540-108.1 0:5.1.3-9.1 0:2.0.2-48.9.1 0:1.0.0-48.9.1 0:1.7.4-48.9.1 0:8-48.9.1 0:9.3.10-11.1 0:0.98.6-10.1 0:2.19-22.7.1 0:0.9.8j-70.2 0:4.4.3_02-22.12.1 0:4.4.3_02_k3.12.48_52.27-22.12.1 0:1.1.3-7.1 0:0.5.0-5.1 0:1.3.1-3.1 0:2.8.8-9.1 0:0.1.1-5.3 0:0.1.2-4.2 0:0.1.3-3.5 0:0.1.1-4.9 0:0.0.1-2.1 0:0.9.1-3.1 0:0.5.7-3.1 0:0.1.2-5.1 0:0.3.6-3.3 0:0.1.4-3.9 0:0.7.1-3.1 0:0.0.2-2.3 0:1-2.1 0:4.1-6.3 0:0.1.3-4.3 0:3.7.1-3.1 0:0.4.1-3.1 0:1.18-3.2 0:20150827-5.1 0:4.4.1_08-5.2 0:4.4.1_08_k3.12.28_4-5.2 0:31.0-17.1 0:1.10.12-4.1 0:1.2.50-10.1 0:1.6.8-8.1 0:1.3.0-18.1 0:037-51.17.3 0:2.0.2-42.1 0:1.0.0-42.1 0:1.7.4-42.1 0:8-42.1 0:1.4.8-5.3.3 0:4.1.12-16.1 0:2.30.6-7.2 0:0.4-6.1 0:1.0.1i-27.6.1 0:11.2.202.554-114.1 0:1.4.0-19.1 0:1.12.1-22.5 0:1.1.24-4.3.1 0:4.1.12-18.3.1 0:2.1.5-3.4.1 0:4.2.6-14.6.1 0:45.2.0esr-75.2 0:45.0-28.2 0:3.12.60-52.54.1 0:2.19-22.16.2 0:1.54.0-15.1 0:0.5.1-8.2 0:1.3.2-18.1 0:2.8.8-12.1 0:1_3335ac1-2.1 0:0.1.6-6.3 0:0.11.0-6.2 0:0.11.0-6.1 0:0.1.5-7.1 0:0.4.2-6.1 0:20160511-11.1 0:4.0.6-19.1 0:2.0.2-48.12.1 0:1.0.0-48.12.1 0:1.7.4-48.12.1 0:8-48.12.1 0:3.1.0-6.1 0:2.9.1-17.1 0:9.9.6P1-28.9.1 0:5.0.5-7.1 0:2.4.41-18.13.1 0:2.30.6-10.1 0:1.7.0.95-24.2 0:1.2.5-27.10.1 0:38.6.0esr-57.3 0:31.0-20.1 0:3.20.2-37.1 0:7.37.0-18.1 0:11.2.202.569-120.1 0:2.19-22.13.1 0:9.3.11-14.2 0:4.2.6-14.3.1 0:9.4.6-7.1 0:9.4.6-7.2 0:38.6.1esr-60.1 0:1.0.1i-27.13.1 0:0.9.8j-94.1 0:2.9.1-13.1 0:11.2.202.577-123.1 0:1.4.3-16.1 0:38.7.0esr-63.3 0:3.20.2-40.1 0:4.12-12.1 0:9.9.6P1-28.12.1 0:4.1.12-18.8.1 0:4.0.0-8.1 0:1.7.0.99-27.1 0:11.2.202.616-126.1 0:3.4.0.2-15.1 0:4.2.1-11.1 0:4.2.4-18.17.1 0:3.1.1-7.1 0:1.6.1-16.27.1 0:1.12.16-13.1 0:2.9.1-20.1 0:1.0.1i-27.16.1 0:1.7.0.101-30.1 0:4.2.8p6-46.5.2 0:3.1.12.4-8.2 0:38.8.0esr-66.2 0:6.8.8.1-19.1 0:0.9.8j-97.1 0:1.12.9-22.1 0:11.2.202.621-130.1 0:4.4.4_02-22.19.1 0:4.4.4_02_k3.12.55_52.42-22.19.1 0:1.12.11-25.1 0:6.6p1-42.1 0:6.6p1-33.1 0:10.0.22-20.3.1 0:3.0-82.1 0:2.9.1-24.1 0:2.0.2-48.19.1 0:1.0.0-48.19.1 0:1.7.4-48.19.1 0:8-48.19.1 0:0.12.4-8.9.1 0:4.2.8p8-46.8.1 0:6.8.8.1-25.1 0:3.1.2-12.1 0:11.2.202.626-133.1 0:10.0.25-20.6.1 0:2007e_suse-19.1 0:1.1.5-6.1 0:1.0.8-12.1 0:3.19.2.2-32.1 0:9.9.6P1-32.1 0:2.02~beta2-73.3 0:1.0.1i-36.1 0:3.12.51-60.20.2 0:1.1.24-4.1 0:4.2.4-6.1 0:2.1.5-4.1 0:4.5.2_02-4.1 0:4.5.2_02_k3.12.49_11-4.1 0:3.12.59-60.41.1 0:2.3.1-14.1 0:1.8.1-14.1 0:8-14.1 0:3.12.59-60.45.1 0:2.19-38.2 0:6.8.8.1-30.2 0:11.2.202.632-137.1 0:9.9.6P1-35.1 0:2.8.10-7.8 0:1.2.18.4-11.7 0:4.5.3_08-17.1 0:4.5.3_08_k3.12.59_60.45-17.1 0:45.3.0esr-78.1 0:1.12.1-36.4 0:3.1.0-9.3 0:2.25.35.1-3.1 0:2.11.0-6.1 0:10.0.26-9.2 0:6.6p1-52.1 0:11.2.202.635-140.1 0:1.0.1i-52.1 0:4.5.3_10-20.1 0:4.5.3_10_k3.12.62_60.62-20.1 0:4.0.6-31.1 0:1.0.2-9.1 0:1.6.2-6.2 0:5.0.1-5.2 0:1.7.4-12.2 0:0.9.8-5.2 0:1.2.2-5.2 0:1.0.10-5.2 0:1.0.8-5.2 0:11.2.202.637-143.1 0:2.24.24-3.1 0:0.8.15-29.1 0:1.8.22-22.2 0:1.11.5.1-28.1 0:2.3.1-21.1 0:1.0.0-21.1 0:1.8.1-21.1 0:8-21.1 0:2.9.1-26.3.1 0:3.4.5-17.1 0:11.2.202.643-146.1 0:6.8.8.1-40.1 0:9.9.9P1-49.1 0:7.37.0-31.1 0:1.8.0.72-3.2 0:2.25-37.1 0:1.900.14-181.1 0:11.2.202.644-149.1 0:9.15-17.2 0:3.10.2-2.3.1 0:4.2-82.1 0:6.2-82.1 0:1.8.0.111-17.1 0:1.27.1-11.1 0:1.8.10p3-2.6.1 0:10.0.28-17.2 0:7.4.326-7.1 0:6.8.8.1-47.1 0:1.7.0.121-36.2 0:2007e_suse-22.1 0:8.39-5.1 0:2.3.1-24.6 0:1.0.0-24.6 0:1.8.1-24.6 0:8-24.6 0:45.5.0esr-88.1 0:3.21.3-50.1 0:45.5.1esr-93.1 0:4.5.5_02-22.3.1 0:4.5.5_02_k3.12.67_60.64.18-22.3.1 0:24.0.0.186-152.1 0:10.0.22-3.1 0:4.2.8p9-55.1 0:4.5.5_04-22.6.1 0:4.5.5_04_k3.12.67_60.64.24-22.6.1 0:2.1.0-20.1 0:45.6.0esr-96.1 0:6.8.8.1-54.1 0:1.14-17.1 0:2.71-13.1 0:4.2.4-28.3.1 0:1.2.4-2.3.1 0:1.2.4-3.4.1 0:4.0.7-35.1 0:2.3.1-7.7 0:1.0.0-7.7 0:1.8.1-7.7 0:8-7.7 0:2.19-35.1 0:4.3.3-4.1 0:1.0.1i-44.1 0:9.9.6P1-38.1 0:4.2.4-11.1 0:4.5.2_06-7.1 0:4.5.2_06_k3.12.53_60.30-7.1 0:1.2.18.2-8.1 0:1.8.0.77-6.1 0:4.2.4-16.1 0:3.1.41.3-9.1 0:4.2.8p6-8.2 0:3.1.22-6.2 0:1.0.1i-47.1 0:1.8.0.91-11.1 0:4.2.8p7-11.1 0:2.8.1-6.9.1 0:0.12.5-4.1 0:10.0.25-6.1 0:0.10.31-13.3.3 0:0.10.36-11.3.1 0:0.10.23-19.3.4 0:0.10.23-19.6.1 0:1.8.0.121-20.1 0:3.2.15-16.1 0:2.11-32.1 0:0.12.5-7.1 0:10.0.29-22.1 0:45.7.0esr-99.1 0:4.0.7-40.1 0:1.0.1i-54.5.1 0:1.7.0.131-39.1 0:24.0.0.221-158.1 0:1.900.14-184.1 0:6.8.8.1-59.1 0:2.25-40.1 0:2.25-40.2 0:4.5.5_06-22.11.2 0:4.5.5_06_k3.12.69_60.64.32-22.11.2 0:1.2.8-6.3.1 0:9.9.9P1-56.1 0:6.6p1-54.7.1 0:037-91.1 0:1.8.22-24.8.1 0:0.2.0-10.3.3 0:10.1.0-5.3.1 0:25.0.0.127-162.1 0:45.8.0esr-102.1 0:4.2.4-28.8.2 0:24.0.0.194-155.1 0:9.9.9P1-53.1 0:1.2.4-2.3.3 0:25.0.0.148-165.1 0:9.9.9P1-59.1 0:0.10.36-11.6.9 0:1.2.4-2.9.1 0:1.2.4-2.6.8 0:1.0.25-28.1 0:4.2.8p10-60.1 0:2.1.9-15.1 0:1.4.3-24.1 0:1.8.1-9.1 0:4.5.5_10-22.14.1 0:4.5.5_10_k3.12.69_60.64.35-22.14.1 0:2.8.2-54.1 0:25.0.0.171-168.1 0:2.3.1-32.11 0:1.0.0-32.11 0:1.8.1-32.11 0:8-32.11 0:45.9.0esr-105.1 0:1.8.0.121-23.4 0:0.2.3-13.3.1 0:10.0.30-25.1 0:0.2.1_rc4-17.3.1 0:2.9.1-26.12.1 0:1.8-10.9.1 0:4.2.4-28.14.1 0:2.2.6-44.3 0:1.8.10p3-2.11.1 0:1.2.4-2.3.2 0:1.6.2-8.1 0:1.7.4-14.1 0:3.4.5-19.1 0:2.6.2-31.2 0:1.0.0-31.2 0:1.9.1-31.2 0:8-31.2 0:1.8.10p3-8.1 0:2.28-42.1 0:2.28-42.4 0:2.28-42.3 0:4.7.1_02-25.1 0:4.7.1_04-28.1 0:4.4.2-31.1 0:1.8.3-14.1 0:1.8.3-9.1 0:1.8.10p3-10.10.2 0:1.8.3-9.6 0:52-31.1 0:2.9.4-42.1 0:9.4.12-20.1 0:4.7.2_06-42.1 0:2.6.2-41.16.1 0:1.0.0-41.16.1 0:1.9.1-41.16.1 0:8-41.16.1 0:228-149.3 0:1.8.10p3-10.13.1 0:1.2.4-13.1 0:1.6.1-16.42.1 0:1.9.1-8.1 0:5.9-44.1 0:0.12.1-12.1 0:0.3.11-9.1 0:0.0.3-2.1 0:20170511-15.1 0:3.2.15-18.3.1 0:1.0.8-10.1 0:0.12.7-10.3.1 0:7.6_1.18.3-74.2 0:1.1.1-10.1 0:3.20.1-6.14.1 0:044.1-109.8.3 0:1.900.14-195.3.1 0:1.2.4-14.3.1 0:1.0.1-16.3.1 0:0.24.4-14.6.1 0:0.10.36-14.1 0:10.0.31-29.3.1 0:2.2.8-48.6.1 0:16.15.2-27.21.1 0:1.13.30-18.13.3 0:5.9-50.1 0:0.10.23-22.5 0:3.8.5-15.3.3 0:2.40.18-5.3.1 0:2.54.1-5.3.1 0:5.1.3-26.5.1 0:2.1.0-4.3.2 0:2.9.4-46.3.2 0:7.37.0-37.3.1 0:1.8.0.144-27.5.3 0:1.12-20.3.2 0:6.8.8.1-71.5.3 0:3.20.4-77.7.5 0:2.0.0~git.1463131968.4e66df7-12.3.2 0:7.2p2-66.1 0:7.2p2-66.3 0:0.15.4-9.2 0:2.1.0-21.3.1 0:52.1-8.3.1 0:4.7.3_03-43.9.1 0:9.4.13-21.5.1 0:9.6.4-3.6.1 0:2.34.0-19.5.1 0:3.20.1-6.16.1 0:1.12.12-182.3.1 0:1.8.22-24.2.1 0:4.7.3_04-43.12.1 0:4.8.5-31.3.1 0:24.3-25.3.1 0:0.11.1-13.3.1 0:2.2.9-48.9.2 0:4.0.8-44.3.1 0:2.6.4-6.3.1 0:52.3.0esr-109.3.1 0:2.78-18.3.1 0:2.1.0-4.6.1 0:4.4.2-38.11.2 0:52.4.0esr-109.6.2 0:3.29.5-58.3.1 0:2.0.0-27.20.1 0:2.8.1-268.6.2 0:2.2-15.3.1 0:7.37.0-37.8.1 0:2.3.8-16.20.1 0:4.9.2-14.5.1 0:2.2.10-48.12.1 0:4.7.3_06-43.15.1 0:1.14-21.3.1 0:3.6.312-2.13.1 0:2.18.0-2.9.1 0:0.10.2-2.4.1 0:2.6.2-41.22.2 0:1.0.0-41.22.2 0:1.9.1-41.22.2 0:8-41.22.2 0:1.13.4-34.7.1 0:6.8.8.1-71.12.1 0:4.2.1-27.3.3 0:0.24.4-14.13.1 0:4.2.4-28.21.1 0:1.8.0.151-27.8.1 0:10.2.4+git.1481215985.12b091b-16.2 0:5.22-10.3.1 0:7.6_1.18.3-76.15.2 0:2.8.18-9.3.26 0:4.2.4-28.24.1 0:5.18.2-12.3.1 0:20170530-21.13.1 0:4.4.2-38.14.1 0:2.9.4-33.1 0:1.0.2j-60.16.1 0:2.29.1-9.20.2 0:4.7.4_02-43.21.1 0:52.5.0esr-109.9.1 0:0.12.7-8.1 0:1.1.14-4.3.1 0:7.2p2-74.11.1 0:7.2p2-74.11.3 0:1.0.2j-60.20.2 0:6.8.8.1-71.17.1 0:0.15.4-16.1 0:9.6.6-3.10.1 0:3.20.2-6.19.15 0:2.2.11-48.15.3 0:2.34.0-19.8.1 0:2.28-44.3.1 0:2.28-44.3.3 0:4.7.1_06-31.1 0:1.6.0-16.4 0:2.6.2-41.9.1 0:1.0.0-41.9.1 0:1.9.1-41.9.1 0:8-41.9.1 0:10.1.0-8.1 0:4.4.2-36.2 0:044-108.1 0:4.7.2_02-36.1 0:1.8.3-12.12 0:4.7.2_04-39.1 0:2.6.2-39.1 0:1.0.0-39.1 0:1.9.1-39.1 0:8-39.1 0:4.4.59-92.17.2 0:4.4.2-38.6.1 0:1.8.10p3-10.5.1 0:2.9.4-36.1 0:2.9.4-39.2 0:5.6.1-17.3.15 0:5.6.1-13.3.1 0:2.3.8-16.14.1 0:2.1.0-24.3.4 0:3.1.0-13.10.1 0:3.22-269.3.5 0:1.3.0-3.3.1 0:2.2.12-48.18.1 0:0.6.21-8.3.1 0:6.8.8.1-71.20.1 0:2.0.21-6.3.1 0:7.37.0-37.14.1 0:1.3.3-10.3.1 0:2.18.5-2.18.1 0:3.2.5e-2.3.2 0:0.99.3-33.5.1 0:2.1.0-24.6.1 0:5.9-58.1 0:9.9.9P1-63.7.1 0:1.5.1-11.3.12 0:103-8.3.1 0:6.8.8.1-71.33.1 0:1.0.25-36.7.2 0:1.5.3-31.7.4 0:62.2.0-31.7.4 0:8.1.2-31.7.4 0:0.16.0-8.5.15 0:52.6.0esr-109.13.1 0:2.6.2-41.31.1 0:1.0.0-41.31.1 0:1.9.1-41.31.1 0:8-41.31.1 0:10.0.33-29.13.1 0:2.0.0-27.29.1 0:2.9.4-46.12.1 0:2.6.3-7.15.1 0:2.22-62.6.2 0:9.20.1-7.3.1 0:4.7.4_06-43.24.1 0:9.6.7-3.13.1 0:4.8.30-29.6 0:4.3.3-10.11.1 0:0.13.67-10.5.1 0:3.8.5-15.9.1 0:6.8.8.1-71.42.1 0:2.1.0-6.3.1 0:6.8.8.1-71.23.1 0:4.60.99-5.3.1 0:0.5.3-3.3.2 0:0.22.0+git.20160103-15.6.1 0:1.2.0-12.3.1 0:2.22-62.10.1 0:4.2.1-27.6.1 0:1.7.0.171-43.12.1 0:1.8.0.161-27.13.1 0:9.4.16-21.16.1 0:20170530-21.19.1 0:0.90-6.3.1 0:10.0.34-29.16.1 0:20180312-13.17.1 0:0.15.1b-184.3.1 0:9.6.8-3.16.1 0:7.37.0-37.17.1 0:1.3.3-10.6.1 0:0.99.4-33.9.1 0:4.3.3-10.14.1 0:2.2.13-48.21.1 0:2.22-62.3.4 0:2.6.2-41.37.1 0:1.0.0-41.37.1 0:1.9.1-41.37.1 0:8-41.37.1 0:4.4.2-38.17.1 0:1.12.5-40.23.2 0:52.7.3esr-109.25.1 0:6.8.8.1-71.47.1 0:1.3.1-10.3.1 0:2.0.0-27.34.1 0:4.0.9-44.7.1 0:9.4.17-21.19.1 0:1.7.0.161-43.7.6 0:4.9.0beta-3.3.1 0:4.7.5_02-43.27.1 0:1.0.2j-60.24.1 0:9.4.15-21.13.1 0:10.0.32-29.10.1 0:2.0.0-18.2.1 0:20170530-21.16.1 0:3.1.0-13.7.1 0:5.9-55.1 0:7.37.0-37.11.3 0:2.0019-6.3.5 0:6.8.8.1-71.26.1 0:228-150.9.3 0:4.6.7+git.38.90b2cdb4f22-3.7.1 0:16.15.3-2.3.1 0:3.2.4-2.3.1 0:0.12.1-13.2.1 0:0.3.11-7.5.1 0:0.12.1-10.5.1 0:0.0.3-4.1 0:0.0.1-4.1 0:20170511-16.2.1 0:4.9.0_11-3.9.1 0:16.15.6-2.8.1 0:1.13.32-21.3.2 0:2.9.0-6.3.1 0:1.0.0-6.3.1 0:1.10.2-6.3.1 0:8-6.3.1 0:4.9.0_12-3.15.1 0:0.12.8-3.9 0:3.3.0-5.3.1 0:4.6.7+git.51.327af8d0a11-3.12.1 0:4.9.0_14-3.18.1 0:3.3.0-5.8.1 0:2.9.1-6.6.3 0:1.0.0-6.6.3 0:1.10.2-6.6.3 0:8-6.6.3 0:3.6.312.333-3.10.1 0:4.9.1_02-3.21.1 0:4.6.9+git.59.c2cff9cea4c-3.17.1 0:3.3.0-5.13.1 0:4.9-3.5.1 0:1.1.1-12.1 0:1.900.14-195.5.1 0:4.4.114-94.11.2 0:4.9.1_08-3.26.1 0:4.9.33-4.11.1 0:4.9.33_k4.4.114_94.11-4.11.1 0:1.2.0-17.3.1 0:4.6.13+git.72.2a684235f41-3.21.3 0:2.1.10-3.3.2 0:2.9.1-6.12.1 0:1.0.0-6.12.1 0:1.10.2-6.12.1 0:8-6.12.1 0:0.33-3.3.2 0:1.28-5.3.1 0:3.3.0-5.19.2 0:1.4.1-5.8.1 0:0.13.67-10.8.1 0:3.4.6-25.7.1 0:3.20.2-6.22.9 0:4.2.8p11-64.3.2 0:2.2.14-48.24.1 0:4.4.126-94.22.2 0:0.12.21~rc-1001.3.1 0:5.18.2-12.11.1 0:5.0.5-6.7.2 0:1.54.0-26.3.1 0:3.20.1-10.6.3 0:0.1.0-6.6.1 0:0.13.0-13.6.1 0:0.3.13-7.9.1 0:0.13.4-10.9.1 0:0.0.1-1.3.1 0:0.0.5-7.1 0:0.4.7-10.7.1 0:20180403-16.9.1 0:2.9.1-6.9.2 0:1.0.0-6.9.2 0:1.10.2-6.9.2 0:8-6.9.2 0:1.0.0-7.1 0:1.0.0-9.1 0:1.5.4-2.4.1 0:4.2.4-18.30.1 0:4.2.4-18.44.2 0:4.2.4-18.35.1 0:1.0.1+git.1456406635.49e230d-12.1 0:1.1.13-20.1 0:1.1.15-21.1 0:1.0.0+git.1448981395.15fb8b9-4.3.1 0:4.0.1+git.1495055229.643177f1-2.4.2 0:1-2.2 0:2-3.1 0:1-2.3 0:3-2.1 0:2-7.1 0:2-10.1 0:2-6.1 0:1-4.2 0:1-2.6 0:4-2.3 0:2-2.1 0:2-4.1 0:1-4.1 0:5-14.2 0:2-2.2 0:4-2.1 0:5-2.1 0:6-17.2 0:6-2.1 0:2-9.1 0:7-20.2 0:7-2.1 0:3-5.1 0:1-6.3 0:8-23.2 0:8-2.1 0:2-5.1 0:3-8.2 0:4-11.2 0:1-3.1 0:7-21.1 0:7-3.1 0:6-3.1 0:4-3.1 0:3-3.1 0:8-18.7.1 0:9-2.1 0:9-18.10.1 0:10-4.1 0:9-4.1 0:7-4.1 0:5-4.1 0:6-4.1 0:10-18.13.1 0:4-4.1 0:3-4.1 0:1-2.4 0:10-2.1 0:11-2.1 0:1-3.3.1 0:1-6.1 0:4-11.1 0:1-3.3.2 0:2-2.3.2 0:1-4.3 0:1-4.3.1 0:1-4.5.1 0:1-4.3.5 0:2016.11.4-46.7.1 0:2016.11.4-46.10.1 0:2016.11.4-45.2 0:4.8.1-32.3.1 0:5.0.18-6.1 0:1.1.7-7.1 0:1.8.3-49.1 0:1.4.5-8.10 0:1.1.2-20160727 0:1.0.5-20160727 0:0.2.4+gitr565_0366d7e-9.1 0:1.12.3-81.2 0:1.31.0-11.2 0:0.52.0-9.1 0:0.1.1+gitr2816_02f8fa7-9.1 0:1.0.4-20160308170633 0:1.1.1-20160304104123 0:1.1.1-20160307082632 0:2.0.3-2.4 0:1.10.3-66.1 0:2.2.0-20.3.1 0:1.1.4-20171002 0:1.0.7-20171002 0:1.0.2-20171006 0:0.2.5+gitr569_2a5e70c-15.3 0:1.12.6-87.2 0:0.1.1+gitr2819_50a19c6-15.2 0:5.0.18-12.5.1 0:0.2.9+gitr706_06b9cb351610-16.8.1 0:17.09.1_ce-98.8.1 0:0.7.0.1+gitr2066_7b2b1feb1de4-10.1 0:1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1 0:2.6.2-13.6.1 0:17.02.9-6.10.1 0:16.05.8.1-6.1 0:2.33-7.5.17 0:17.02.10-6.16.1 0:1.6.0_sr16.2-8.1 0:1.5.4-5.1 0:1.5.4-9.1 0:2.3.37-16.1 0:1.6.0_sr16.4-15.1 0:1.6.0_sr16.7-22.2 0:1.6.0_sr16.3-12.1 0:1.6.0_sr16.15-27.1 0:2.3.37-18.13.4 0:2.4.41-18.13.4 0:1.6.0_sr16.30-40.1 0:1.6.0_sr16.35-43.2 0:1.6.0_sr16.20-30.1 0:1.6.0_sr16.25-34.1 0:1.6.0_sr16.26-37.1 0:1.5.0-0.6.1 0:1.6.0_sr16.50-50.3.1 0:1.6.0_sr16.41-46.1 0:1.6.0_sr16.45-49.1 0:3.12.60-52.57.1 0:3.12.60-52.60.1 0:3.12.60-52.63.1 0:3.1.4-11.1 0:3.12.74-60.64.48.1 0:3.12.61-52.80.1 0:3.12.74-60.64.51.1 0:3.12.61-52.83.1 0:0.9.11-3.1 0:3.12.61-52.86.1 0:3.12.74-60.64.54.1 0:1.15.2-2.6.1 0:3.12.74-60.64.60.1 0:3.12.61-52.92.1 0:3.12.74-60.64.63.1 0:3.12.61-52.101.1 0:3.12.74-60.64.66.1 0:3.12.61-52.106.1 0:1.4.2-3.3.1 0:3.12.61-52.66.1 0:3.12.61-52.69.2 0:3.12.61-52.72.1 0:3.12.61-52.77.1 0:3.12.74-60.64.45.1 0:3.12.74-60.64.69.1 0:3.12.61-52.119.1 0:3.12.74-60.64.82.1 0:3.12.61-52.125.1 0:3.12.74-60.64.85.1 0:3.12.61-52.111.1 0:5.5.14-7.1 0:5.5.14-15.1 0:5.5.14-22.1 0:5.5.14-30.1 0:5.5.14-33.2 0:5.5.14-36.1 0:5.5.14-11.3 0:5.5.14-68.1 0:4.6.0-8.1 0:5.5.14-78.1 0:7.0.7-20.1 0:5.5.14-83.1 0:4.6.1-11.1 0:7.0.7-25.1 0:5.5.14-42.2 0:5.5.14-86.2 0:5.5.14-53.1 0:5.5.14-56.1 0:5.5.14-59.2 0:5.5.14-64.5 0:1.0-2.1 0:4.8.4-15.5.1 0:6.11.1-11.5.1 0:7.0.7-50.9.2 0:5.5.14-109.5.1 0:7.0.7-50.18.1 0:5.5.14-109.8.2 0:7.0.7-50.23.1 0:5.5.14-109.13.1 0:5.5.14-89.2 0:7.0.7-35.1 0:5.5.14-96.1 0:5.5.14-99.1 0:4.7.3-14.1 0:7.0.7-38.1 0:7.0.7-28.2 0:5.5.14-109.17.1 0:4.8.7-15.8.1 0:6.12.2-11.8.1 0:7.0.7-50.26.1 0:5.5.14-109.20.1 0:7.0.7-50.32.1 0:5.5.14-109.24.1 0:4.9.1-15.11.1 0:2.2.13-4.1 0:8.0.36-17.1 0:3.0.3-17.4.1 0:2.4.23-29.3.2 0:3.0.3-17.9.1 0:1.1.1-17.3.3 0:2.12.3-27.5.1 0:2.4.23-29.6.1 0:1.0.4-3.3.10 0:2.12.3-27.9.1 0:2.5-6.1 0:8.0.43-29.5.1 0:2.5.5-6.3.1 0:2.5.5-3.3.1 0:1.5.3-2.3.1 0:3.0.3-14.1 0:2.4.23-21.1 0:2.2-3.1 0:2.2.29.1-11.1 0:2.4.23-16.3 0:1.5.6-3.3.2 0:2.4.23-29.13.1 0:2.5.1-25.12.7 0:0.8.0-19.3.1 0:1.1.1-17.7.1 0:2.2.31-19.5.1 0:3.5.21-26.6.1 0:1.5.6-3.6.1 0:7.1.5-15.3.45 0:7.1.5_k4.4.114_92.67-15.3.45 0:8.0.50-29.8.2 0:1.2.7-3.3.1 0:0.9.9-17.5.1 0:1.4.39-4.3.1 0:2.5-10.3.1 0:3.12.58-14.1 0:3.12.61-60.18.1 0:3.12.67-60.27.1 0:3.12.69-60.30.1 0:4.4.74-7.10.1 0:4.4.88-18.1 0:4.4.95-21.1 0:4.4.104-24.1 0:4.4.114-27.1 0:7.1.5_k4.4.21_6-15.3.45 0:4.4.120-3.8.1 0:2-2.3 0:4-2.2 0:5-2.2 0:6-2.2 0:10.0.26-20.10.2 0:2.4.10-14.17.1 0:2.25.16.1-3.1 0:1.0.1i-27.21.1 0:1.0.14-10.14.3 0:10.0.27-20.13.1 0:9.9.9P1-28.20.1 0:9.3.14-19.2 0:210-70.58.1 0:4.4.4_04-22.22.2 0:4.4.4_04_k3.12.60_52.54-22.22.2 0:6-5.1 0:9.9.9P1-28.23.1 0:2.0.2-48.22.1 0:1.0.0-48.22.1 0:1.7.4-48.22.1 0:8-48.22.1 0:10.0.28-20.16.2 0:2.0.2-48.25.1 0:1.0.0-48.25.1 0:1.7.4-48.25.1 0:8-48.25.1 0:1.7.1_sr3.60-31.2 0:4.4.4_05-22.25.1 0:4.4.4_05_k3.12.60_52.57-22.25.1 0:4.2.8p9-46.18.1 0:4.4.4_05-22.28.2 0:4.4.4_05_k3.12.60_52.63-22.28.2 0:0.98.9-4.1 0:1.8.10p3-2.16.1 0:7.0.78-7.13.4 0:9.9.9P1-28.37.1 0:1.8.10p3-2.19.1 0:4.4.4_21-22.42.1 0:4.4.4_21_k3.12.61_52.77-22.42.1 0:0.12.4-8.15.1 0:7.6_1.15.2-30.22.1 0:3.10.3-2.3.1 0:5-3.1 0:10.0.31-20.29.1 0:2.44.2-2.3.1 0:9.3.18-25.5.1 0:1.7.1_sr4.10-38.5.1 0:4.4.4_22-22.51.2 0:4.4.4_22_k3.12.61_52.89-22.51.2 0:10.0.32-20.36.1 0:0.12.4-8.12.1 0:10.0.29-20.23.1 0:2.25-24.10.1 0:2.25-24.10.3 0:4.4.4_14-22.33.1 0:4.4.4_14_k3.12.61_52.66-22.33.1 0:9.9.9P1-28.29.1 0:2.0.2-48.31.1 0:1.0.0-48.31.1 0:1.7.4-48.31.1 0:8-48.31.1 0:1.7.1_sr4.1-34.1 0:3.12.61-52.69.1 0:9.9.9P1-28.26.1 0:9.9.9P1-28.34.1 0:4.2.8p10-46.23.1 0:4.4.4_16-22.36.1 0:4.4.4_16_k3.12.61_52.69-22.36.1 0:4.4.4_18-22.39.1 0:4.4.4_18_k3.12.61_52.69-22.39.1 0:10.0.30-20.26.1 0:4.2.4-18.41.1 0:9.3.17-24.2 0:2.9.1-26.15.1 0:2.19-22.21.1 0:4.5.5_12-22.18.1 0:4.5.5_12_k3.12.74_60.64.45-22.18.1 0:0.12.5-10.1 0:7.6_1.15.2-53.3.1 0:9-3.1 0:8-3.1 0:1.8.0_sr4.10-30.5.1 0:4.5.5_14-22.25.1 0:4.5.5_14_k3.12.74_60.64.54-22.25.1 0:9-2.2 0:2.4.16-20.10.1 0:4.5.5_16-22.28.1 0:4.5.5_16_k3.12.74_60.64.57-22.28.1 0:2.4.16-20.13.1 0:4.2.4-28.19.3 0:12-4.1 0:11-4.1 0:8-4.1 0:4.5.5_18-22.31.1 0:4.5.5_18_k3.12.74_60.64.60-22.31.1 0:2.3.1-33.3.3 0:1.0.0-33.3.3 0:1.8.1-33.3.3 0:8-33.3.3 0:1.0.1i-54.8.1 0:12-2.1 0:4.5.5_20-22.36.3 0:4.5.5_20_k3.12.74_60.64.63-22.36.3 0:8.0.43-10.24.1 0:1.8.0_sr5.5-30.13.1 0:1.7.1_sr4.15-38.8.1 0:2.19-40.6.1 0:1-2.3.1 0:20160516git-10.8.1 0:0.99.22.1-16.4.1 0:1-2.9.1 0:2.3.1-33.6.1 0:1.0.0-33.6.1 0:1.8.1-33.6.1 0:8-33.6.1 0:4.5.5_24-22.43.1 0:4.5.5_24_k3.12.74_60.64.82-22.43.1 0:1.8.0_sr5.10-30.16.1 0:1.7.1_sr4.20-38.16.1 0:2.19-40.9.5 0:2.4.16-20.16.1 0:1.0.1i-54.11.1 0:1.2.6-5.3.11 0:10-2.2 0:8-2.2 0:7-2.2 0:1.7.1_sr2.0-4.1 0:5.19-5.3 0:0.151.0-8.1 0:3.12.38-44.5 0:3.12.39-47.3 0:3.12.39-47.2 0:1.8.10-12.1 0:3.12.32-33.3 0:2.4.10-12.1 0:3.12.43-52.6.2 0:1.7.1_sr3.0-11.1 0:3.12.44-52.10.3 0:1.8.5.6-5.1 0:1.8.10-4.1 0:3.12.36-38.3 0:3.12.36-38.2 0:3.12.44-52.18.3 0:2.4.10-14.10.1 0:1.7.1_sr2.10-8.1 0:1.8.5.6-15.1 0:1.7.1_sr3.20-18.1 0:3.12.51-52.31.5 0:3.12.60-52.49.3 0:3.12.60-52.54.3 0:3.12.51-52.34.3 0:3.12.51-52.39.3 0:1.7.1_sr3.30-21.1 0:9.3.11-14.1 0:1.8.10-18.2 0:3.12.55-52.42.2 0:0.99.22.1-5.1 0:0.99.22.1-9.1 0:2.8.2-6.1 0:1.8.10-21.1 0:1.7.1_sr3.40-25.1 0:3.12.55-52.45.4 0:1.8.0_sr2.0-4.1 0:3.12.59-60.41.8 0:3.12.59-60.45.4 0:3.12.59-60.45.3 0:2.4.16-7.1 0:0.6+git20160531.fbfe336-5.3 0:3.12.51-60.25.2 0:3.12.62-60.62.3 0:3.12.62-60.64.8.5 0:3.12.62-60.64.8.3 0:1.8.0_sr3.10-15.1 0:3.12.67-60.64.18.3 0:3.12.67-60.64.21.3 0:1.8.0_sr3.21-20.1 0:3.12.67-60.64.24.3 0:1.8.0_sr2.10-7.1 0:3.12.53-60.30.2 0:3.12.57-60.35.3 0:1.8.0_sr4.0-23.1 0:3.12.69-60.64.29.3 0:3.12.69-60.64.32.3 0:2.4.16-19.1 0:1.8.0_sr4.1-26.2 0:3.12.69-60.64.35.3 0:3.12.74-60.64.40.4 0:0.24.1-3.1 0:4.4.21-84.3 0:4.4.21-90.3 0:4.4.59-92.24.5 0:4.4.74-92.29.3 0:4.4.74-92.32.3 0:2.10.09-4.5.1 0:4.4.74-92.35.3 0:1.8.19-25.3.1 0:2.8.2-15.3.1 0:4.4.74-92.38.3 0:5.1.42-5.4.1 0:1.10.9-4.3.1 0:4.4.90-92.45.3 0:4.4.90-92.50.3 0:20171128-9.3.2 0:0.7-9.3.1 0:0.162.0-15.3.1 0:4.4.49-92.11.3 0:4.4.49-92.14.3 0:4.4.59-92.17.8 0:4.4.38-93.3 0:4.4.59-92.20.3 0:4.4.114-92.64.2 0:1.7.1_sr4.20-38.12.1 0:2.8.2-15.6.1 0:1.2.0-2.3.1 0:3.0.15-2.3.1 0:4.4.82-6.3.5 0:4.4.82-6.3.3 0:4.4.82-6.6.3 0:4.4.92-6.18.3 0:4.4.92-6.30.2 0:4.4.114-94.11.4 0:1.2.12-3.3.1 0:2.8.2-15.10.1 0:4.4.103-94.6.2 0:4.4.103-94.6.3 0:1.3.2-9.1 0:0.2.3-5.1 0:3.0.2-18.1 0:1.4.1-16.1 0:7.0.55-8.2 0:2.7.9-14.3 0:1.2.22-7.1 0:5.1.3-9.2 0:5.4-2.4.1 0:1.2.40-2.6.1 0:2.8.0-3.4.1 0:3.2.2-6.1 0:4.2.4-18.27.9 0:7.0.68-7.6.1 0:2.3.18-37.1 0:3-2.2 0:2.78-6.6.1 0:037-51.31.1 0:2.4.10-14.28.1 0:4.4.4_24-22.54.1 0:4.4.4_24_k3.12.61_52.92-22.54.1 0:1-8.1 0:2.0.2-48.34.3 0:1.0.0-48.34.3 0:1.7.4-48.34.3 0:8-48.34.3 0:7.0.82-7.16.1 0:4.4.4_26-22.59.3 0:4.4.4_26_k3.12.61_52.101-22.59.3 0:1-5.1 0:2.0.2-48.37.1 0:1.0.0-48.37.1 0:1.7.4-48.37.1 0:8-48.37.1 0:1-1.7.1 0:20140807git-5.3.1 0:4.4.4_28-22.62.1 0:4.4.4_28_k3.12.61_52.119-22.62.1 0:10.0.34-20.43.1 0:2.19-22.24.5 0:1-1.3.1 0:2.4.10-14.31.1 0:1.0.1i-27.31.1 0:1.0.1i-27.28.1 0:3.3.14-20.2 0:2.7.9-24.4 0:8.0.32-8.7 0:2.3.18-40.1 0:1.4-27.1 0:8.0.32-10.13.2 0:2.7.0-3.1 0:2.7.0_k3.12.53_60.30-3.1 0:8.0.32-3.1 0:2.3-3.3.1 0:3.3.14-22.6.1 0:8.0.43-10.19.1 0:3.12.74-60.64.72.1 0:20160518_1.9.4-7.5.1 0:2.5.1-25.12.8 0:2.7.0-3.3.1 0:2.7.0-3.10.1 0:1.4.39-4.6.1 0:1.0.0-16.1 0:0.15.0-3.1 0:1.0.0-19.1 0:1.2.0-4.1 0:2.20.0-6.1 0:2.3.1-3.1 0:2014.2.4.dev18-3.2 0:2014.2.4~a0~dev78-7.2 0:2014.2.4~a0~dev61-6.2 0:2014.2-5.1 0:2014.2.4~a0~dev103-10.3 0:2014.2.4~a0~dev80-14.1 0:1.54-2.1 0:2.71-6.3.1 0:3.1.3-6.1 0:45.3.0-9.1 0:53.0.2785.113-100.1 0:53.0.2785.143-106.1 0:45.4.0-12.1 0:5.5.5-12.1 0:1.4.3-6.1 0:5.20.0-6.1 0:5.21.0-18.1 0:2.8.8-6.1 0:2.8.8-22.1 0:54.0.2840.90-112.1 0:45.5.1-17.1 0:55.0.2883.75-2.1 0:45.6.0-20.1 0:51.0.2704.103-85.3 0:1.4.5-5.1 0:2.5.0-2.1 0:1.2.5-8.1 0:1.5.3-4.1 0:2.17-4.1 0:1.6.0-18.1 0:1.6.2-4.1 0:45.2-6.1 0:52.0.2743.82-89.1 0:5.21.0-15.1 0:3.0.7-6.1 0:52.0.2743.116-92.1 0:1.6.1-6.1 0:61.0.3163.79-29.1 0:1.0.4-5.1 0:61.0.3163.100-32.1 0:2.1.0-6.1 0:1.5.2-6.1 0:2.0.5-2.1 0:3.3.4-11.1 0:3.99.5-2.2 0:0.3.13-2.2 0:2.1.0-9.1 0:2.1.0-19.1 0:52.4.0-45.1 0:1.3.19-8.1 0:1.3.19-18.1 0:0.24.3-6.1 0:1.0.5-32.1 0:1.5-5.1 0:2.0.5-7.1 0:2.0.3-14.1 0:4.0.2-9.1 0:2.4.1.0-6.1 0:3.4.10-5.1 0:52.5.0-48.1 0:0.3.1.9-8.1 0:63.0.3239.84-40.1 0:18.3.4.7-9.1 0:63.0.3239.108-43.1 0:1.9.9-6.1 0:52.5.2-51.1 0:4.7.7-14.1 0:45.7.0-23.1 0:15.12.3-6.1 0:0.24.6-10.1 0:1.0.1-18.1 0:56.0.2924.87-5.1 0:4.14.25-5.3 0:5.26.0-5.1 0:5.26.0-6.2 0:4.14.25-5.2 0:45.8.0-27.1 0:1.0.2-21.1 0:57.0.2987.98-8.1 0:1.3.19-5.1 0:1.3.19-15.1 0:57.0.2987.133-11.1 0:1.4.2-5.1 0:3.1.6-5.1 0:2.8.10-9.1 0:3.2.4-6.3.1 0:58.0.3029.81-14.1 0:58.0.3029.96-17.1 0:52.1.0-30.1 0:5.26.0-6.1 0:5.26.0-2.3.1 0:4.14.25-8.2 0:4.14.25-7.4.1 0:59.0.3071.86-20.1 0:1.0.3-25.1 0:0.8.21-12.1 0:2.8.11-12.1 0:3.1.8-8.1 0:52.2-36.1 0:59.0.3071.104-23.1 0:1.7.0-12.1 0:16.08.2-5.2 0:16.08.2-5.1 0:2.8.12-15.1 0:1.0.4-28.1 0:60.0.3112.78-26.1 0:15.12.3-8.1 0:16.08.2-3.1 0:52.3.0-42.1 0:52.6-54.1 0:64.0.3282.119-46.2 0:20180101-5.1 0:64.0.3282.140-49.1 0:20180201-8.1 0:20180201-12.1 0:5.8.7-8.1 0:64.0.3282.167-52.1 0:1.1.1-43.1 0:3.4.2-14.1 0:3.4.2-10.1 0:1.0.6-36.1 0:14.4.2-5.1 0:1.3.19-11.1 0:1.3.19-21.1 0:0.15.1b-5.1 0:4.7.8-17.1 0:3.100-6.1 0:3.100-7.1 0:1.0.5-8.1 0:1.9.4-15.1 0:1.9.4-5.1 0:0.3.2.10-14.1 0:1.8.7-5.1 0:1.11.10-5.1 0:1.11.11-8.1 0:1.13.9-12.1 0:52.7-57.1 0:4.1.2-5.1 0:1.3.19-14.1 0:1.3.19-24.1 0:4.8.0.1-20.1 0:1.8.17-5.1 0:4.0.6-12.1 0:2.1.0-8.1 0:4.14.18-6.2 0:5.20.0-6.2 0:5.20.0-7.1 0:4.14.18-9.1 0:64.0.3282.140-138.1 0:0.9.1-154.24 11.1 0:3.5.9-0.1.1 0:0.7.0.r4359-15.22.49 0:0.7.0.r1053-11.16.61 0:1.6.1-83.17.1 0:0.3.14-2.12.105 0:0.5.12-23.40.5 0:0.5.12-23.40.6 0:2.17.35-0.2.17 0:0.9-14.34.9 0:0.9-14.34.11 0:2.6.2-1.14 0:2.2.10-2.24.5 0:2.0.4-40.19 0:5.2.6-50.24.1 0:0.6.23-11.19.22 0:9.5.0P2-20.7.1 0:1.36.0-11.17 0:1.0.5-34.246 0:3.4.3-1.17.2 0:1.34b-11.17.2 0:0.96-0.12.1 0:1.1.0-22.24 0:4.1-194.24.4 0:1.3.9-8.30.1 0:7.19.0-11.24.25 0:2.3.11-60.21.1 0:1.2.10-3.11.29 0:1.2.10-3.11.33 0:3.1.3.ESV-0.3.38 0:1.41.9-2.1.51 0:22.3-4.32.4 0:1.6.4-152.17.55 0:2.28.2-0.2.68 0:2.28.2-0.10.9 0:2.0.1-88.26.1 0:6.3.8.90-13.16.1 0:4.24-43.17 0:4.4.0-38.24.11 0:2.1.1-7.7.19.77 0:2.3.7-25.10.1 0:2.3.7-25.9 0:2.7.2-61.18.1 0:2.5.26-1.25 0:1.1.36-26.31 0:2.0.36.RC1-52.18 0:8.62-32.27.31 0:4.2.7-32.27.31 0:2.22.5-0.2.23 0:2.2.23-1.41.1 0:2.4.8-1.2.55 0:2.28.3-0.4.30 0:2.4.1-24.19.1 0:2.0.9-25.25.1 0:0.10.25-1.1.133 0:0.10.17-1.1.126 0:2.18.9-0.4.1 0:7.2-8.8 0:1.3.12-69.19.1 0:3.9.8-3.4.30 0:0.7.3-1.1.93 0:1.4.2_sr13.3-1.1.1 0:1.6.0_sr7.0-1.6.21 0:4.3.5-0.8.35 0:4.3.5-0.8.40 0:3.5.10-20.31 0:3.5.10-23.27.1 0:4.3.5-0.2.46 0:2.6.32.12-0.7.1 0:1.6.3-133.27.1 0:1.6.3-133.21 0:1.6.3-133.12 0:0.12.3-0.11.1 0:1.17-77.14.19 0:6.4.3.6-7.20.1 0:4.6.2-1.6.9 0:4.6.2-1.6.11 0:4.6.2-1.6.10 0:1.4-73.21 0:1.3.4-12.20.2 0:1.3.3-11.16.1 0:2.5.5-5.19 0:2.4.17-0.3.12 0:0.6.17-2.12 0:0.17.1-31.20 0:2.28.0-1.2.20 0:4.0-7.24.11 0:2.2.6-2.131.1 0:2.1.5-5.18 0:5.0.67-13.20.1 0:0.28.3-2.12.1 0:10.26.44-101.9.1 0:0.11.6-5.25.1 0:0.9.8h-30.27.11 0:1.2.31-5.12.1 0:0.12.3-1.2.44 0:0.9.21-1.5.26 0:2.6.0-8.9.20 0:0.8.4-194.23.38 0:0.18-1.15 0:0.2.1-1.2.16 0:0.1.4-1.15 0:1.0.20-2.1.46 0:5.4.2.1-8.2.1 0:2.28.2-0.1.151 0:3.8.2-141.8.1 0:0.7.6-1.9.8 0:1.2.0-79.12 0:2.7.6-0.1.37 0:1.1.24-19.15 0:1.2.10-1.36 0:2.1.12-0.1.1 0:2.5.2-17.16 0:2.0.1-1.19.1 0:1.9.0.19-0.1.1 0:1.9.1.9-1.12.1 0:1.5.17-42.33.1 0:3.0.6-1.21.1 0:1.4.13-1.35 0:4.2.4p8-1.3.28 0:5.1p1-41.31.36 0:2.6.16-1.34.3 0:2.0.9-143.31 0:1.0.4-0.5.12 0:2.3.1-47.10.15 0:184-147.20 0:0.47-13.13.65 0:5.10.0-64.47.8 0:3.56-1.18.1 0:804.028-50.24 0:3.2.5-26.22.18 0:8.3.9-0.1.1 0:0.24.8-1.3.5 0:2.6.0-8.9.28 0:3.3.8b-88.21 0:0.99.15-0.1.55 0:3.0.4-2.33.82 0:1.8.7.p72-5.24.2 0:2.7.STABLE5-2.4.1 0:1.5final-28.19 0:1.6.9p17-21.3.1 0:2.0.9-27.27.19 0:8.1.5-7.9.56 0:1.0-0.15.16 0:1.20-23.23.1 0:3.80.2-2.8 0:5.52-142.23.43 0:0.5.2-132.1.37 0:1.11.4-1.15.1 0:1.0.5-1.34.1 0:1.0.2-36.18 0:4.0.0_21091_04-0.2.6 0:4.0.0_21091_04_2.6.32.12_0.7-0.2.6 0:7.4-9.24.15 0:7.4-27.19.19 0:3.02-138.26.1 0:238-1.16 0:2.10-911.22 11.2 0:10.0-0.3.2 0:0.7.1_git20090811-3.20.5 0:0.7.1-5.22.28 0:0.3.14-2.23.126 0:0.5.12-23.58.22 0:0.5.12-23.58.21 0:0.9-14.39.1 0:0.9-14.39.2 0:11-6.65.1 0:1.0.6-91.16.1 0:2.7.0-18.7.1 0:2.2.12-1.28.1 0:1.2.26-1.30.110 0:5.2.14-0.7.24.1 0:5.3.8-0.19.6 0:9.6ESVR5P1-0.8.1 0:1.0.5-34.253.1 0:5.1-0.4.9 0:0.97.3-0.2.1 0:4.1-194.199.1 0:1.3.9-8.44.1 0:7.19.7-1.18.1 0:2.3.11-60.65.64.1 0:1.2.10-3.23.1 0:0.76-34.22.1 0:4.2.3.P2-0.7.2 0:3.2.3-44.28.1 0:1.0.22-3.21.2 0:1.41.9-2.7.1 0:61-1.29.1 0:0.2-1001.30.1 0:22.3-4.40.1 0:1.6.4-152.22.1 0:2.28.2-0.7.2 0:2.28.2-0.26.33.14 0:6.3.8.90-13.20.19.1 0:4.24-43.19.1 0:4.4.0-38.26.1 0:3.0.2-269.35.1 0:2.1.1-7.10.1 0:2.3.7-25.28.1 0:2.7.2-61.23.1 0:8.62-32.28.1 0:4.2.7-32.28.1 0:2.11.3-17.31.1 0:2.2.23-1.50.1 0:2.28.3-0.28.1 0:2.4.1-24.39.33.1 0:2.0.9-25.33.27.1 0:0.10.35-5.15.8 0:0.10.30-5.8.11 0:2.18.9-0.21.4 0:7.2-8.15.2 0:3.11.10-0.6.7.1 0:1.4.2_sr13.10-0.4.1 0:1.6.0_sr9.3-0.4.1 0:1.14.1-16.31.1 0:4.3.5-0.10.2 0:4.3.5-0.6.1 0:4.3.5-0.4.1 0:3.0.13-0.27.1 0:1.6.3-133.48.48.1 0:0.15.1-0.17.3 0:1.34b-12.18.3 0:3.6.3-0.18.3 0:6.4.3.6-7.22.1 0:4.6.3-5.12.1 0:1.3.4-12.22.21.2 0:1.3.4-12.22.21.1 0:1.3.3-11.18.17.1 0:2.11-2.17.1 0:0.34-2.5.1 0:2.4.27-0.6.6 0:3.13.1-0.2.1 0:2.6.7-0.5.76 0:1.0.0-307.10.1 0:4.0-7.26.1 0:5.0.94-0.2.4.1 0:0.29.6-6.7.1 0:0.52.10-1.35.7 0:0.11.6-5.27.1 0:0.9.8j-0.26.1 0:1.2.31-5.25.1 0:0.12.3-1.3.1 0:0.9.23-0.7.128 0:2.6.0-8.12.2 0:4.6.3-5.10.1 0:0.2.1-1.5.1 0:2.26.0-2.3.1 0:1.0.20-2.4.1 0:5.4.2.1-8.12.6.1 0:2.32.2-4.7.1 0:3.8.2-141.142.1 0:0.9.6-0.13.42 0:1.2.0-79.13.1 0:3.0.3-0.6.1 0:11-1.22.1 0:3.2.15-0.13.1 0:2.7.6-0.13.1 0:0.9-1.24.1 0:3.7.7-10.24.1 0:7.3.6-65.72.1 0:2.02.84-3.25.5 0:2.1.14-9.2.1 0:2.0.2.umip.0.4-8.7.1 0:2.6.7-0.7.19 0:1.9.2.24-0.3.1 0:1.9.2.24-0.3.2 0:3.0.6-1.25.24.1 0:4.2.4p8-1.16.1 0:1.5.2-0.22.23 0:1.5.2_3.0.13_0.27-0.22.23 0:1.2.0-172.22.1 0:5.1p1-41.51.1 0:2.6.16-1.36.1 0:2.4-662.18.1 0:1.1.5-0.10.17 0:1.26.2-1.3.1 0:1.3.8-3.15.1 0:1.4.102-1.37.3 0:5.10.0-64.55.1 0:5.816-2.23.1 0:3.3.1-10.8.3 0:8.3.14-0.2.1 0:2.6.12-0.10.1 0:1.0.22-3.15.1 0:1.5.11-0.9.96 0:0.99.15-0.6.2 0:1.1-1.24.4.1 0:3.0.4-2.38.1 0:5.8.7-0.5.5 0:1.8.7.p357-0.7.1 0:2.7.STABLE5-2.10.1 0:3.1.12-8.10.1 0:1.4-13.6.1 0:1.5final-28.21.1 0:1.7.6p2-0.2.4.1 0:0.71.47-0.7.1 0:2.0.9-27.32.1 0:8.1.5-7.32.1 0:1.0.8-9.16.1 0:1.5-0.7.54 0:5.1.1-100.19.1 0:1.26-1.2.4.1 0:0.48-101.20.1 0:0.9.10-0.15.1 0:6.0.18-20.35.36.1 0:6.00-11.7.1 0:0.22.5-0.2.1 0:0.5.2-132.2.1 0:1.4.10-0.2.1 0:4.1.2_14-0.5.5 0:4.1.2_14_3.0.13_0.27-0.5.5 0:7.4-9.47.1 0:7.4-27.60.5 0:7.4-8.26.32.1 0:2.17.119-0.5.25 0:2.17.44-0.5.3 11.3 0:9.0.3-0.17.1 0:17.0.4esr-0.10.42 0:0.7.1_git20090811-3.28.2 0:0.3.14-2.28.46 0:0.5.12-23.68.1 0:0.9-14.41.1 0:11-6.90.1 0:1.0.6-91.25.20 0:1.7.1-20.9.53 0:1.7.1-16.9.65 0:2.2.12-1.38.2 0:5.3.17-0.13.7 0:2.7.1-0.2.12.1 0:4.3.5-0.3.3 0:0.6.23-11.30.4 0:9.6ESVR7P4-0.10.1 0:1.36.0-12.3.1 0:5.1-0.11.1 0:0.97.7-0.3.1 0:2.3.37-2.24.36 0:2.4.26-0.24.36 0:4.1-194.207.1 0:1.3.9-8.46.46.1 0:7.19.7-1.26.8 0:1.12.12-144.23.5.1 0:1.2.10-3.27.1 0:4.2.4.P2-0.16.15 0:3.2.3-44.30.1 0:1.41.9-2.9.1 0:61-1.33.1 0:2.28.2-0.29.24 0:2.0.1-88.34.1 0:4.24-43.23.1 0:2.1.1-7.16.7 0:2.3.7-25.32.1 0:2.8.7-0.9.12 0:8.62-32.34.1 0:4.2.7-32.34.1 0:2.22.5-0.8.8.1 0:2.11.3-17.54.1 0:2.28.3-0.32.1 0:2.4.1-24.39.45.1 0:2.0.9-25.33.31.1 0:2.18.9-0.23.1 0:1.20.4-0.14.9 0:1.3.12-69.23.1 0:5-0.7.10 0:1.5.7-0.7.31 0:3.0.1-253.36.1 0:1.6.0_sr13.1-0.9.1 0:1.7.0_sr4.1-0.5.1 0:6b-879.12.1 0:6.2.0-879.12.1 0:4.3.5-0.12.12.1 0:4.3.5-0.10.1 0:3.0.76-0.11.1 0:1.6.3-133.49.54.1 0:1.4.1-0.11.1 0:1.34b-12.39.1 0:3.6.3-0.39.1 0:6.4.3.6-7.26.1 0:4.6.3-5.25.5 0:4.6.3-5.25.4 0:1.3.3-11.18.19.1 0:0.37.1-5.16.1 0:2.4.41-0.8.46 0:9.1.9-0.3.1 0:0.6.17-2.14.1 0:3.14.3-0.11.11 0:2.28.0-1.9.24 0:4.0-7.26.15 0:5.0.96-0.6.1 0:5.5.31-0.7.10 0:0.52.10-1.35.113 0:0.9.8j-0.50.1 0:3.2.0-10.3.1 0:1.2.31-5.31.1 0:0.12.3-1.8.1 0:0.3.1-2.6.1 0:0.3.1-2.6.3 0:2.6.8-0.15.1 0:5.4.2.1-8.12.16.1 0:2.32.2-4.13.1 0:1.9.4-0.12.24 0:3.8.2-141.152.1 0:0.3.10-0.9.50 0:2.6.2-0.2.4.1 0:1.0.5.1-0.7.10 0:1.2.0-79.20.1 0:2.7.6-0.23.1 0:1.1.24-19.21.1 0:3.7.7-10.26.1 0:2.02.98-0.25.3 0:2.1.14-9.6.1 0:1.9.2.27-0.2.1 0:3.0.6-1.25.28.1 0:1.4.16-0.11.35 0:1.2.3-18.31.1 0:4.2.4p8-1.22.1 0:1.5.4.1-0.11.5 0:1.5.4.1_3.0.76_0.11-0.11.5 0:2.4.2-0.9.12 0:6.2p2-0.9.1 0:2.0.9-143.38.22 0:2.3.1-47.12.1 0:0.47-13.16.1 0:5.10.0-64.67.52 0:0.2808.01-0.67.52 0:0.72-0.67.52 0:8.3.23-0.4.1 0:2.6.18-0.4.2 0:1.0.22-3.19.1 0:0.5.0-3.20.1 0:0.99.15-0.12.1 0:3.0.4-2.47.28 0:5.10.1-0.7.49 0:1.8.7.p357-0.9.9.1 0:1.3.11-0.19.1 0:1.7.0.0-1.16.1 0:2.7.STABLE5-2.12.12.1 0:3.1.12-8.12.1 0:1.5final-28.23.23.1 0:4.54-0.9.24 0:1.7.6p2-0.17.5 0:0.71.61-0.11.12 0:2.0.9-27.34.36.1 0:8.1.5-7.45.24 0:1.0.8-9.23.44 0:1.5-0.9.1 0:5.1.1-100.21.1 0:1.5-19.23.4 0:0.48-101.31.27 0:0.9.10-0.17.1 0:6.0.18-20.35.40.1 0:2.3.1-0.9.40 0:1.2.1-0.7.19 0:1.8.6-0.2.1 0:3.3.12-517.12.34 0:4.2.2_04-0.7.5 0:4.2.2_04_3.0.76_0.11-0.7.5 0:7.4-9.62.46 0:7.4-27.81.7 0:7.4-1.29.1 0:7.3.99-17.11.1 0:7.3.99-3.20.1 0:2.17.129-0.7.2 0:2.17.45-0.5.1 11.4 0:9.0.3-0.28.29.2 0:31.7.0esr-0.8.1 0:0.3.14-2.30.11 0:0.5.12-23.76.1 0:0.9-14.43.1 0:4.13-1326.37.1 0:11-6.105.1 0:1.7.1-20.11.1 0:1.7.1-16.11.1 0:2.2.12-1.51.52.1 0:1.2.40-0.2.1 0:1.0.8-0.4.13.1 0:2.0.4-40.24.1 0:5.3.17-0.41.1 0:2.7.1-0.2.18.1 0:0.9.0-3.15.1 0:1.10.1-4.131.9.1 0:0.6.23-11.32.1 0:3.2-147.27.35 0:5.2-147.27.35 0:9.9.6P1-0.5.5 0:9.9.6P1-0.5.1 0:2.24-3.62 0:1.36.0-12.6.49 0:1.49.0-0.13.3 0:5.1-0.14.46 0:0.98.7-0.3.1 0:2.3.37-2.30.1 0:2.4.26-0.30.1 0:8.12-6.25.32.33.1 0:2.9-75.78.1 0:4.1-194.211.213.1 0:1.3.9-8.46.56.1 0:7.19.7-1.42.1 0:1.5.2-1.36 0:1.2.10-3.31.1 0:4.2.4.P2-0.22.1 0:2.71-0.14.9 0:1.41.9-2.14.3 0:0.152-4.9.17 0:22.3-4.42.1 0:2.28.2-0.32.1 0:0.95-1.24.1 0:4.24-43.27.1 0:2.1.1-7.18.1 0:2.3.7-25.35.36.1 0:2.8.7-0.11.1 0:2.0.36.RC1-52.20.1 0:2.22.5-0.8.14.1 0:2.11.3-17.84.1 0:2.28.3-0.39.17 0:2.4.1-24.39.55.1 0:2.0.9-25.33.39.1 0:1.1.6-25.32.1 0:0.10.30-5.12.15 0:1.20.12-0.18.70 0:3.11.10-0.6.11.1 0:6-3.5 0:1.5.7-0.15.22 0:0.7.3-1.4.1 0:1.1.1-1.37.1 0:1.7.1_sr3.0-1.1 0:1.14.1-16.33.1 0:4.3.5-0.12.18.1 0:4.3.5-0.11.18.1 0:4.3.5-0.3.1 0:4.3.5-0.14.1 0:2.4.4-255.28.1 0:3.0.101-63.1 0:1.6.3-133.49.66.1 0:1.4.2-30.5 0:1.17-77.16.1 0:1.34b-12.58.1 0:3.6.3-0.58.1 0:1.2.1-68.17.1 0:6.4.3.6-7.30.1 0:4.6.3-5.34.2 0:1.3.4-12.22.23.1 0:1.3.3-11.18.19.8 0:2.19.1-6.72.1 0:0.41.rc1-2.34 0:2.4.52-0.7.1 0:9.4.4-0.6.2 0:1.4.5-24.24.1 0:3.17.3-0.8.11 0:4.8.3+r212056-2.17 0:1.5.0-0.17.1 0:2.28.0-1.13.1 0:1.900.1-134.17.1 0:1.0.4-1.18.1 0:2.03-12.3.1 0:2.3.2-3.118.2 0:2.3.2-3.118.1 0:0.0.20060920alpha-74.5.1 0:5.5.43-0.7.3 0:5.0.96-0.6.20 0:0.9.8j-0.70.1 0:0.24.4-0.15.1 0:1.2.31-5.33.1 0:0.12.3-1.10.1 0:0.9.23-0.17.1 0:2.6.9-0.35.1 0:0.2.1-1.7.1 0:1.0.20-2.6.5 0:5.4.2.1-8.12.22.1 0:1.2.9-4.2.4.1 0:1.9.4-0.16.1 0:1.5-1.30.1 0:3.8.2-141.154.1 0:0.3.10-0.11.1 0:1.2.5-3.76 0:2.2.3-0.8.1 0:1.4-1.38.24 0:11-1.25.26 0:3.2.15-0.17.28 0:2.7.6-0.31.1 0:1.1.24-19.23.1 0:3.7.7-10.30.1 0:7.3.6-65.74.1 0:2.02.98-0.33.1 0:0.8.0-0.23.2 0:12.5-1.9.1 0:2.6.7-0.13.1 0:4.10.7-0.3.3 0:1.5.17-42.39.1 0:3.0.6-1.25.36.1 0:2.12-24.4.10.1 0:1.4.16-0.13.1 0:1.2.3-18.38.43.1 0:4.2.8p2-2.18 0:1.5.4.1-20.26 0:1.5.4.1_3.0.101_63-20.26 0:3.2-0.11.26 0:1.2.0-172.24.1 0:6.6p1-4.7 0:2.0.9-143.44.1 0:1.1.5-0.15.9 0:5.10.0-64.72.1 0:0.2808.01-0.72.1 0:0.72-0.72.1 0:1.7-37.63.64.1 0:4.4.2.3-37.63.64.1 0:1.2.22-2.1 0:2.6.7-1.31 0:2.4.5.git-2.29.1 0:3.22-240.8.1 0:2.7.26-0.5.1 0:1.0.22-3.25.1 0:1.1.6-168.34.1 0:2.3.6-0.13.1 0:0.7-6.22.1 0:0.99.15-0.14.11 0:1.1-1.24.8.19 0:5.10.1-0.11.1 0:1.8.7.p357-0.9.17.1 0:1.3.11-0.23.2 0:8.14.3-50.24.1 0:0.7.318.81ee561d-0.9.2 0:2.7.STABLE5-2.12.16.1 0:3.1.12-8.16.20.1 0:1.5final-28.23.25.1 0:4.4.0-6.25.1 0:1.7.6p2-0.23.1 0:0.71.61-0.13.1 0:8.1.5-7.50.25 0:1.26-1.2.6.1 0:3.9.8-1.27.1 0:6.0.41-0.43.1 0:6.00-11.13.1 0:2.28.1-2.5.1 0:1.2.1-10.41 0:2.0.7-4.35.1 0:1.11.4-1.19.1 0:1.10.13-0.2.1 0:0.7.1-6.15.1 0:2.7.0-217.26.1 0:4.4.2_08-1.7 0:4.4.2_08_3.0.101_63-1.7 0:2.3.14-130.133.1 0:7.4-9.65.46 0:7.4-27.105.1 0:7.4-5.11.11.7 0:7.4-5.11.11.1 0:7.4-1.18.2 0:7.4-1.16.8 0:7.4-1.16.2 0:7.4-1.18.7 0:7.4-1.18.1 0:7.4-1.19.8 0:7.4-1.19.2 0:7.4-8.26.44.1 0:7.3.99-3.22.1 0:2.17.140-1.1 0:2.17.46-0.5.1 0:1.2.5-4.33.1 0:2.8.0-29.17.1 0:2.2-31.27.1 0:2.24-3.18 0:6.2.18-4.31.2 0:2011.10.10-0.7.10 0:15.6-95.22 0:1.0.114.6-0.11.1 0:10.3.1.4-1.16 0:2.28.2-0.13.49 0:2.28.2-0.30.1 0:2.0-20.31 0:2.6.6-0.25.2 0:0.22.0-294.26.1 0:2.6.2-3.34.45.1 0:1.7.12.4-0.9.1 0:2.2.7-1.35 0:1.9.14-401.20 0:1.4.2-2.18.53 0:0.46-62.43.1 0:1.8.2-1.24.1 0:0.15.1b-130.17 0:3.1.11a-116.2.1 0:3.6.10-0.3.1 0:4.0.3.3.26-0.10.2 0:4.0.3.3.26-0.10.1 0:3.4.5.5-0.3.1 0:0.4.5-2.7.1 0:0.2-5.20.1 0:0.1.9-9.19.1 0:0.5.3-126.25 0:1.0.1-0.1.141 0:1.2.7-0.17.1 0:0.2.8.4-206.27.4 0:0.8.14-4.33 0:1.1.15-23.3.9 0:1.8.17-481.19.5 0:1.8.17-481.19.2 0:0.1.3-0.10.16.2 0:1.4.20-2.54.1 0:2.8.6-143.19 0:1.2.6-5.17.1 0:2.3.2-0.9.2 0:2.0.3-249.21.1 0:0.7.1-2.29.1 0:0.4.6-2.7.90 0:0.139.2-0.3.1 0:2.10.3-1.20.1 0:1.10.10-120.35.1 0:2.0.1-28.20.1 0:0.56.2-1.9.1 0:0.6c11-5.2.1 0:0.10.1-0.5.7.1 0:0.99.15-0.14.1 0:3.2.12-0.9.1 0:3.2.12-0.19.1 0:3.2.12-0.5.8 0:3.2.12-0.5.10 0:3.2.12-0.7.9 0:3.2.12-0.11.1 0:1.7.0-0.7.1 0:0.6.0-0.8.1 0:1.2.0-0.4.4 0:1.4.5-0.5.8 0:1.3.2-0.12.5.1 0:3.9.1-0.8.3 0:2.2.1-0.7.11.1 0:9.05-1.19.1 0:1.1.7-7.23.2 0:1.2.9-162.37.1 0:1.6.17-1.33.1 0:0.7.10-2.19.1 0:2007-219.34.6 0:3.8.1-0.5.1 0:7.11.2-0.9.1 0:2.2.12-1.40.1 0:5.2.14-0.7.30.50.1 0:5.3.8-0.43.1 0:2.7.1-0.2.14.1 0:9.9.4P2-0.6.1 0:2.6.7-0.9.1 0:3.6.3-0.33.39.1 0:1.3.9-8.46.48.1 0:7.19.7-1.20.31.1 0:1.2.10-3.25.1 0:4.2.4.P2-0.11.13.1 0:2.6.6-0.19.1 0:4.9.2-0.6.1 0:3.13.6-0.5.1 0:4.9.3-0.2.1 0:3.14-0.3.1 0:4.9.4-0.3.1 0:3.14.1-0.3.1 0:0.3.8-56.51.1 0:0.3.8-56.44.45.129 0:4.9.5-0.3.2 0:3.14.2-0.4.3.2 0:4.9.6-0.3.1 0:3.14.3-0.4.3.1 0:2.1.1-7.16.1 0:1.7.12.4-0.5.1 0:2.11.3-17.45.49.1 0:2.4.1-24.39.47.1 0:1.5.4-0.7.7.1 0:0.46-62.38.1 0:2.4.2-170.21.3.1 0:2012.9.13-0.8.1 0:1.4.2_sr13.18-0.4.1 0:1.6.0_sr15.0-0.5.1 0:1.7.0_sr6.0-0.7.1 0:4.3.5-0.12.1 0:1.6.3-133.49.58.1 0:3.6.3-0.24.4 0:4.6.3-5.20.23.1 0:1.5.0-0.15.2 0:0.16.0-1.4.1 0:3.5.4.13-0.3.1 0:2.32.2-4.11.1 0:0.2-5.18.1 0:0.9.6-0.29.1 0:0.9.6-0.23.1 0:1.2.7-0.15.2 0:2.7.6-0.25.1 0:1.4.20-2.52.1 0:4.10.1-0.3.1 0:3.15.2-0.3.1 0:3.0.6-1.25.34.1 0:4.10.2-0.3.1 0:3.15.3-0.3.1 0:3.15.3.1-0.4.2.1 0:2.4-0.11.1 0:5.10.0-64.61.61.1 0:1.7-37.50.6 0:4.4.2.3-37.50.6 0:2.6.8-0.23.1 0:0.7.4-0.7.8.1 0:1.3.10-0.5.1 0:1.1.6-0.9.2 0:1.8.7.p357-0.9.13.1 0:2.3.17-0.9.1 0:2.3.17-0.8.1 0:2.1.2-1.14.1 0:2.3.17-0.13.2 0:2.3.14-0.10.1 0:2.3.14-0.12.1 0:3.2.12-0.7.1 0:2.3.0-0.10.1 0:1.1-0.8.2 0:2.3.17-0.11.1 0:1.6.17-1.25.1 0:1.8.12-0.2.1 0:4.1.4_02-0.5.1 0:0.9.6-0.21.3 0:4.1.2_20-0.5.2 0:4.1.3_02-0.5.1 0:4.1.3_04-0.5.1 0:4.1.5_02-0.5.1 0:4.1.6_02-0.5.1 0:4.1.6_04-0.5.1 0:7.4-27.70.76.1 0:7.4-8.26.40.1 0:7.4-1.16.1 0:7.4-1.19.1 0:7.4-1.22.5.1 0:24.6.0esr-0.8.1 0:4.10.6-0.3.1 0:3.16.1-0.8.1 0:9.0.3-0.19.1 0:17.0.9esr-0.7.1 0:31.8.0esr-0.13.2 0:38.5.0esr-28.2 0:24.5.0esr-0.8.1 0:4.10.4-0.3.1 0:3.16-0.8.1 0:31.6.0esr-0.8.1 0:31.8.0esr-0.10.1 0:4.10.8-0.5.1 0:3.19.2_CKBI_1.98-0.10.1 0:2.2.12-1.46.1 0:2.2.12-59.1 0:5.3.17-0.31.1 0:0.9.0-3.17.2 0:5.2-147.22.1 0:9.9.6P1-0.12.1 0:9.9.6P1-0.15.1 0:9.9.6P1-0.19.1 0:9.9.6P1-0.22.1 0:2.23.1-0.23.15 0:2.23.1-0.23.2 0:3.6.3-0.52.5 0:1.3.9-8.46.52.2 0:7.19.7-1.38.1 0:7.19.7-1.46.1 0:7.19.7-1.40.1 0:4.2.4.P2-0.24.1 0:1.41.9-2.10.11.1 0:2.19.1-6.62.7 0:2.6.6-0.23.1 0:17.0.7esr-0.8.1 0:17.0.10esr-0.7.4 0:24.3.0esr-0.8.1 0:3.15.4-0.7.1 0:24.4.0esr-0.8.1 0:24.7.0esr-0.8.2 0:3.16.2-0.8.1 0:24.8.0esr-0.8.1 0:4.10.7-0.3.1 0:3.16.4-0.8.1 0:31.3.0esr-0.8.1 0:31.4.0esr-0.8.7 0:31.5.3esr-0.8.1 0:4.10.9-11.1 0:38.3.0esr-22.1 0:38.4.0esr-25.6 0:4.10.10-16.1 0:3.19.2.1-19.3 0:24.2.0esr-0.7.1 0:3.15.3.1-0.7.1 0:31.2.0esr-0.16.1 0:3.17.2-0.8.1 0:38.2.1esr-19.3 0:3.19.2.0-0.16.1 0:2.3.7-25.34.1 0:4.1.6-13.1 0:1.7.12.4-0.11.2 0:2.11.3-17.72.14 0:2.11.3-17.87.3 0:2.11.3-17.95.2 0:2.4.1-24.39.51.1 0:2.4.1-24.39.57.1 0:2.4.1-24.39.60.1 0:2.18.9-0.35.1 0:2.18.9-0.39.1 0:1.20.4-0.18.1 0:1.5.7-0.9.1 0:4.0-7.28.1 0:1.6.0_sr16.2-0.3.1 0:1.6.0_sr16.7-10.1 0:1.6.0_sr16.15-46.1 0:1.7.0_sr8.0-0.5.1 0:1.7.0_sr9.10-9.1 0:1.7.0_sr9.20-42.1 0:4.3.5-0.12.20.1 0:3.0.101-0.47.71.3 0:1.6.3-133.49.62.1 0:1.6.3-133.49.97.1 0:1.6.3-133.49.103.1 0:1.6.3-133.49.64.1 0:1.6.3-133.49.68.1 0:1.0.5.9-0.19.3 0:2.5-0.7.1 0:4.6.3-5.29.2 0:2.19.1-6.62.1 0:9.1.12-0.3.1 0:3.16.5-0.7.1 0:1.5.0-0.19.1 0:1.0.4-1.20.1 0:0.0.20060920alpha-74.10.1 0:5.5.39-0.7.1 0:5.0.96-0.6.13 0:0.9.8j-0.66.1 0:1.2.31-5.35.1 0:1.2.31-5.38.1 0:0.9.23-0.15.1 0:4.6.3-5.32.1 0:4.0.3.3.26-0.6.2 0:4.0.3.3.26-0.6.1 0:2.26.0-2.5.1 0:1.0.20-2.10.2 0:1.5-1.28.1 0:1.0.5.9-0.9.1 0:0.9.1-156.1 0:0.2.8.4-206.29.29.1 0:2.7.6-0.34.1 0:2.7.6-0.37.1 0:0.8.0-0.21.6 0:0.8.0-0.25.1 0:2.6.7-0.16.1 0:38.6.0esr-31.3 0:3.20.2-25.2 0:4.10.8-0.8.1 0:3.19.2.2-22.1 0:3.15.2-0.8.1 0:5.5.45-0.11.1 0:5.5.46-0.14.1 0:5.5.47-0.17.1 0:5.4.2.1-8.12.24.1 0:3.15.3-0.8.1 0:2.4.26-0.35.1 0:2.4.26-0.62.2 0:0.9.8j-0.80.1 0:0.152.0-6.2 0:1.1.5-0.12.1 0:5.10.0-64.70.1 0:5.3.17-45.1 0:5.3.17-48.1 0:1.7-37.60.2 0:4.4.2.3-37.60.2 0:9.4.5-0.8.3 0:9.1.15-0.3.1 0:9.1.18-0.3.1 0:9.1.19-0.5.1 0:2.6.9-0.33.1 0:2.6-8.33.1 0:2.6.9-0.25.1 0:2.6-8.25.1 0:2.6.9-0.27.1 0:2.6-8.27.1 0:2.6.9-0.31.1 0:2.6-8.31.1 0:0.6c8-10.19.6.1 0:0.6c11-6.1 0:2.3.17-0.13.1 0:1.8.7.p357-0.9.15.1 0:2.3.17-0.15.2 0:3.2.12-0.14.3 0:3.2.12-0.18.1 0:2.3.0-0.12.1 0:1.1.6-0.11.2 0:1.4.5-0.7.3 0:3.6.3-76.1 0:3.6.3-0.56.1 0:3.6.3-64.1 0:3.0u-0.7.2 0:1.2.9-162.33.1 0:1.6.17-1.29.1 0:1.0-37.1 0:3.8.2-141.160.1 0:1.10.11-0.2.1 0:1.12.7-0.5.3 0:1.12.9-0.12.1 0:4.2.5_06-0.7.1 0:4.2.5_02-0.7.1 0:4.2.5_12-15.1 0:4.2.5_14-18.2 0:4.2.2_06-0.7.1 0:4.2.3_02-0.7.1 0:4.2.3_08-0.7.1 0:4.2.4_02-0.7.1 0:4.2.4_04-0.9.1 0:4.2.5_04-0.9.1 0:4.2.5_08-0.9.1 0:4.2.5_18-21.1 0:3.1.8-0.7.1 0:7.4-27.85.1 0:7.4-8.26.42.1 0:7.4-5.11.15.1 0:1.6.5-4.1 0:1.6.5-6.1 0:1.2.5-4.35.1 0:1.2.5-4.38.1 0:1.2.5-4.41.1 0:1.2.5-4.46.1 0:1.2.5-4.52.1 0:1.2.5-4.59.1 0:1.2.5-4.62.1 0:1.2.5-4.65.1 0:1.2.5-4.77.1 0:1.2.5-4.78.9.1 0:1.2.5-4.78.16.1 0:1.2.5-4.78.19.1 0:1.2.5-4.78.28.2 0:1.2.5-4.78.33.1 0:1.2.5-4.78.38.1 0:1.2.5-4.78.41.1 0:1.2.5-78.44.1 0:1.2.5-78.47.1 0:6.4.3.6-7.34.1 0:6.4.3.6-7.37.1 0:6.4.3.6-7.40.1 0:6.4.3.6-7.45.1 0:6.4.3.6-7.48.1 0:6.4.3.6-7.54.1 0:6.4.3.6-7.60.1 0:6.4.3.6-7.65.1 0:6.4.3.6-7.77.1 0:6.4.3.6-7.78.5.2 0:6.4.3.6-7.78.8.1 0:6.4.3.6-7.78.14.1 0:6.4.3.6-7.78.17.1 0:6.4.3.6-7.78.22.1 0:6.4.3.6-7.78.29.2 0:6.4.3.6-7.78.34.1 0:6.4.3.6-7.78.37.1 0:6.4.3.6-78.40.1 0:0.9.1-159.1 0:0.9.1-160.3.1 0:38.6.1esr-34.1 0:38.8.0esr-40.5 0:4.12-26.1 0:3.20.2-30.1 0:45.2.0esr-45.2 0:2.11.0-2.1 0:4.12-29.1 0:3.21.1-35.1 0:45.3.0esr-50.1 0:45.4.0esr-53.1 0:45.6.0esr-62.1 0:45.7.0esr-65.2 0:45.8.0esr-68.1 0:45.9.0esr-71.2 0:4.13.1-32.1 0:3.29.5-46.1 0:52.2.0esr-72.5.2 0:3.29.5-47.3.2 0:52.3.0esr-72.9.1 0:52.5.0esr-72.17.1 0:52.6.0esr-72.20.2 0:52.7.3esr-72.27.2 0:38.7.0esr-37.3 0:4.12-24.1 0:3.20.2-28.1 0:1.6.1-83.17.3.1 0:4.4.2_12-23.1 0:2.2.12-64.1 0:2.2.12-69.1 0:2.2.34-70.5.1 0:2.2.34-70.12.1 0:2.2.34-70.15.1 0:2.2-31.29.1 0:0.2.6-142.17.1 0:0.9.0-3.21.3.1 0:3.2-147.29.1 0:5.2-147.29.1 0:3.2-147.35.1 0:5.2-147.35.1 0:9.9.6P1-0.25.1 0:9.9.6P1-0.30.1 0:9.9.6P1-0.33.1 0:9.9.6P1-0.36.1 0:9.9.6P1-0.39.1 0:9.9.6P1-0.44.1 0:9.9.6P1-0.47.1 0:9.9.6P1-0.50.1 0:9.9.6P1-0.51.7.1 0:2.5.5-9.1 0:2.0-318.1 0:20171128-8.3.3 0:0.162.1-7.4.1 0:2.8.12-56.13.1 0:1.0.114.6-0.14.1 0:7.19.7-1.61.1 0:7.19.7-1.64.1 0:7.19.7-1.69.1 0:7.19.7-1.70.3.1 0:7.19.7-1.70.8.1 0:7.19.7-1.70.13.1 0:1.12.12-144.23.5.3.1 0:2.3.11-60.65.67.1 0:4.2.4.P2-0.27.1 0:4.2.4.P2-0.28.5.3 0:4.2.4.P2-0.28.8.1 0:22.3-42.3.1 0:2.28.2-0.7.3.1 0:2.0.1-88.38.1 0:2.0.1-88.41.1 0:2.0.1-88.42.3.2 0:52.4.0esr-72.13.2 0:3.29.5-47.6.1 0:2.6.0-10.19.1 0:2.1.1-7.24.1 0:2.1.1-7.25.3.1 0:2.3.7-25.41.4 0:2.3.7-25.45.5.1 0:2.3.7-25.45.8.1 0:4.3.4_20091019-37.3.1 0:4.8.5-4.2 0:4.8.5-5.3.1 0:5.3.1+r233831-10.1 0:2.0.36.RC1-52.22.1 0:2.0.36.RC1-52.25.1 0:2.0.36.RC1-52.29.1 0:2.0.36.RC1-52.32.1 0:2.0.36.RC1-52.33.5.1 0:8.62-32.41.1 0:4.2.7-32.41.1 0:8.62-32.38.1 0:4.2.7-32.38.1 0:8.62-32.44.1 0:4.2.7-32.44.1 0:8.62-32.46.1 0:4.2.7-32.46.1 0:4.1.6-21.1 0:2.6.2-3.34.47.1 0:1.7.12.4-0.14.1 0:1.7.12.4-0.17.1 0:1.7.12.4-0.18.3.1 0:1.7.12.4-0.18.6.1 0:2.11.3-17.102.1 0:2.11.3-17.109.1 0:2.11.3-17.110.3.1 0:2.11.3-17.110.6.2 0:2.11.3-17.110.9.2 0:2.4.1-24.39.67.1 0:2.4.1-24.39.70.1 0:0.10.35-5.17.1 0:2.18.9-0.44.1 0:2.18.9-0.45.3.1 0:1.8.5-24.1 0:4.0-7.30.2 0:4.0-38.1 0:4.0-43.1 0:4.0-46.1 0:1.4.2-2.20.1 0:1.900.14-134.25.1 0:1.900.14-134.32.1 0:1.900.14-134.33.3.1 0:1.7.1_sr3.10-3.1 0:1.7.1_sr3.20-6.1 0:1.7.1_sr3.30-9.1 0:1.7.1_sr3.40-13.1 0:1.7.1_sr3.60-19.2 0:1.7.1_sr4.1-22.1 0:1.7.1_sr4.5-25.1 0:1.7.1_sr4.10-26.5.1 0:1.7.1_sr4.15-26.8.1 0:1.7.1_sr4.20-26.13.1 0:1.7.1_sr3.50-16.1 0:3.0.101-80.2 0:3.0.101-88.3 0:3.0.101-94.2 0:3.0.101-97.3 0:3.0.101-104.7 0:3.0.101-108.7.2 0:3.0.101-108.13.2 0:3.0.101-65.3 0:3.0.101-71.2 0:3.0.101-108.18.3 0:3.0.101-108.21.2 0:3.0.101-108.24.3 0:3.0.101-108.35.1 0:3.0.101-68.2 0:3.0.101-77.2 0:3.0.101-84.2 0:3.0.101-107.3 0:3.0.101-108.10.2 0:3.0.101-108.38.1 0:1.6.3-133.49.106.1 0:1.6.3-133.49.109.1 0:1.6.3-133.49.113.7.1 0:1.3.4-12.22.23.3.2 0:0.6.3-1.9.6 0:1.7.4-7.9.1 0:4.5.20-97.5 0:4.5.20-97.7 0:1.4.5-24.24.3.1 0:0.6.17-2.14.3.1 0:1.5.0-0.22.1 0:1.5.0-0.25.1 0:0.43-1.10.6.1 0:0.15.1b-132.3.1 0:1.10-6.1 0:1.10-7.3.1 0:1.0.4-1.25.1 0:3.1.0-3.1 0:3.2.0-10.5.1 0:1.2.31-5.43.1 0:1.0.3-5.2 0:1.0.3-6.5.1 0:1.1.03.beta1-2.1 0:2.8.8-2.1 0:1.2.4-2.1 0:5.0.4.2-23.1 0:4.1-2.26 0:3.7.1-5.2 0:20150827-23.1 0:1.0.2-0.8.1 0:0.1.4-3.1 0:1.0.20-2.13.1 0:1.0.20-2.18.1 0:1.0.20-2.19.7.3 0:0.2-5.22.1 0:1.2.9-4.2.6.1 0:0.2.1-1.12.3 0:1.2.5-12.3 0:1.2.5-15.3 0:1.2.5-23.3.1 0:1.2.5-23.6.1 0:1.2.0-79.20.3.1 0:1.2.0-79.20.6.1 0:2.7.6-0.40.1 0:2.7.6-0.44.1 0:2.7.6-0.50.1 0:2.7.6-0.64.1 0:2.7.6-0.69.1 0:2.7.6-0.76.1 0:2.7.6-0.77.3.2 0:2.7.6-0.77.10.1 0:1.1.24-19.33.1 0:1.1.24-19.33.3 0:1.4.20-2.58.1 0:3.0.101-91.2 0:3.0.101-100.2 0:2.8.6-145.1 0:2.8.6-146.3.1 0:2.3.2-0.11.1 0:2.3.2-0.14.2 0:2.3.2-0.17.1 0:2.3.2-0.18.3.1 0:2.3.2-0.18.6.1 0:45.5.1esr-59.1 0:3.21.3-39.1 0:2.6.7-0.18.1 0:2.5-24.3.1 0:5.5.49-0.20.1 0:5.0.96-0.8.10.3 0:5.5.52-0.27.1 0:5.5.53-0.30.1 0:5.5.54-0.35.1 0:5.5.55-0.38.1 0:5.5.57-0.39.3.1 0:5.5.58-0.39.6.1 0:5.5.59-0.39.9.8 0:2.03.90-2.3.1 0:5.6-92.1 0:5.6-93.6.1 0:5.6-93.12.1 0:5.6-93.15.1 0:10.26.44-101.14.1 0:1.5-1.34.1 0:4.02.1-3.4 0:4.02.1-4.3.2 0:0.9.8j-0.89.1 0:0.9.8j-0.97.1 0:0.9.8j-0.102.2 0:0.9.8j-0.105.1 0:0.9.8j-0.106.9.1 0:1.1.5-0.17.2 0:5.10.0-64.80.1 0:5.10.0-64.81.3.1 0:5.10.0-64.81.10.1 0:4.008-6.1 0:4.008-9.1 0:0.710.08-3.1 0:5.3.17-59.1 0:5.3.17-62.1 0:5.3.17-71.1 0:5.3.17-74.1 0:5.3.17-79.2 0:5.3.17-84.1 0:5.3.17-87.1 0:5.3.17-94.1 0:5.3.17-101.1 0:5.3.17-108.1 0:5.3.17-111.2 0:5.3.17-112.5.1 0:5.3.17-112.10.1 0:5.3.17-112.20.1 0:2.6.6-0.29.1 0:0.12.3-1.12.1 0:9.4.6-0.14.3 0:9.4.9-0.19.1 0:9.4.12-0.22.3 0:9.4.13-0.23.5.1 0:9.4.15-0.23.10.1 0:9.4.16-0.23.13.2 0:9.4.17-0.23.16.1 0:2.4.5.git-2.31.7 0:2.6.9-39.1 0:2.6-8.39.1 0:2.6.9-40.3.1 0:2.6-8.40.3.1 0:0.99.15-0.16.1 0:0.99.15-0.21.1 0:0.99.15-0.24.2 0:0.99.15-0.29.1 0:0.99.15-0.30.3.1 0:1.8.7.p357-0.9.19.1 0:3.2.12-0.23.1 0:3.2.12-0.26.1 0:3.2.12-0.15.1 0:3.2.12-0.21.1 0:2.4.4-0.10.2 0:3.6.3-67.2 0:3.6.3-84.1 0:3.6.3-87.1 0:3.6.3-90.1 0:3.6.3-93.1 0:3.6.3-94.5.1 0:3.6.3-94.8.1 0:3.6.3-94.11.1 0:1.0.20-7.8.1 0:0.12.4-5.1 0:0.12.4-8.1 0:0.12.4-11.1 0:3.7.6.3-1.4.6.1 0:1.6.17-1.35.1 0:1.6.17-1.36.9.1 0:3.8.2-141.163.1 0:3.8.2-141.168.1 0:4.50.1-1.27.1 0:1.12.11-0.18.1 0:1.12.13-0.23.1 0:2.0.12-36.1 0:2.0.13-39.1 0:2.0.14-40.7.1 0:0.4.5-2.7.2.1 0:2.2.11-40.14.5 0:19-234.18.1 0:2.2.12-40.17.1 0:2.2.13-40.22.1 0:2.2.14-40.25.1 0:4.4.2_10-5.1 0:4.4.3_02-26.2 0:4.4.4_02-32.1 0:4.4.4_07-37.1 0:4.4.4_08-40.2 0:4.4.4_10-43.5 0:4.4.4_12-46.1 0:4.4.4_14-51.1 0:4.4.4_16-54.1 0:4.4.4_18-57.1 0:4.4.4_20-60.3 0:4.4.4_22-61.9.2 0:4.4.4_24-61.12.1 0:4.4.4_26-61.17.1 0:4.4.4_28-61.23.2 0:4.4.3_06-29.1 0:2.8.1-238.29.5.2 0:7.4-3.1 0:7.4-5.11.65.1 0:7.4-5.11.68.1 0:7.4-1.20.1 0:7.4-8.26.49.1 0:7.4-8.26.50.5.3 0:7.4-27.118.1 0:7.4-27.121.2 0:7.4-27.122.16.1 0:2.17.161-5.1 0:1.2.7-0.14.1 0:11.3-0 0:7.19.7-0.40.1 0:1.0.1g-0.22.1 0:2.4.26-0.30.2 0:2.4.26-0.62.3 0:6.6p1-10.1 0:6.6p1-15.1 0:6.6p1-18.1 0:1.0.1g-0.35.1 0:1.0.1g-0.40.1 0:1.0.1g-0.47.1 0:1.0.1g-0.52.1 0:1.0.1g-0.57.1 0:1.0.1g-0.58.3.1 0:1.0.1g-0.58.9.1 0:2.3.2-0.9.1 0:2.3.2-0.10.3.1 0:1.3.11-0.28.1 0:1.11.4-1.32.1 0:1.11.4-1.40.1 0:17.0.9esr-0.3.1 0:9.5.5-0.5.5.1 0:9.4.6-0.4.5.1 0:9.4.2-0.4.1 0:1.1.1-174.27.1 0:3.4.3-1.50.1 0:5.1-0.7.1 0:0.97.8-0.2.1 0:0.9.7g-146.22.1 0:8.12-6.25.29.1 0:10.0.7-0.3.1 0:7-0.6.7.80 0:10.0.9-0.3.1 0:7-0.6.7.85 0:10.0.10-0.3.1 0:10.0.11-0.3.1 0:10.0.12-0.4.1 0:17.0.4esr-0.5.1 0:7-0.6.9.5 0:0.5-1.47.51.5 0:17.0.5esr-0.4.1 0:7-0.6.9.17 0:17.0.6esr-0.4.1 0:17.0.7esr-0.3.1 0:7-0.6.9.31 0:17.0.10esr-0.4.2.4 0:7-0.6.9.62 0:11.2.202.336-0.3.1 0:2.0.9-25.33.37.1 0:1.4.1-0.8.1 0:1.6.0.0_b27.1.12.7-0.2.1 0:3.0.101-0.7.17.1 0:4.1.6_04_3.0.101_0.7.17-0.5.16 0:0.15.1-0.27.1 0:2013.1.7-0.3.1 0:5.1p1-41.57.1 0:1.95-0.4.1 0:2.0.9-143.33.3.1 0:2.6.18-0.12.1 0:3.16-50.39.1 0:4.4.0-6.21.1 0:1.7.6p2-0.2.12.1 0:0.1.5-1.5.1 0:1.0.7-5.10.1 0:4.1.4_02_3.0.58_0.6.6-0.5.1 0:0.9.0-3.19.1 0:0.5.10-0.5.1 0:4.1.2_20_3.0.38_0.5-0.5.2 0:0.5.12-0.5.1 0:4.1.3_02_3.0.38_0.5-0.5.1 0:4.1.3_04_3.0.42_0.7-0.5.1 0:4.1.5_02_3.0.74_0.6.10-0.5.1 0:4.1.6_02_3.0.93_0.5-0.5.1 0:4.1.6_04_3.0.101_0.5-0.5.1 0:7.3.99-3.18.2 0:0.4.1-28.19.1 0:1.6.166-0.5.1 0:24-0.7.48 0:24-0.7.36 0:3.2-147.22.1 0:1.2-2.10.1 0:1.2-2.12.1 0:0.98.1-0.10.1 0:0.9.7g-146.22.31.1 0:0.9.7g-146.22.36.1 0:3.13_3.0.101_0.31-0.9.1 0:3.2.3-45.5.3 0:2.71-0.12.13.1 0:61-1.35.1 0:7-0.12.1 0:7-0.12.41 0:24-0.7.14 0:24-0.7.23 0:38-15.31 0:24-0.7.4 0:31.0-0.10.1 0:31.0-0.12.51 0:11.2.202.418-0.3.1 0:11.2.202.481-0.8.2 0:11.2.202.491-0.11.1 0:11.2.202.508-0.14.1 0:11.2.202.521-0.17.1 0:11.2.202.535-0.20.1 0:11.2.202.540-0.23.1 0:11.2.202.548-0.26.1 0:11.2.202.554-0.29.1 0:11.2.202.559-0.32.1 0:3.0.2-269.39.1 0:2.0.9-25.33.41.2 0:2.00-0.49.2 0:0.10.22-7.11.1 0:1.4.2-0.7.1 0:1.7.0.71-0.7.1 0:1.7.0.85-0.11.2 0:1.7.0.91-0.14.2 0:1.7.0.95-0.17.2 0:4.3.5-0.11.20.1 0:3.0.101-0.47.55.1 0:3.0.101-0.40.1 0:4.2.4_04_3.0.101_0.40-0.7.3 0:3.0.101-0.47.67.2 0:3.0.101-0.47.71.1 0:1.4.2-0.17.1 0:1.4.2-0.22.34.3 0:1.4.2-37.1 0:1.4.2-0.21.4 0:1.900.1-134.13.1 0:0.4.1-16.20.2 0:2.7.6-0.34.4 0:2.7.6-0.37.4 0:12.5-1.7.1 0:38-18.24 0:1.5.17-42.37.1 0:3.0.0-0.20.1 0:3.0.0-0.10.1 0:4.2.4p8-1.24.1 0:6.2p2-0.13.1 0:6.2p2-0.21.1 0:6.2p2-0.21.3 0:6.2p2-0.24.1 0:6.2p2-0.24.3 0:1.97-0.3.1 0:2.0.9-143.40.5 0:2.28.3-0.5.10 0:0.2808.01-0.70.1 0:0.72-0.70.1 0:2.6.18-0.16.1 0:0.7-6.20.1 0:0.1.6+git20080930-6.24.1 0:3.0.4-2.49.1 0:1.3.11-0.25.4 0:4.4.0-6.32.1 0:1.7.6p2-0.21.1 0:1.4-1.35.1 0:1.1.1-174.1 0:0.7.1-6.17.4 0:4.2.5_06_3.0.101_0.47.52-0.7.1 0:4.2.5_02_3.0.101_0.40-0.7.1 0:4.2.5_12_3.0.101_0.47.55-15.1 0:4.2.5_14_3.0.101_0.47.67-18.2 0:4.2.2_06_3.0.82_0.7-0.7.1 0:4.2.3_02_3.0.93_0.8-0.7.1 0:4.2.3_08_3.0.101_0.8-0.7.1 0:4.2.4_02_3.0.101_0.15-0.7.1 0:4.2.4_04_3.0.101_0.40-0.9.1 0:4.2.5_04_3.0.101_0.47.52-0.9.1 0:4.2.5_08_3.0.101_0.47.55-0.9.1 0:4.2.5_18_3.0.101_0.47.71-21.1 0:5.07-6.36.1 0:4.4.2_12_3.0.101_63-23.1 0:0.9.7g-146.22.41.1 0:6.3.8.90-13.20.21.1 0:11.2.202.569-0.35.1 0:11.2.202.577-0.38.1 0:2.00-0.54.2 0:1.5.3-0.9.1 0:1.7.0.99-0.20.2 0:3.0.101-65.1 0:3.0.101-71.1 0:3.0.101-68.1 0:1.4.2-32.1 0:1.4.2-35.1 0:4.2.8p4-5.1 0:6.6p1-13.1 0:6.6p1-13.3 0:6.6p1-16.1 0:6.6p1-16.4 0:1.7.0.0-1.18.2 0:4.4.2_10_3.0.101_63-5.1 0:4.4.3_02_3.0.101_65-26.2 0:4.4.4_02_3.0.101_68-32.1 0:4.4.3_06_3.0.101_65-29.1 0:1.0.0-0.9.1 0:0.6.1-0.17.1 0:1.4_3.0.101_0.47.55-2.28.1.21 0:1.4_3.0.101_0.40-2.27.98 0:2_3.0.101_0.47.55-0.17.1.21 0:2_3.0.101_0.40-0.16.104 0:1.6_3.0.101_0.47.55-0.21.1.21 0:1.6_3.0.101_0.40-0.20.98 0:8.4.4_3.0.101_0.40-0.22.64 0:0.7.0+git.1430140184.8e872c5-7.1 0:1.4-2.32.2.14 0:1.4_3.0.101_108.7-2.32.2.14 0:8.4.4-0.27.2.1 0:8.4.4-0.27.2.13 0:8.4.4_3.0.101_108.7-0.27.2.13 0:2-0.24.2.14 0:2_3.0.101_108.7-0.24.2.14 0:1.6-0.28.3.4 0:1.6_3.0.101_108.7-0.28.3.4 0:1.4-2.32.4.6 0:1.4_3.0.101_108.35-2.32.4.6 0:8.4.4-0.27.4.2 0:8.4.4-0.27.4.6 0:8.4.4_3.0.101_108.35-0.27.4.6 0:2-0.24.4.6 0:2_3.0.101_108.35-0.24.4.6 0:1.6-0.28.5.6 0:1.6_3.0.101_108.35-0.28.5.6 0:1.1.12-18.1 0:45.0-23.10 0:52-24.3.44 0:5.3.1+r233831-7.1 0:52-24.5.1 0:3.4.0-18.1 0:3.5.5-18.1 0:1.9-18.1 0:1.0-18.1 0:1.0.14-0.4.25.1 0:0.99.2-0.19.1 0:0.99.3-0.20.3.2 0:0.99.4-0.20.7.2 0:2.78-0.16.5.1 0:1.6.0_sr16.30-75.1 0:1.6.0_sr16.35-78.2 0:1.6.0_sr16.45-84.1 0:1.6.0_sr16.50-85.5.1 0:1.7.0_sr9.50-55.1 0:1.7.0_sr9.60-58.2 0:1.7.0_sr10.1-61.1 0:1.7.0_sr10.5-64.1 0:1.7.0_sr10.15-65.8.1 0:1.7.0_sr10.20-65.13.1 0:3.0.101-0.47.86.1 0:3.0.101-0.47.93.1 0:3.0.101-0.47.99.1 0:3.0.101-0.47.102.1 0:3.0.101-0.47.105.1 0:3.0.101-0.47.106.8.1 0:3.0.101-0.47.106.11.1 0:3.0.101-0.47.106.19.1 0:3.0.101-0.47.90.1 0:3.0.101-0.47.106.5.1 0:1.4.2-53.11.1 0:1.4.2-53.14.1 0:0.1.6+git20080930-6.27.2 0:2.7.6-0.69.3 0:3.0.101-0.47.96.1 0:1.17-102.83.9.1 0:1.17-102.83.15.1 0:4.2.8p9-48.9.1 0:6.2p2-0.33.2 0:6.2p2-0.33.5 0:6.2p2-0.40.1 0:6.2p2-0.40.3 0:2.0.9-143.46.1 0:2.0.9-143.47.3.1 0:1.66-3.3.1 0:1.34b-84.1 0:1.34b-90.1 0:1.34b-93.1 0:1.34b-94.5.1 0:1.34b-94.8.1 0:6.0.53-0.56.1 0:3.80.2-4.1 0:0.7.1-6.18.3.1 0:4.2.5_21-27.1 0:4.2.5_21_3.0.101_0.47.86-27.1 0:4.2.5_21-30.1 0:4.2.5_21_3.0.101_0.47.90-30.1 0:4.2.5_21-35.1 0:4.2.5_21_3.0.101_0.47.96-35.1 0:4.2.5_21-38.1 0:4.2.5_21_3.0.101_0.47.99-38.1 0:4.2.5_21-41.1 0:4.2.5_21_3.0.101_0.47.99-41.1 0:4.2.5_21-44.1 0:4.2.5_21_3.0.101_0.47.102-44.1 0:4.2.5_21-45.5.1 0:4.2.5_21_3.0.101_0.47.105-45.5.1 0:4.2.5_21-45.8.1 0:4.2.5_21_3.0.101_0.47.105-45.8.1 0:4.2.5_21-45.11.1 0:4.2.5_21_3.0.101_0.47.106.5-45.11.1 0:4.2.5_21-45.16.1 0:4.2.5_21_3.0.101_0.47.106.8-45.16.1 0:4.2.5_21-45.19.1 0:4.2.5_21_3.0.101_0.47.106.14-45.19.1 0:1.4.19_2.6.33.5_rt23_0.4-0.7.6 0:2.1.0.0_2.6.33.20_rt31_0.5-0.2.52 0:1.4_2.6.33.20_rt31_0.5-2.5.62 0:8.3.11_2.6.33.20_rt31_0.5-0.3.62 0:1.4.19_2.6.33.20_rt31_0.5-0.9.11.38 0:2.6.33.20-0.5.1 0:1.6_2.6.33.20_rt31_0.5-0.4.2.62 0:1.5.2_2.6.33.20_rt31_0.5-0.9.13.49 0:1.5.2_2.6.33.18_rt31_0.3-0.9.13.1 0:1.4_3.0.101_rt130_0.7.9-2.18.79 0:8.4.2_3.0.101_rt130_0.7.9-0.6.6.70 0:1.4.20_3.0.101_rt130_0.7.9-0.25.25.18 0:3.0.101.rt130-0.7.9.1 0:2.0.4_3.0.101_rt130_0.7.9-0.9.9.6 0:1.6_3.0.101_rt130_0.7.9-0.11.78 0:1.5.2_3.0.101_rt130_0.7.9-0.28.28.50 0:1.4_3.0.101_rt130_0.28-2.27.99 0:8.4.4_3.0.101_rt130_0.28-0.22.65 0:1.4.20_3.0.101_rt130_0.28-0.38.84 0:3.0.101.rt130-0.28.1 0:2.1.1_3.0.101_rt130_0.28-0.11.75 0:1.6_3.0.101_rt130_0.28-0.20.99 0:1.5.4.1_3.0.101_rt130_0.28-0.13.90 0:3.0.101.rt130-0.33.40.1 0:3.0.101.rt130-0.33.44.2 0:3.0.101.rt130-0.33.44.1 0:3.0.101.rt130-68.1 0:1.4_3.0.101_rt130_68-2.32.2.14 0:8.4.4_3.0.101_rt130_68-0.27.2.13 0:2_3.0.101_rt130_68-0.24.2.14 0:1.6_3.0.101_rt130_68-0.28.3.4 0:3.0.101.rt130-51.1 0:1.4_3.0.101_rt130_69.14-2.32.4.6 0:8.4.4_3.0.101_rt130_69.14-0.27.4.6 0:2_3.0.101_rt130_69.14-0.24.4.6 0:1.6_3.0.101_rt130_69.14-0.28.5.6 0:3.0.101.rt130-54.1 0:3.0.101.rt130-69.5.1 0:3.0.101.rt130-45.1 0:3.0.101.rt130-48.1 0:3.0.101.rt130-69.11.1 0:3.0.101.rt130-69.14.1 0:3.0.101.rt130-69.21.1 0:3.0.101.rt130-65.1 0:3.0.101.rt130-57.1 0:3.0.101.rt130-69.8.1 0:1.4.2_sr13.13-0.3.1 0:1.0.0-0.8.1 0:0.9.7g-146.22.44.1 0:0.9.7g-146.22.47.1 0:0.98.9-0.7.1 0:0.9.7g-146.22.50.1 0:5.4.15-0.15.2 0:5.9.33-0.20.1 0:2.0.10-0.38.1 0:5.3.7-0.9.1 0:1.2.74-0.20.1 0:1.2.2-0.16.1 0:1.2.74-0.22.2 0:2.5.84.4-8.1 0:2.5.5.5-14.1 0:2.5.24.9-24.1 0:2.5.13.8-23.1 0:2.6.1-5.1 0:2016.11.4-43.7.1 0:2016.11.4-43.10.2 0:2016.11.4-42.2 0:0.5.2-0.38.16 0:1.4_3.0.101_0.7.17-2.18.81 0:2_3.0.101_0.7.17-0.7.109 0:1.6_3.0.101_0.7.17-0.11.80 0:6.4.3.6-7.19.1 11 0:3.0.10-1.1.1 0:3.5-1.1.5 0:2.24.0-7.5 0:3.12.3.1-1.2.1 0:0.8.11-2.14 0:4.8-1.3.1 0:1.9.0.10-1.1.1 0:1.9.1.11-0.1.1 0:1.9.2.12-0.6.1 0:2.14.16-2.16 0:0.7.0.r4359-15.9.2 0:0.7.0.r1053-11.11.1 0:3.2.7-151.3 0:2.2.47-30.5.1 0:2.2.10-2.23.22.1 0:5.2.6-50.18.3 0:0.6.23-11.14.1 0:2.0.1-1.26.1 0:3.2.7-11.21.1 0:1.34b-11.21.1 0:0.95.1-0.1.1 0:4.3.3_20081022-11.18 0:2.9-75.27.24.1 0:4.1-194.19.1 0:1.3.9-8.15.1 0:7.19.0-11.21.1 0:1.2-107.22 0:1.10-3.18 0:2.1.22-182.20.1 0:1.2.10-3.9.1 0:0.76-34.10.1 0:3.1.1-7.13.1 0:2.45-12.23.1 0:1.0.5-1.27.1 0:2.24.1.1-11.8.1 0:3.24.1.1-3.23.2 0:2.24.1.1-11.12.1 0:IIIalpha9.8-691.22 0:0.15-1.29 0:2.7.0-130.21 0:2.24.0-7.4 0:0.10.21-3.20 0:1.1.3-87.12 0:0.3.15-3.10 0:2.3.7-25.9.1 0:2.24.0-24.39.1 0:8.62-32.25.1 0:4.2.7-32.25.1 0:2.18.2-7.7.1 0:2.9-13.11.1 0:2.24.0-14.27.1 0:2.4.1-24.16.1 0:2.0.9-25.26.1 0:1.4.1-6.7 0:1.6-8.6 0:1.0.4-1.16 0:0.10.21-2.36.1 0:0.10.10-4.9.1 0:4.0-7.22.1 0:0.7.1-10.31.1 0:0.4.15-94.14.1 0:0.4.15_2.6.27.48_0.6-94.14.1 0:1.4.2_sr13-0.1.1 0:1.5.0.13.1.2-0.1.1 0:1.6.0-124.6.1 0:1.6.0-124.7.1 0:4.1.3-9.14.7 0:4.1.3-9.28.3 0:4.1.3-7.17.1 0:4.1.3-18.8.1 0:4.1.3-7.9.1 0:3.5.10-23.30.1 0:4.1.3-8.21.1 0:4.1.3-8.18.1 0:0.5.5-106.18 0:0_2.6.27.23_0.1-7.1.7 0:0.4.15_2.6.27.54_0.2-94.14.8 0:2.6.27.23-0.1.1 0:2.0.5_2.6.27.54_0.2-7.9.1 0:1.6.3-133.25.1 0:78.0.10.6-0.3.1 0:78.2.6.30.1_2.6.27.37_0.1-0.7.1 0:1.17-77.12.1 0:1.23-4.1.1 0:1.3.4-12.19.1 0:1.0.4-157.15.1 0:3.12.8-1.2.1 0:4.8.6-1.2.1 0:1.2.3-106.34 0:2.0-11.20.1 0:2.4.12-7.19.1 0:5.0.67-13.26.1 0:0.9.8h-30.13.1 0:1.2.31-5.11.1 0:1.2.31-5.18.1 0:0.10.1-1.37.1 0:0.10.1-1.30.5 0:2.6.0-8.8.6.1 0:2.6.0-8.9.6.2 0:4.4.3-12.11.1 0:1.0.17-172.14.1 0:1.0.beta2-6.1.1 0:3.8.2-141.7.1 0:128-13.2.1 0:0.4.6-14.63.1 0:2.7.1-10.11.1 0:2.02.39-18.26.3 0:2.0.2-2.15.1 0:4.8.2-1.1.1 0:1.9.0.9-0.1.1 0:1.9.1.15-0.5.1 0:4.2.4p6-1.17.1 0:2.0.870-26.6.1 0:1.2.0-172.10.7.1 0:0.9.8h-30.14.1 0:0.9.8h-30.18.1 0:2.6.16-1.32.1 0:1.22.1-3.17.3 0:1.4.102-1.31.1 0:5.10.0-64.43.1 0:1.16-3.2.1 0:1.7-37.18.1 0:4.4.2.3-37.18.1 0:8.3.7-0.1.1 0:0.24.5-5.7.1 0:0.8.4-194.19.1 0:0.99.10-17.17.1 0:8.14.3-50.20.1 0:1.8.7.p72-5.22.1 0:4.2.8-1.23.1 0:0.7.1-42.5.1 0:0.9.0-1.27.1 0:0.5.2-128.18.1 0:2.1.1.2-2.1 0:1.0.5-1.26.1 0:0.5-15.16.1 0:0.4.6-14.60.16 0:0.5.2-8.47.85 0:0.5.3-66.42.13 0:0.0.3-3.57.13 0:0.3.27-0.1.15 0:3.3.1_18546_24-0.3.7 0:3.3.1_18546_24_2.6.27.45_0.3-0.3.7 0:2.8.1-238.27.1 0:2.17.21-0.1.1 0:0.2.10-64.65.1 0:24.6.0esr-0.3.1 0:24-0.4.10.24 0:3.16.1-0.3.1 0:6.4.3.6-7.24.1 0:7.7-5.12.38 0:10.0.5-0.3.6 0:3.13.5-0.4.2 0:4.9.1-0.5.1 0:24.5.0esr-0.3.1 0:24-0.4.10.14 0:3.16-0.3.1 0:0.7.1_git20090811-3.9.9.5 0:0.7.1-5.15.7.5 0:0.6.9-4.5.4 0:0.7.1-5.15.11.1 0:11-6.38.1 0:2.2.12-1.30.1 0:5.2.14-0.7.30.42.1 0:3.3.1-147.24.1 0:2.1a15-131.23.2.1 0:3.2-147.12.1 0:5.2-147.12.1 0:9.6ESVR7P2-0.3.1 0:9.6ESVR11W1-0.6.1 0:9.6ESVR11W1-0.9.1 0:2.0.1-1.34.1 0:3.4.3-1.40.3 0:1.34b-11.28.40.3 0:0.97.5-0.2.1 0:2.3.37-0.11.1 0:2.4.20-0.11.1 0:6.12-32.26.1 0:7.19.7-1.20.27.9 0:1.2.10-3.19.1 0:1.2.10-3.17.1 0:0.76-34.7.1 0:3.1.3.ESV-0.17.1 0:7-0.6.7.7 0:0.6.3-5.6.5 0:10.0.4-0.3.3 0:3.13.4-0.2.1 0:10.0.6-0.4.1 0:7-0.6.7.70 0:10.0.12-0.4.3 0:7-0.6.7.103 0:7-0.6.9.20 0:17.0.10esr-0.4.2.1 0:7-0.6.9.60 0:24.3.0esr-0.4.2.2 0:24-0.4.10.4 0:4.7.2_20130108-0.16.1 0:3.15.4-0.4.2.1 0:4.10.2-0.3.2 0:24.7.0esr-0.3.1 0:3.16.2-0.3.1 0:24.8.0esr-0.3.1 0:3.16.4-0.3.1 0:31.3.0esr-0.3.1 0:31.4.0esr-0.3.1 0:3.17.3-0.3.1 0:31.5.3esr-0.3.1 0:38.2.1esr-17.1 0:31.2.0esr-0.11.11.1 0:31.0-0.5.5.1 0:3.17.2-0.3.1 0:2.3.7-25.30.1 0:2.24.0-24.28.1 0:2.11.1-0.34.1 0:2.11.1-0.32.1 0:3.0.3-0.4.1 0:11-1.18.1 0:3.2.8-0.4.1 0:2.4.1-24.39.39.1 0:2.18.9-0.20.18.1 0:4.3.5-0.2.1 0:1.4.19-0.7.6 0:1.4.19_2.6.32.19_0.2-0.7.6 0:1.900.1-134.11.1 0:1.4.2_sr13.12-0.2.1 0:1.6.0_sr10.1-0.3.1 0:1.14.1-16.27.1 0:0_2.6.32.59_0.3-0.3.92 0:0_2.6.32.59_0.3-7.9.59 0:0_2.6.32.59_0.3-0.18.16 0:1.4.19_2.6.32.19_0.3-0.7.8 0:2.6.32.59-0.7.1 0:2.6.32.59-0.3.1 0:2.0.5_2.6.32.19_0.3-7.10.1 0:4.0.3_21548_16_2.6.32.59_0.15-0.5.26 0:2.6.32.24-0.2.2 0:0.12.5-1.20.1 0:0.12.5-1.30.2 0:1.4.1-6.10.1 0:0.1-20.2.1 0:2.4.20-0.5.1 0:5.0.96-0.4.1 0:0.9.8j-0.44.1 0:7.4-8.26.3.1 0:1.2.31-5.13.1 0:1.4.18-28.23.2 0:0.29.6-6.5.1 0:5.4.2.1-8.12.10.1 0:2.28.2-0.3.1 0:3.8.2-141.148.1 0:0.7.6-1.25.1 0:2.7.6-0.19.1 0:1.1.24-19.19.1 0:7.3.6-65.66.1 0:2.02.39-18.31.2 0:3.15-2.14.1 0:38.2.0esr-10.1 0:31.0-0.5.7.11 0:4.7.2_20130108-0.37.2 0:3.19.2.0-0.7.1 0:1.9.1.19-0.2.1 0:3.0.6-1.23.1 0:1.2.1-2.18.1 0:3.12.11-3.2.2.1 0:4.8.9-1.2.2.1 0:4.2.4p8-1.29.32.1 0:1.5.2-0.9.13.1 0:1.5.2_2.6.32.46_0.3-0.9.13.1 0:1.2.0-172.15.1 0:5.1p1-41.55.1 0:0.9.8h-27.3.1 0:2011.6.28-0.3.1 0:1.0.4-0.7.1 0:1.4.102-1.31.2 0:2.6.32.46-2.5.3.1 0:2.33-2.8 0:5.816-2.17.1 0:1.7-37.29.33.1 0:4.4.2.3-37.29.33.1 0:2.5.6-5.8.1 0:8.3.20-0.4.1 0:9.1-0.6.10.1 0:8.3.18-0.3.1 0:2.6.17-0.3.1 0:1.0.22-3.13.1 0:2.6.8-0.13.1 0:2.6-8.13.2 0:0.99.15-0.10.1 0:3.16-50.36.36.2 0:3.0.4-2.36.2 0:1.8.7.p72-5.28.1 0:4.4.0-6.13.1 0:1.7.6p2-0.2.8.1 0:1.20-0.10.1 0:0.71.31-0.7.1 0:0.9.10-0.8.1 0:2.16-6.11.1 0:2.28.1-2.3.1 0:2.0.7-4.21.1 0:1.4.13-0.2.1 0:4.0.3_21548_18-0.21.1 0:4.0.3_21548_18_2.6.32.59_0.19-0.21.1 0:4.0.3_21548_18-29.1 0:4.0.3_21548_18_2.6.32.59_0.19-29.1 0:0.7.6-1.21.1 0:0.4.30-0.3.2 0:4.0.1_21326_08-0.5.1 0:4.0.1_21326_08_2.6.32.36_0.5-0.5.1 0:0.4.31-0.3.5 0:4.0.2_21511_02-0.7.1 0:4.0.2_21511_02_2.6.32.43_0.4-0.7.1 0:0.7.6-1.29.2 0:1.1.3-1.5.1 0:4.0.3_21548_02-0.5.2 0:4.0.3_21548_02_2.6.32.54_0.3-0.5.2 0:4.0.3_21548_04-0.9.1 0:4.0.3_21548_04_2.6.32.59_0.5-0.9.1 0:0.4.34-0.3.1 0:4.0.3_21548_08-0.7.1 0:4.0.3_21548_08_2.6.32.59_0.7-0.7.1 0:4.0.3_21548_10-0.5.1 0:4.0.3_21548_10_2.6.32.59_0.7-0.5.1 0:4.0.3_21548_16-0.5.1 0:4.0.3_21548_16_2.6.32.59_0.9-0.5.1 0:4.0.3_21548_18-0.15.1 0:4.0.3_21548_18_2.6.32.59_0.19-0.15.1 0:4.0.3_21548_18-0.25.1 0:4.0.3_21548_18_2.6.32.59_0.19-0.25.1 0:7.4-9.39.1 0:7.4-27.40.52.1 0:7.4-8.26.42.4 0:7.4-1.18.16 0:7.4-1.22.5.15 0:7.4_0.11.0-0.4.6.1 0:7.4-27.40.50.1 0:3.02-138.29.2 0:3.02-138.36.1 0:2.17.35.3-0.3.1 0:1.3.21-0.3.1 0:10.0.2-0.4.1 0:1.6.0_sr10.0-0.3.1 0:0.9.8j-0.28.1 0:1.2.31-5.27.1 0:2.6.12-0.12.1 0:38.8.0esr-40.1 0:45.3.0esr-48.1 0:45.0-20.38 0:2.11.0-4.2 0:3.21.1-26.2 0:4.12-25.2 0:45.4.0esr-52.1 0:45.6.0esr-66.1 0:4.1.6_08-17.1 0:4.1.6_08_3.0.101_0.7.29-17.1 0:1.0.8-0.4.7.1 0:3.2-147.14.22.1 0:5.2-147.14.22.1 0:1.34b-12.33.39.1 0:4.2.4.P2-0.11.15.1 0:38.3.0esr-20.1 0:38.4.0esr-25.3 0:38-12.19 0:3.19.2.1-12.1 0:38.7.0esr-36.3 0:3.20.2-20.1 0:4.12-19.1 0:2.11.3-17.45.66.1 0:3-0.5.1 0:1.1.1-1.35.1 0:1.6.0_sr16.0-0.3.1 0:1.6.0_sr16.20-49.1 0:1.6.0_sr16.25-69.1 0:1.7.0_sr7.0-0.5.1 0:1.7.0_sr9.30-45.1 0:1.7.0_sr9.40-52.1 0:3.0.101-0.7.47.1 0:3.0.101-0.7.53.1 0:3.0.101-0.7.37.1 0:3.0.101-0.7.40.1 0:3.0.101-0.7.44.1 0:0.15.1-0.32.2 0:1.34b-12.24.4 0:3.16.5-0.4.2.1 0:2.7.6-0.44.4 0:45.5.1esr-63.1 0:3.21.3-30.1 0:38.6.1esr-33.1 0:38-15.58 0:3.20.2-17.5 0:2.12-24.4.8.1 0:4.2.8p6-41.1 0:2.17.14.1-1.12.1 0:4.2.8p7-44.1 0:4.2.8p8-47.3 0:5.1p1-41.69.1 0:5.1p1-41.69.4 0:2.6.16-1.40.1 0:5.2.14-0.7.30.72.1 0:5.2.14-0.7.30.89.1 0:5.3.17-47.1 0:5.3.17-55.1 0:5.3.17-58.1 0:1.34b-45.2 0:3.6.3-45.2 0:1.34b-48.2 0:3.6.3-48.2 0:1.34b-52.1 0:3.6.3-52.1 0:1.34b-56.1 0:3.6.3-56.1 0:4.36-0.12.1 0:6.0.18-20.35.42.1 0:4.1.6_08-0.11.1 0:4.1.6_08-0.5.1 0:4.1.6_08_3.0.101_0.7.23-0.5.1 0:4.1.6_08-20.1 0:4.1.6_08_3.0.101_0.7.37-20.1 0:4.1.6_08-26.1 0:4.1.6_08_3.0.101_0.7.37-26.1 0:4.1.6_08-29.1 0:4.1.6_08_3.0.101_0.7.40-29.1 0:4.1.6_08-32.1 0:4.1.6_08_3.0.101_0.7.44-32.1 0:4.1.6_06-0.5.1 0:4.1.6_06_3.0.101_0.7.17-0.5.1 0:4.1.6_08-0.9.1 0:4.1.6_08_3.0.101_0.7.29-0.9.1 0:4.1.6_08-0.13.1 0:4.1.6_08_3.0.101_0.7.29-0.13.1 0:4.1.6_08-23.1 0:4.1.6_08_3.0.101_0.7.37-23.1 0:1.34b-12.52.5 0:38-10.27 0:31.0-0.5.1 0:31.0-0.7.5 0:0.7.3-1.13.1 0:3.2.2-88.36.1 0:1.6.0_sr16.20-51.1 0:1.7.0_sr9.30-47.1 0:3.0.101-0.47.79.1 0:3.0.101-0.47.106.14.1 0:1.4.20_3.0.101_0.40-0.38.83 0:1.5.4.1_3.0.101_0.40-0.13.89 0:2.0.5_3.0.101_0.40-7.39.89 0:1.6.3-133.49.97.3 0:1.6.3-133.49.68.2 0:1.4.2-46.1 0:2.3.37-2.35.1 0:2.3.37-2.62.2 0:1.2.16-0.13.1 0:2.6.1-0.14.1 0:1.34b-76.1 0:3.6.3-76.2 0:1.34b-12.56.1 0:1.34b-64.1 0:2.7.STABLE5-2.12.24.2 0:1.3.3-12.2.1 0:2.0.7-4.29.1 0:4.2.5_20-24.9 0:4.2.5_20_3.0.101_0.47.79-24.9 0:0.9.svn1043876-1.3.15 0:3.6_SVNr208-2.18.3.1 0:0.114-12.8.3.1 0:0.114-0.8.3.1 0:2.5.69.8-11.2 0:2.1.12-14.2 0:8.12-6.25.33.3.1 0:2.71-0.16.3 0:2.78-0.17.5.1 0:3.0.26-3.1 0:2.28.0-3.11.12.2 0:0.10.30-5.14.1 0:1-0.81.3.2 0:0.7.3-1.38.3.1 0:1.1.1-234.31.1 0:3.0.101-80.1 0:3.0.101-88.1 0:3.0.101-94.1 0:3.0.101-97.1 0:3.0.101-104.2 0:3.0.101-108.7.1 0:3.0.101-108.13.1 0:3.0.101-108.18.1 0:3.0.101-108.21.1 0:3.0.101-108.24.1 0:20110923-0.59.3.1 0:3.0.101-77.1 0:3.0.101-84.1 0:3.0.101-107.1 0:3.0.101-108.10.1 0:1.4.2-44.1 0:1.4.2-47.1 0:1.4.2-50.1 0:1.4.2-59.1 0:1.4.2-60.3.1 0:1.4.2-60.6.1 0:1.4.2-60.9.1 0:1.14.0.894-3.1 0:1.7.0-1.3.3.1 0:1.7.0-1.3.6.1 0:1.3.3-12.4.1 0:1.2.5-4.2 0:2.7.6-0.40.3 0:2.7.6-0.50.4 0:2.7.6-0.64.4 0:2.7.6-0.76.4 0:2.7.6-0.77.3.5 0:3.0.101-91.1 0:3.0.101-100.1 0:2.3-27.24.6.2 0:4.2.8p9-57.2 0:4.2.8p10-63.1 0:4.2.8p11-64.4.1 0:10.1.0-7.1 0:6.6p1-21.1 0:6.6p1-21.3 0:6.6p1-28.1 0:6.6p1-28.2 0:6.6p1-35.1 0:6.6p1-35.4 0:0.2808.01-0.80.1 0:0.72-0.80.1 0:0.2808.01-0.81.3.1 0:0.72-0.81.3.1 0:0.2808.01-0.81.10.1 0:0.72-0.81.10.1 0:2.0.79-4.8.1 0:2.0.79-4.9.3.3 0:9.4-0.5.3.1 0:3.22-240.8.3.1 0:2.7.26-0.5.3.1 0:3.0.4-2.52.1 0:3.0.4-2.53.3.1 0:3.0.4-2.53.6.1 0:0.12.21~rc-936.3.1 0:1.34b-67.2 0:1.34b-87.1 0:1.34b-94.11.1 0:2.7.STABLE5-2.12.29.1 0:3.1.23-8.16.30.1 0:3.1.23-8.16.36.1 0:3.1.23-8.16.37.3.1 0:1.4-13.10.1 0:4.4.0-6.29.2 0:4.4.0-6.35.1 0:4.4.0-6.36.3.1 0:1.7.6p2-0.29.1 0:1.20-121.1 0:1.26-1.2.10.1 0:20120115_1.7.0-0.5.5.1 0:3.9.8-1.29.1 0:3.9.8-1.30.5.1 0:6.0.45-0.53.2 0:6.0.41-0.47.1 0:6.0.45-0.50.1 0:3.2.5-160.3.2 0:5.6.1-5.3.1 0:6.00-11.17.1 0:6.00-11.18.3.1 0:7.2-8.17.1 0:7.2-8.20.8 0:0.5.3.git20161120-4.1 0:4.4.4_07_3.0.101_77-37.1 0:4.4.4_08_3.0.101_80-40.2 0:4.4.4_10_3.0.101_88-43.5 0:4.4.4_12_3.0.101_91-46.1 0:4.4.4_14_3.0.101_94-51.1 0:4.4.4_16_3.0.101_97-54.1 0:4.4.4_18_3.0.101_97-57.1 0:4.4.4_20_3.0.101_104-60.3 0:4.4.4_22_3.0.101_108.7-61.9.2 0:4.4.4_24_3.0.101_108.10-61.12.1 0:4.4.4_26_3.0.101_108.13-61.17.1 0:4.4.4_28_3.0.101_108.35-61.23.2 0:4.3.6-67.9.3.1 0:1.6.3-133.49.56.1 0:3.9.8-3.7.1 0:0_2.6.27.39_0.3-7.1.22 0:2.6.27.39-0.3.1 0:0.9.8j-0.32.1 0:5.0.67-13.16.1 0:1.4.2_sr13.1-0.1.1 0:3.5.10-0.1.1 0:1.9.0.13-1.1.1 0:1.9.1.10-1.1.1 0:3.0.7-1.1.4 0:1.9.0.7-1.1.4 0:1.0.17-172.13.1 0:1.6.0_sr7.0-1.1.1 0:8.62-32.22.2 0:4.2.7-32.22.2 0:0.9.8h-30.12.1 0:3.0.9-0.1.1 0:0_2.6.27.21_0.1-7.1.2 0:2.6.27.21-0.1.2 0:2.6.27.21-0.1.1 0:9.5.0P2-20.3.1 0:4.2.8-1.22.1 0:0.10.1-1.31.1 0:3.0.8-1.1.1 0:1.9.0.8-1.1.1 0:1.4.2_sr13.2-0.1.1 0:3.0.12-0.1.2 0:1.9.0.12-1.1.1 0:2.2.10-2.21.1 0:0.95-0.2.1 0:5.2.6-50.19.1 0:0_2.6.27.25_0.1-7.1.12 0:2.6.27.25-0.1.1 0:0_2.6.27.48_0.1-7.1.33 0:2.6.27.48-0.1.1 0:3.0.11-0.1.1 0:1.9.0.11-1.1.1 0:3.5.4-1.1.2 0:1.9.0.15-0.1.2 0:1.9.1.4-2.1.3 0:3.5.8-0.1.1 0:1.9.0.18-0.1.1 0:1.9.1.8-1.1.1 0:3.2.7-11.7.1 0:1.34b-11.7.1 0:2.6.16-1.33.1 0:4.2.8-1.24.1 0:78.0.10.5-0.2.1 0:78.2.6.30.1_2.6.27.25_0.1-0.2.1 0:3.12.3.1-1.1.1 0:0_2.6.27.29_0.1-7.1.13 0:2.6.27.29-0.1.1 0:2.4.12-7.18.1 0:1.5.17-42.32.2 0:2.7.1-10.9.1 0:7.19.0-11.22.1 0:1.6.0_sr6-1.1.1 0:1.0.5-1.31.1 0:2.6.0-8.8.1.1 0:2.6.0-8.9.1.1 0:3.0.13-0.1.2 0:4.2.8-1.27.2 0:5.2.6-50.23.1 0:3.2.7-11.8.2 0:1.34b-11.8.2 0:1.3.9-8.20.1 0:0_2.6.27.37_0.1-7.1.18 0:2.6.27.37-0.1.1 0:3.5.3-1.1.1 0:1.9.0.14-1.1.1 0:1.9.1.3-1.1.1 0:0_2.6.27.42_0.1-7.1.24 0:2.6.27.42-0.1.1 0:8.3.8-0.1.1 0:0.9.8h-30.22.21.1 0:2.18.2-7.9.1 0:1.6.3-133.26.1 0:2.7.2-61.15.1 0:3.5.6-1.1.1 0:1.9.1.6-1.1.1 0:2.4.1-24.32.1 0:1.4.2_sr13.4-1.6.1 0:3.12.6-3.1.1 0:1.9.1.9-1.1.1 0:1.4.2_sr13.6-1.6.1 0:1.6.0_sr9.0-0.2.1 0:4.2.4p6-1.18.1 0:2.0.1-88.22.1 0:0_2.6.27.45_0.1-7.1.26 0:2.6.27.45-0.1.1 0:1.9.0.16-0.1.1 0:9.5.0P2-20.4.1 0:8.62-32.27.26.1 0:4.2.7-32.27.26.1 0:2.4.1-24.39.49.1 0:2.11.1-0.30.1 0:1.4.2_sr13.5-0.1.1 0:1.6.0_sr8.0-0.1.2 0:1.6.0_sr8.0-0.7.1 0:3.6.13-0.7.1 0:1.9.1.16-0.1.1 0:1.9.2.13-1.7.1 0:3.5.7-1.1.1 0:1.9.0.17-0.1.1 0:1.9.1.7-1.1.1 0:2.11.1-0.18.2 0:5.2.14-0.1.1 0:1.3.9-8.37.1 0:3.2.7-11.9.1 0:1.34b-11.9.1 0:3.5.11-0.1.1 0:8.3.11-0.1.1 0:0.9.10-0.6.1 0:5.10.0-64.44.1 0:5.10.0-64.48.1 0:0.7.0.r4359-15.20.10.12 0:0.7.0.r4359-15.25.1 0:0_2.6.32.13_0.4-0.3.3 0:0_2.6.32.59_0.7-0.3.107 0:0_2.6.32.13_0.4-7.3.3 0:0_2.6.32.59_0.7-7.9.74 0:0_2.6.32.59_0.7-0.18.20 0:2.6.32.13-0.4.1 0:1.6.3-133.33.1 0:1.4.2_sr13.8-1.5.1 0:1.4.2_sr13.8-0.3.1 0:1.6.3-133.39.1 0:2.2.10-2.30.1 0:1.4.4-0.2.1 0:3.6.15-0.2.1 0:1.9.1.17-0.2.1 0:1.9.2.15-0.2.1 0:2.6.0-8.10.1 0:0.96.1-0.1.1 0:0_2.6.32.13_0.5-0.3.9 0:0_2.6.32.13_0.5-7.3.9 0:2.6.32.13-0.5.1 0:0.99.15-0.4.1 0:2.3.7-25.11.1 0:1.7-37.25.1 0:4.4.2.3-37.25.1 0:3.2.7-11.20.1 0:1.34b-11.20.1 0:2.1.0.0_2.6.33.7.2_rt30_0.3-0.2.9 0:1.4.19_2.6.33.7.2_rt30_0.3-0.7.26 0:2.6.33.7.2-0.3.1 0:1.4.2_2.6.33.7.2_rt30_0.3-0.14.1 0:0.7.6-1.12.2 0:7.4-27.24.1 0:0_2.6.32.19_0.2-0.3.15 0:0_2.6.32.19_0.2-7.3.15 0:2.6.32.19-0.2.1 0:4.3.4-3.4.1 0:3.6.10-1.6.1 0:1.9.2.10-1.1.1 0:5.10.0-64.53.1 0:0_2.6.27.54_0.2-7.1.43 0:2.6.27.54-0.2.1 0:0.9.8h-30.22.22.1 0:0.9.8h-30.28.1 0:0_2.6.32.29_0.3-0.3.34 0:0_2.6.32.29_0.3-7.9.2 0:2.6.32.29-0.3.1 0:0.99.10-17.18.1 0:0.99.15-0.2.1 0:0_2.6.32.23_0.3-0.3.20 0:0_2.6.32.23_0.3-7.3.20 0:2.6.32.23-0.3.1 0:0_2.6.32.19_0.3-0.3.16 0:0_2.6.32.19_0.3-7.3.16 0:2.6.32.19-0.3.1 0:0_2.6.27.48_0.12-7.1.40 0:2.6.27.48-0.12.1 0:0_2.6.32.24_0.2-0.3.22 0:0_2.6.32.24_0.2-7.3.22 0:2.6.32.24-0.2.1 0:2.3.7-25.17.1 0:3.4.3-1.19.1 0:1.34b-11.19.1 0:3.6.12-0.6.1 0:1.9.1.11-0.1.15 0:0.96.4-0.2.1 0:0_2.6.32.27_0.2-0.3.29 0:0_2.6.32.27_0.2-7.3.29 0:2.6.32.27-0.2.2 0:5.2.14-0.7.13.1 0:2.3.7-25.24.1 0:5.0.94-0.2.2.1 0:2.11.1-0.20.1 0:0.9.8h-30.22.28.1 0:0.9.8h-30.29.1 0:2.1.0.0_2.6.33.20_rt31_0.3-0.2.34 0:1.4_2.6.33.20_rt31_0.3-2.5.28 0:8.3.11_2.6.33.20_rt31_0.3-0.3.28 0:1.4.19_2.6.33.20_rt31_0.3-0.9.11.2 0:2.6.33.20-0.3.1 0:1.6_2.6.33.20_rt31_0.3-0.4.2.28 0:1.5.2_2.6.33.20_rt31_0.3-0.9.13.15 0:1.4_3.0.74_rt98_0.6.2-2.18.37 0:8.4.2_3.0.74_rt98_0.6.2-0.6.6.28 0:1.4.20_3.0.74_rt98_0.6.2-0.23.34 0:3.0.74.rt98-0.6.2.1 0:2.0.4_3.0.74_rt98_0.6.2-0.7.30 0:1.6_3.0.74_rt98_0.6.2-0.11.36 0:1.5.2_3.0.74_rt98_0.6.2-0.28.28.8 0:0_2.6.32.54_0.3-0.3.73 0:0_2.6.32.54_0.3-7.9.40 0:2.6.32.54-0.3.1 0:0_2.6.32.36_0.5-0.3.40 0:0_2.6.32.36_0.5-7.9.8 0:2.6.32.36-0.5.2 0:2.1.0.0_2.6.33.18_rt31_0.3-0.2.24 0:1.4_2.6.33.18_rt31_0.3-2.5.6 0:8.3.11_2.6.33.18_rt31_0.3-0.3.6 0:1.4.19_2.6.33.18_rt31_0.3-0.7.48 0:2.6.33.18-0.3.1 0:1.6_2.6.33.18_rt31_0.3-0.4.2.6 0:0_2.6.32.45_0.3-0.3.54 0:0_2.6.32.45_0.3-7.9.21 0:2.6.32.45-0.3.1 0:2.7.6-0.3.1 0:5.2.14-0.7.22.1 0:0.9.8h-30.30.1 0:3.9.8-3.5.1 0:1.6.0_sr9.1-1.5.1 0:1.4.2_sr13.9-0.4.1 0:1.4.2_sr13.9-0.3.1 0:2.7.6-0.7.1 0:2.11.1-0.50.1 0:0_2.6.32.59_0.13-0.3.163 0:0_2.6.32.59_0.13-7.9.130 0:0_2.6.32.59_0.13-0.18.39 0:2.6.32.59-0.19.1 0:2.6.32.59-0.15.2 0:4.0.3_21548_18_2.6.32.59_0.19-0.9.17 0:0.9.8h-30.32.1 0:3.6.17-0.2.1 0:1.9.2.17-0.3.1 0:3.6.18-0.2.1 0:1.9.2.18-1.2.1 0:3.6.20-0.2.1 0:1.9.2.20-1.2.1 0:3.8.2-141.16.1 0:2.3.7-25.26.1 0:1.6.3-133.46.1 0:2.5.6-5.6.1 0:3.4.3-1.21.1 0:1.6.0_sr9.2-0.4.1 0:1.4.2_sr13.10-0.3.1 0:3.2.3-44.22.1 0:3.1.3.ESV-0.9.1 0:0.97-5.2.1 0:0_2.6.32.43_0.4-0.3.50 0:0_2.6.32.43_0.4-7.9.17 0:2.6.32.43-0.4.1 0:5.2.14-0.7.30.34.1 0:3.0.26-0.7.6 0:1.4_3.0.26_0.7-2.10.13 0:2_3.0.26_0.7-0.7.13 0:1.6_3.0.26_0.7-0.7.13 0:0_2.6.32.59_0.9-0.3.151 0:0_2.6.32.59_0.9-7.9.118 0:0_2.6.32.59_0.9-0.18.37 0:2.6.32.59-0.9.1 0:5.2.14-0.7.30.46.1 0:5.3.8-0.39.1 0:1.0.22-3.5.1 0:0_2.6.32.49_0.3-0.3.66 0:0_2.6.32.49_0.3-7.9.33 0:2.6.32.49-0.3.1 0:1.4.4-0.4.1 0:0.12.5-1.8.1 0:2.3.11-60.61.1 0:2.7.6-0.9.1 0:0.9.8h-30.34.1 0:1.4.4-0.6.1 0:0.12.5-1.16.1 0:3.6.24-0.3.1 0:9.6ESVR4P3-0.2.1 0:3.4.3-1.32.1 0:1.34b-11.27.32.1 0:0.97.2-1.2.1 0:3.1.3.ESV-0.13.1 0:2.7.6-0.11.1 0:0_2.6.32.46_0.3-0.3.57 0:0_2.6.32.46_0.3-7.9.24 0:2.6.32.46-0.3.1 0:3.6.23-0.3.1 0:1.9.2.23-1.2.1 0:1.2.31-5.29.1 0:2.7.6-0.17.1 0:2.2.12-1.18.1 0:3.1.12-8.8.1 0:2.3.11-60.63.1 0:0.9.8h-30.42.1 0:1.7-37.29.29.1 0:4.4.2.3-37.29.29.1 0:1.4.2_sr13.11-0.5.1 0:1.4.2_sr13.11-0.3.1 0:1.4.2_sr13.12-0.3.1 0:1.9.2.26-0.3.1 0:2.6.12-0.6.1 0:1.1.24-19.17.1 0:5.3.8-0.23.1 0:9.6ESVR5P1-0.2.4.1 0:1.4.20-2.46.10 0:2.0.10-0.34.1 0:2.2.12-1.36.1 0:1.4.11-0.2.2.1 0:10.0.3-0.7.1 0:3.13.3-0.2.1 0:4.9.0-0.3.1 0:10.0.1-0.4.1 0:1.6.0.0_b24.1.11.4-0.3.1 0:1.7.0_sr2.0-0.5.1 0:1.6.0_sr11.0-0.3.1 0:3.6.3-0.22.1 0:1.34b-12.22.1 0:2.7.6-0.15.1 0:3.0.58-0.6.2.1 0:4.1.3_06_3.0.58_0.6.2-0.7.16 0:1.4_3.0.58_0.6.2-2.18.18 0:2_3.0.58_0.6.2-0.7.53 0:1.6_3.0.58_0.6.2-0.11.17 0:5.2.14-0.7.30.38.1 0:5.3.8-0.27.1 0:3.8.2-141.144.1 0:3.4.3-1.38.1 0:1.34b-11.28.38.1 0:9.5.3-0.2.1 0:9.4.6-0.4.2.4 0:1.6.0.0_b24.1.11.5-0.2.1 0:1.4.2_sr13.14-0.2.1 0:1.6.0_sr12.0-0.5.1 0:1.7.0_sr3.0-0.5.1 0:1.6.0_sr13.0-0.8.1 0:1.7.0_sr4.0-0.6.1 0:1.4.12-0.3.2 0:3.0.51-0.7.9.1 0:1.4_3.0.51_0.7.9-2.18.12 0:2_3.0.51_0.7.9-0.7.47 0:1.6_3.0.51_0.7.9-0.11.11 0:9.6ESVR7P1-0.5.1 0:9.6ESVR7P1-0.2.5.1 0:1.4.2_sr13.13-0.2.1 0:2.6.12-0.14.1 0:3.8.2-141.146.1 0:0.9.8j-0.36.1 0:3.0.34-0.7.9 0:1.4_3.0.34_0.7-2.10.30 0:2_3.0.34_0.7-0.7.30 0:1.6_3.0.34_0.7-0.7.30 0:3.0.31-0.9.1 0:1.4_3.0.31_0.9-2.10.23 0:2_3.0.31_0.9-0.7.23 0:1.6_3.0.31_0.9-0.7.23 0:3.0.74-0.6.6.2 0:4.1.4_02_3.0.74_0.6.6-0.5.22 0:1.4_3.0.74_0.6.6-2.18.36 0:2_3.0.74_0.6.6-0.7.69 0:1.6_3.0.74_0.6.6-0.11.35 0:5.3.8-0.33.2 0:0.9.8j-0.38.1 0:5.2.14-0.7.30.40.1 0:3.0.101-0.35.1 0:4.2.4_02_3.0.101_0.35-0.7.45 0:1.4_3.0.101_0.35-2.27.78 0:2_3.0.101_0.35-0.16.84 0:1.6_3.0.101_0.35-0.20.78 0:1.4_3.0.61_rt85_0.7-2.18.23 0:8.4.2_3.0.61_rt85_0.7-0.6.6.14 0:1.4.20_3.0.61_rt85_0.7-0.23.20 0:3.0.61.rt85-0.7.1 0:2.0.4_3.0.61_rt85_0.7-0.7.19 0:1.6_3.0.61_rt85_0.7-0.11.22 0:1.5.2_3.0.61_rt85_0.7-0.26.22 0:1.4_3.0.101_rt130_0.24-2.27.79 0:8.4.4_3.0.101_rt130_0.24-0.22.45 0:1.4.20_3.0.101_rt130_0.24-0.38.64 0:3.0.101.rt130-0.24.1 0:2.1.1_3.0.101_rt130_0.24-0.11.57 0:1.6_3.0.101_rt130_0.24-0.20.79 0:1.5.4.1_3.0.101_rt130_0.24-0.13.70 0:5.3.8-0.35.1 0:3.0.42-0.7.3 0:1.4_3.0.42_0.7-2.18.7 0:2_3.0.42_0.7-0.7.42 0:1.6_3.0.42_0.7-0.11.6 0:3.0.38-0.5.1 0:1.4_3.0.38_0.5-2.16.1 0:2_3.0.38_0.5-0.7.37 0:1.6_3.0.38_0.5-0.7.37 0:2.11.3-17.43.1 0:1.4-0.5.1 0:1.4-0.10.1 0:2.3.14-0.14.1 0:0.15.1-0.23.1 0:1.2.10-3.25.2 0:4.2.4.P1-0.5.1 0:9.6ESVR7P2-0.8.1 0:4.2.4.P2-0.5.1 0:1.4.15-0.2.1 0:9.6ESVR7P3-0.9.1 0:9.6ESVR7P3-0.2.1 0:3.0.101-0.46.1 0:4.2.5_02_3.0.101_0.46-0.7.9 0:1.4_3.0.101_0.42-2.27.115 0:2_3.0.101_0.42-0.16.121 0:1.6_3.0.101_0.42-0.20.115 0:1.4_3.0.101_rt130_0.32-2.27.121 0:8.4.4_3.0.101_rt130_0.32-0.22.87 0:1.4.20_3.0.101_rt130_0.32-0.38.106 0:3.0.101.rt130-0.32.1 0:2.1.1_3.0.101_rt130_0.32-0.11.96 0:1.6_3.0.101_rt130_0.32-0.20.121 0:1.5.4.1_3.0.101_rt130_0.32-0.13.112 0:3.0.101-0.7.29.1 0:3.0.101-0.7.23.1 0:4.1.6_08_3.0.101_0.7.29-0.5.19 0:4.1.6_06_3.0.101_0.7.23-0.5.30 0:2.11.3-17.56.2 0:2.11.1-0.58.1 0:3.8.2-141.150.1 0:1.8.7.p357-0.9.15.6 0:4.6.3-5.18.1 0:2.7.6-0.21.1 0:9.6ESVR7P4-0.8.1 0:9.6ESVR7P4-0.2.3.1 0:11.2.202.243-0.3.1 0:11.2.202.251-0.3.1 0:4.1.3_06-0.7.1 0:4.1.3_06_3.0.51_0.7.9-0.7.1 0:1.8.4-0.3.1 0:5.5.42-0.8.1 0:11.2.202.258-0.3.1 0:2.0.9-25.33.33.1 0:2.0.9-25.33.33.5 0:2.0.9-25.33.37.6 0:3.6.3-0.46.1 0:3.4.3-1.52.3 0:1.34b-11.28.52.3 0:1.34b-12.46.1 0:2.6.32.59-0.13.1 0:2.11.3-17.80.3 0:2.11.1-0.62.1 0:2.11.3-17.45.53.1 0:3.0.80-0.5.1 0:4.1.5_02_3.0.80_0.5-0.5.5 0:3.0.82-0.7.9 0:4.2.2_04_3.0.82_0.7-0.9.3 0:1.4_3.0.80_0.5-2.18.45 0:2_3.0.80_0.5-0.7.76 0:1.6_3.0.80_0.5-0.11.44 0:1.4_3.0.82_0.7-2.25.3 0:2_3.0.82_0.7-0.16.3 0:1.6_3.0.82_0.7-0.18.3 0:1.4_3.0.80_rt108_0.5-2.18.47 0:8.4.2_3.0.80_rt108_0.5-0.6.6.38 0:1.4.20_3.0.80_rt108_0.5-0.23.44 0:3.0.80.rt108-0.5.1 0:2.0.4_3.0.80_rt108_0.5-0.7.35 0:1.6_3.0.80_rt108_0.5-0.11.46 0:1.5.2_3.0.80_rt108_0.5-0.28.28.18 0:0.9.7g-146.22.25.1 0:0.9.8j-0.72.1 0:0.9.7g-146.22.29.1 0:1.6.0.0_b27.1.12.3-0.2.1 0:0.9.6-0.25.1 0:3.6.3-0.30.1 0:3.4.3-1.42.11 0:1.34b-12.30.1 0:9.1.8-0.5.1 0:1.6.0.0_b27.1.12.5-0.2.1 0:1.6.0_sr13.2-0.3.1 0:1.7.0_sr4.2-0.6.1 0:1.6.0.0_b27.1.12.2-0.2.1 0:1.4.2_sr13.15-0.3.1 0:1.4.2_sr13.16-0.2.1 0:11.2.202.273-0.3.1 0:11.2.202.261-0.3.1 0:11.2.202.262-0.3.1 0:11.2.202.270-0.3.1 0:9.5.4-0.3.1 0:9.4.6-0.4.3.1 0:11.2.202.275-0.3.1 0:17.0.3esr-0.4.4.1 0:1.6.0.0_b27.1.12.4-0.2.1 0:3.0.58-0.6.6.1 0:4.1.3_06_3.0.58_0.6.6-0.7.22 0:1.4_3.0.58_0.6.6-2.18.22 0:2_3.0.58_0.6.6-0.7.56 0:1.6_3.0.58_0.6.6-0.11.21 0:3.0.93-0.5.1 0:4.1.5_02_3.0.93_0.5-0.5.39 0:3.0.93-0.8.2 0:4.2.2_06_3.0.93_0.8-0.7.17 0:1.4_3.0.93_0.5-2.18.61 0:2_3.0.93_0.5-0.7.91 0:1.6_3.0.93_0.5-0.11.60 0:1.4_3.0.93_0.8-2.27.8 0:2_3.0.93_0.8-0.16.14 0:1.6_3.0.93_0.8-0.20.8 0:1.4_3.0.93_rt117_0.5-2.18.62 0:8.4.2_3.0.93_rt117_0.5-0.6.6.53 0:1.4.20_3.0.93_rt117_0.5-0.25.25.1 0:3.0.93.rt117-0.5.1 0:2.0.4_3.0.93_rt117_0.5-0.7.44 0:1.6_3.0.93_rt117_0.5-0.11.61 0:1.5.2_3.0.93_rt117_0.5-0.28.28.33 0:1.4_3.0.93_rt117_0.9-2.27.16 0:8.4.3_3.0.93_rt117_0.9-0.19.7 0:1.4.20_3.0.93_rt117_0.9-0.38.1 0:3.0.93.rt117-0.9.1 0:2.1.1_3.0.93_rt117_0.9-0.11.6 0:1.6_3.0.93_rt117_0.9-0.20.16 0:1.5.4.1_3.0.93_rt117_0.9-0.13.7 0:11.2.202.280-0.3.1 0:1.4.2_sr13.17-0.2.1 0:1.6.0.0_b27.1.12.6-0.2.1 0:1.7.0.6-0.19.2 0:1.6.0_sr14.0-0.3.1 0:1.7.0_sr5.0-0.5.1 0:1.8.5-0.2.1 0:0.24.4-0.13.1 0:5.2.14-0.7.30.48.1 0:5.3.8-0.41.1 0:17.0.8esr-0.4.2.1 0:17.0.8esr-0.7.2 0:1.7.6p2-0.2.12.5 0:1.6.17-1.15.1 0:5.5.33-0.11.1 0:5.0.96-0.6.9 0:2.2.12-1.40.7 0:7.4-27.70.72.1 0:7.4-27.40.70.1 0:7.19.7-1.20.25.1 0:1.6.17-1.17.1 0:7.4-8.26.36.1 0:7.4-8.26.38.1 0:1.4.2-0.11.1 0:2.6.16-1.38.1 0:3.0.74-0.6.8.1 0:4.1.4_02_3.0.74_0.6.8-0.5.26 0:1.4_3.0.74_0.6.8-2.18.38 0:2_3.0.74_0.6.8-0.7.70 0:1.6_3.0.74_0.6.8-0.11.37 0:1.4_3.0.74_rt98_0.6.4-2.18.38 0:8.4.2_3.0.74_rt98_0.6.4-0.6.6.29 0:1.4.20_3.0.74_rt98_0.6.4-0.23.35 0:3.0.74.rt98-0.6.4.1 0:2.0.4_3.0.74_rt98_0.6.4-0.7.31 0:1.6_3.0.74_rt98_0.6.4-0.11.37 0:1.5.2_3.0.74_rt98_0.6.4-0.28.28.9 0:3.0.101-0.15.1 0:4.2.3_08_3.0.101_0.15-0.7.22 0:1.4_3.0.101_0.15-2.27.40 0:2_3.0.101_0.15-0.16.46 0:1.6_3.0.101_0.15-0.20.40 0:1.4_3.0.101_rt130_0.10-2.27.37 0:8.4.4_3.0.101_rt130_0.10-0.22.3 0:1.4.20_3.0.101_rt130_0.10-0.38.22 0:3.0.101.rt130-0.10.1 0:2.1.1_3.0.101_rt130_0.10-0.11.22 0:1.6_3.0.101_rt130_0.10-0.20.37 0:1.5.4.1_3.0.101_rt130_0.10-0.13.28 0:7.19.7-1.20.27.1 0:7.19.7-1.28.1 0:3.0.101-0.5.1 0:4.1.6_02_3.0.101_0.5-0.5.5 0:3.0.101-0.8.1 0:4.2.3_02_3.0.101_0.8-0.7.9 0:1.4_3.0.101_0.5-2.18.69 0:2_3.0.101_0.5-0.7.98 0:1.6_3.0.101_0.5-0.11.68 0:1.4_3.0.101_0.8-2.27.22 0:2_3.0.101_0.8-0.16.28 0:1.6_3.0.101_0.8-0.20.22 0:1.4_3.0.101_rt130_0.5-2.18.71 0:8.4.2_3.0.101_rt130_0.5-0.6.6.62 0:1.4.20_3.0.101_rt130_0.5-0.25.25.10 0:3.0.101.rt130-0.5.1 0:2.0.4_3.0.101_rt130_0.5-0.9.9.1 0:1.6_3.0.101_rt130_0.5-0.11.70 0:1.5.2_3.0.101_rt130_0.5-0.28.28.42 0:1.4_3.0.101_rt130_0.8-2.27.24 0:8.4.4_3.0.101_rt130_0.8-0.18.8 0:1.4.20_3.0.101_rt130_0.8-0.38.9 0:3.0.101.rt130-0.8.3 0:3.0.101.rt130-0.8.1 0:2.1.1_3.0.101_rt130_0.8-0.11.11 0:1.6_3.0.101_rt130_0.8-0.20.24 0:1.5.4.1_3.0.101_rt130_0.8-0.13.15 0:1.8.8-0.2.1 0:9.5.5-0.3.1 0:9.4.6-0.4.3.2 0:11.2.202.285-0.3.1 0:3.0.74-0.6.10.1 0:4.1.4_02_3.0.74_0.6.10-0.5.32 0:1.4_3.0.74_0.6.10-2.18.41 0:2_3.0.74_0.6.10-0.7.73 0:1.6_3.0.74_0.6.10-0.11.40 0:1.4_3.0.74_rt98_0.6.6-2.18.42 0:8.4.2_3.0.74_rt98_0.6.6-0.6.6.33 0:1.4.20_3.0.74_rt98_0.6.6-0.23.39 0:3.0.74.rt98-0.6.6.1 0:2.0.4_3.0.74_rt98_0.6.6-0.7.33 0:1.6_3.0.74_rt98_0.6.6-0.11.41 0:1.5.2_3.0.74_rt98_0.6.6-0.28.28.13 0:4.4.0-6.17.2 0:4.4.0-6.17.5 0:11.2.202.291-0.3.1 0:11.2.202.297-0.3.1 0:11.2.202.310-0.3.1 0:4.0.3_21548_18-0.9.1 0:4.0.3_21548_18_2.6.32.59_0.15-0.9.1 0:2.6.18-0.6.1 0:1.7.0.6-0.21.1 0:1.8.7.p357-0.9.11.1 0:5.3.17-0.15.1 0:3.6.3-0.33.35.1 0:3.4.3-1.46.2 0:3.6.3-0.42.1 0:1.34b-12.33.35.1 0:1.34b-12.42.1 0:5.2.14-0.7.30.54.1 0:5.3.17-0.17.1 0:1.6.17-1.21.3 0:1.0.5.6-0.7.1 0:5.5.37-0.7.1 0:5.0.96-0.6.11 0:3.0.101-0.7.15.1 0:4.1.6_04_3.0.101_0.7.15-0.5.12 0:1.4_3.0.101_0.7.15-2.18.79 0:2_3.0.101_0.7.15-0.7.107 0:1.6_3.0.101_0.7.15-0.11.78 0:2.11.3-17.62.1 0:7.4-27.70.74.1 0:7.4-27.83.2 0:3.0.101-0.21.1 0:4.2.4_02_3.0.101_0.21-0.7.12 0:1.4_3.0.101_0.21-2.27.54 0:2_3.0.101_0.21-0.16.60 0:1.6_3.0.101_0.21-0.20.54 0:1.4_3.0.101_rt130_0.14-2.27.55 0:8.4.4_3.0.101_rt130_0.14-0.22.21 0:1.4.20_3.0.101_rt130_0.14-0.38.40 0:3.0.101.rt130-0.14.1 0:2.1.1_3.0.101_rt130_0.14-0.11.36 0:1.6_3.0.101_rt130_0.14-0.20.55 0:1.5.4.1_3.0.101_rt130_0.14-0.13.46 0:3.0.101-0.7.19.1 0:3.4.3-1.54.1 0:1.34b-11.28.54.1 0:3.6.3-0.50.1 0:1.34b-12.33.41.2 0:3.6.3-0.33.41.2 0:3.4.3-1.54.4 0:1.34b-12.50.1 0:7.19.7-1.20.29.1 0:7.19.7-1.30.1 0:2.6.18-0.14.1 0:9.9.3P2-0.5.1 0:1.8.9-0.2.5 0:11.2.202.327-0.3.1 0:11.2.202.332-0.3.1 0:1.7.0.6-0.23.1 0:1.6.0_sr15.1-0.6.1 0:1.7.0_sr6.1-0.8.1 0:1.7.0_sr9.0-0.7.1 0:1.8.11-0.2.1 0:1.0.5.8-0.7.1 0:2.2.12-1.48.1 0:1.0.5.9-0.7.1 0:0.98.5-0.5.1 0:5.3.17-0.35.2 0:1.7.0.6-0.27.1 0:1.8.12-0.4.1 0:2.11.3-17.82.11 0:2.11.1-0.64.1 0:2.11.3-17.45.59.1 0:7.19.7-1.32.1 0:1.6.17-1.27.2 0:0.9.8j-0.54.1 0:0.9.8j-0.58.1 0:3.1.12-8.16.18.1 0:1.4.2-0.15.2 0:3.0.101-0.47.50.1 0:4.2.5_04_3.0.101_0.47.50-0.7.1 0:1.4_3.0.101_0.47.50-2.28.1.7 0:2_3.0.101_0.47.50-0.17.1.7 0:1.6_3.0.101_0.47.50-0.21.1.7 0:1.4_3.0.101_rt130_0.33.36-2.28.1.14 0:8.4.4_3.0.101_rt130_0.33.36-0.23.1.14 0:1.4.20_3.0.101_rt130_0.33.36-0.39.1.14 0:3.0.101.rt130-0.33.36.1 0:2.1.1_3.0.101_rt130_0.33.36-0.12.1.13 0:1.6_3.0.101_rt130_0.33.36-0.21.1.14 0:1.5.4.1_3.0.101_rt130_0.33.36-0.14.1.14 0:1.0.1g-0.16.1 0:3.0.101-0.29.1 0:4.2.4_02_3.0.101_0.29-0.7.24 0:1.4_3.0.101_0.29-2.27.63 0:2_3.0.101_0.29-0.16.69 0:1.6_3.0.101_0.29-0.20.63 0:1.4_3.0.101_rt130_0.16-2.27.65 0:8.4.4_3.0.101_rt130_0.16-0.22.31 0:1.4.20_3.0.101_rt130_0.16-0.38.50 0:3.0.101.rt130-0.16.1 0:2.1.1_3.0.101_rt130_0.16-0.11.45 0:1.6_3.0.101_rt130_0.16-0.20.65 0:1.5.4.1_3.0.101_rt130_0.16-0.13.56 0:5.3.17-0.27.1 0:0.12.5-1.26.1 0:6.0.41-0.45.1 0:5.3.8-0.45.1 0:5.3.17-0.23.5 0:2.11.3-17.68.1 0:11.2.202.335-0.4.1 0:11.2.202.341-0.3.1 0:11.2.202.346-0.3.1 0:11.2.202.350-0.3.1 0:11.2.202.359-0.3.1 0:11.2.202.356-0.3.1 0:11.2.202.378-0.3.1 0:11.2.202.394-0.3.1 0:11.2.202.400-0.3.1 0:11.2.202.406-0.3.1 0:11.2.202.411-0.3.1 0:11.2.202.425-0.3.1 0:9.6ESVR11W1-0.2.1 0:6.4.3.6-7.28.1 0:4.24-43.25.1 0:1.8.13-0.5.1 0:5.4.2.1-8.12.20.1 0:4.4.0-6.23.1 0:1.7.0.65-0.7.4 0:3.0.101-0.7.21.1 0:4.1.6_06_3.0.101_0.7.21-0.5.16 0:2.4.1-24.39.53.1 0:1.2.10-3.29.1 0:0.9.8j-0.62.1 0:0.9.8j-0.62.3 0:1.0.1g-0.20.1 0:1.7.0.75-0.7.1 0:0.9.7g-146.22.27.1 0:0.9.8j-0.68.1 0:1.0.1g-0.24.1 0:1.6.17-1.31.3 0:2.11.3-17.66.1 0:5.3.17-0.29.1 0:1.7.0_sr7.1-0.5.1 0:1.6.0_sr16.1-0.3.1 0:1.6.3-133.49.60.1 0:3.2-147.20.1 0:5.2-147.20.1 0:3.2-147.14.20.1 0:5.2-147.14.20.1 0:1.10.10-0.2.1 0:4.2.5_08_3.0.101_0.47.55-0.7.1 0:1.4_3.0.101_rt130_0.33.38-2.28.1.22 0:8.4.4_3.0.101_rt130_0.33.38-0.23.1.22 0:1.4.20_3.0.101_rt130_0.33.38-0.39.1.22 0:3.0.101.rt130-0.33.38.1 0:2.1.1_3.0.101_rt130_0.33.38-0.12.1.20 0:1.6_3.0.101_rt130_0.33.38-0.21.1.22 0:1.5.4.1_3.0.101_rt130_0.33.38-0.14.1.22 0:7.4-27.101.1 0:2.6.32.59-0.17.1 0:4.0.3_21548_18_2.6.32.59_0.17-0.9.2 0:3.0.101-0.7.27.1 0:4.1.6_08_3.0.101_0.7.27-0.5.5 0:6.00-11.9.1 0:5.3.17-0.33.1 0:1.0.1g-0.30.1 0:11.2.202.424-0.3.1 0:3.9.8-1.23.1 0:1.6.0_sr16.3-0.4.5 0:1.7.0_sr8.10-0.6.4 0:1.6.0_sr16.3-0.4.1 0:1.7.0_sr8.10-0.6.1 0:4.2.4p8-1.28.1 0:0.98.6-0.6.1 0:1.3.9-8.46.54.2 0:1.6.0_sr16.4-0.3.1 0:1.0.1g-0.26.1 0:2.11.3-17.74.13 0:2.11.1-0.60.1 0:2.11.3-17.45.55.5 0:1.34b-12.33.43.1 0:3.6.3-0.33.43.1 0:3.4.3-1.54.39 0:7.4-27.103.1 0:11.2.202.429-0.4.1 0:11.2.202.438-0.3.1 0:11.2.202.440-0.3.1 0:11.2.202.442-0.3.1 0:11.2.202.451-0.3.1 0:11.2.202.457-0.3.1 0:1.7.0.75-0.9.1 0:1.10.12-0.2.1 0:31.5.0esr-0.7.1 0:31.5.0esr-0.4.2.1 0:9.9.6P1-0.7.1 0:1.4.2-0.22.25.1 0:4.2.4p8-1.29.36.1 0:11.2.202.460-0.3.1 0:11.2.202.466-0.6.1 0:11.2.202.468-0.7.1 0:1.4.2-0.22.31.1 0:4.1.6_08_3.0.101_0.7.29-0.11.1 0:5.3.17-0.43.1 0:1.4.2-0.22.27.1 0:0.15.1-0.29.1 0:1.10.14-0.3.1 0:5.5.43-0.9.1 0:5.0.96-0.8.8.1 0:5.0.96-0.8.8.2 0:4.4.0-6.27.1 0:9.9.6P1-0.27.1 0:1.9+git.1473844105.932298f-9.1 0:1.5.4-0.7.1 0:1.5.4-12.1 0:2.4.3-0.25.1 0:1.9+git.1443859419.95e948a-12.2 0:2014.2.4~a0~dev103-16.2 0:2014.2.4~a0~dev103-16.4 0:0.4-0.13.1 0:0.9.8j-0.91.1 0:2014.2.4.dev18-9.7 0:2014.2.4.dev18-9.11 0:2014.2.4.dev19-9.7 0:2014.2.4.dev19-9.12 0:2014.2.4.dev5-9.5 0:2014.2.4.dev5-9.7 0:2014.2.4.dev13-9.6 0:2014.2.4.dev13-9.8 0:2014.2.4.dev5-11.8 0:2014.2.4.dev5-11.12 0:2014.2.4.dev3-9.5 0:2014.2-9.2 0:1.3.1-9.6 0:1.4.0-14.2 0:1.2.0-2.5 0:1.9.0-9.2 0:1.9+git.1443622531.b2b2939-9.3 0:2014.2.4~a0~dev12-13.2 0:1.1.7-11.3 0:2014.2.4.juno-14.1 0:2014.2.4.juno-17.1 0:2014.2.4.juno-17.2 0:2014.2.4.juno-29.1 0:2.1.0-14.1 0:2014.2.4~a0~dev80-20.1 0:2.1.0-11.1 0:2014.2.4.juno-15.1 0:1.6.11-0.7.1 0:1.6.11-13.1 0:2.7.0-0.7.1 0:2.7.0-9.1 0:3.10-0.13.1 0:0.15.0-9.2 0:1.0.0-11.1 0:1.2.0-11.2 0:2.20.0-9.2 0:0.4.1-9.2 0:2.3.0-9.2 0:2.11.0-0.9.1 0:4.1.9-9.1 0:4.1.9-12.1 0:4.1.9-9.2 0:4.1.9-15.1 0:1.11.1-9.1 0:0.0.5-9.1 0:3.2.3-9.1 0:2.11.3-11.1 0:1.5.2-9.6 0:4.4.13-1.1 6 0:1.6.1-2.7 0:3.0+git.1456169766.1e60d19-1.1 0:1.9.1-58.1 0:1.5.14-1.4 0:1.4.15-1.2 0:2.4.14-1.28 0:7.0.2~a0~dev1-1.2 0:8.0.2~a0~dev7-2.1 0:11.0.2~a0~dev2-1.1 0:5.0.2~a0~dev9-1.4 0:0.0.0+git.1452795102.e53f5d3-1.1 0:4.2.3~a0~dev14-1.1 0:8.0.2~a0~dev8-1.2 0:7.0.4~a0~dev18-1.1 0:7.0.2~a0~dev63-1.1 0:12.0.2~a0~dev18-1.3 0:2.1.0-4.1 0:4.0.1~a0~dev2-2.1 0:1.6.4-0.7.3 0:1.8.9-1.1 0:2.7.3-15.1 0:2.7.0-1.4 0:1.7.2-3.1 0:2.3.1-1.1 0:2.6.1-2.2 0:3.0.3-1.1 0:3.4.4-2.20 0:4.2.2-2.2 0:4.2.2-5.1 0:4.2.2-2.4 0:1.11.1-2.2 0:10.32.2-3.2 0:10.32.2-1.34 0:10.32.2-1.1 0:10.32.2-4.2 0:10.32.2-1.2 0:0.9.16-1.1 0:0.5.5-1.1 0:1.6.4-2.3 0:1.0.2-7.1 0:2.11.3-1.2 0:1.0.3~a0~dev10-6.1 0:1.0.3~a0~dev10-6.2 0:4.2.5-6.1 0:4.2.5-6.2 0:7.0.5~a0~dev3-6.1 0:0.0.1~a0~dev238-4.1 0:3.0.3~a0~dev1-6.1 0:7.0.0-9.1 0:4.0.1~a0~dev19-8.1 0:5.0.4~a0~dev6-6.1 0:5.0.4~a0~dev6-6.2 0:7.0.3~a0~dev2-7.1 0:8.0.2~a0~dev34-8.1 0:11.0.2~a0~dev13-7.1 0:5.0.2~a0~dev93-9.1 0:5.0.2~a0~dev93-9.3 0:8.1.1~a0~dev13-3.1 0:8.1.1~a0~dev13-3.2 0:1.0.2~a0~dev11-9.1 0:1.0.2~a0~dev11-9.2 0:7.1.2~a0~dev29-10.1 0:7.1.2~a0~dev1-6.1 0:12.0.5~a0~dev2-7.1 0:1.0+git.1467079370.4f2c49d-7.1 0:2.1.1-6.1 0:1.7.2-4.1 0:1.2.1~a0~dev2-3.1 0:0.6-4.1 0:4.2.2-8.1 0:1.15.2-2.3.1 0:4.2.9-3.3.1 0:4.2.9-7.3.1 0:4.2.9-9.3.1 0:4.2.9-6.3.1 0:1.0.3-8.3.1 0:0.4.1-2.1 0:2.4.0-3.1 0:2.8.0-3.1 0:2.5.1-6.4.7 0:2.5.1_k3.12.74_60.64.69-6.4.7 0:1.4.39-3.3.1 0:1.8.19-3.6.1 0:3.0+git.1521471181.2b39130da-39.10.1 0:7.0.2~a0~dev30-1.3 0:8.0.2~a0~dev34-1.4 0:4.2.2-6.1 0:11.0.2~a0~dev7-1.1 7 0:1.11.0.1-2.3.1 0:13.0.1~a0~dev6-4.3.1 0:13.0.1~a0~dev6-4.3.4 0:3.0.4~a0~dev1-2.3.1 0:2.2.3.0-5.1 0:20170912_10.45-5.1 0:1.0.5-5.3 0:14.0.10~dev13-4.11.1 0:14.0.10~dev13-4.11.3 0:3.19.0-3.1 0:3.1.2~a0~dev20-9.4 0:3.1.2~a0~dev20-9.3 0:7.0.4~a0~dev7-3.1 0:7.0.4~a0~dev7-3.2 0:9.1.5~a0~dev1-3.1 0:10.0.4~a0~dev2-3.1 0:13.0.1~a0~dev6-3.1 0:13.0.1~a0~dev6-3.3 0:7.0.4~a0~dev4-4.1 0:7.0.4~a0~dev4-4.2 0:10.0.2~a0~dev2-6.1 0:10.0.2~a0~dev2-6.2 0:3.1.2~a0~dev22-13.1 0:3.0.1~a0~dev27-3.1 0:14.0.6~a0~dev16-3.1 0:14.0.6~a0~dev16-3.3 0:2.2.3.0-9.1 0:1.4.39-3.3.2 0:2.0.8-3.3.1 0:17.5.6-3.3.1 0:1.8.19-3.4.1 0:5.5.1-10.1 42.1 0:49.0.2623.75-27.1 0:0.22.0+git.20160103-5.1 0:50.0.2661.75-41.1 0:51.0.2704.79-54.1 0:49.0.2-36.1 0:2.4.0-170.2 0:1.3.21-3.10 0:6.8.8.1-4.2 0:41.0.2-1.2 0:38.3.0-2.2 0:1.0.6-1.2 0:4.14-1.2 0:13.2+git20140911.61c1681-4.6 0:0.6.40-2.2 0:1.0.29-8.1 0:5.1.1_r8-3.2 0:1.9.4-8.2 0:1.9.4-8.3 0:1.9.2-3.1 0:1.0.15-11.2 0:3.1-8.1 0:2.0.9-2.2 0:5.5.14-36.5 0:1.6.3-3.11 0:1.19.0-7.4 0:1.2.0-6.2 0:5.0.9-4.3 0:1.13.4-6.4 0:1.4.16-3.2 0:0.6.31-24.1 0:4.2-76.4 0:6.2-76.4 0:9.9.6P1-25.2 0:2.25.0-5.2 0:1.2.4-5.1 0:3.1.2-8.1 0:1.21.1-5.6 0:1.0.6-30.4 0:6.4-4.2 0:0.98.7-2.7 0:3.12.0-2.2 0:1.2.12-1.2 0:0.1.26-2.2 0:8.22-4.1 0:2.11-30.4 0:4.8.5-16.7 0:4.8.5-16.8 0:7.1.3_k4.1.12_1-4.14 0:4.2-57.5 0:1.4.11-57.5 0:5.8-8.2 0:1.7.5-5.6 0:1.0.58-10.3 0:7.37.0-5.2 0:1.12.12-183.1 0:2.4.18-1.2 0:2.1.26-8.1 0:1.8.16-5.9 0:1.8.16-5.2 0:0.100.2-3.2 0:4.3.3-2.1 0:0.97.3-2.10 0:2.71-4.2 0:1.42.11-10.2 0:0.158-9.5 0:24.3-18.7 0:3.12.10-2.7 0:3.14.2-2.8 0:0.6.21-10.2 0:2.1.0-15.4 0:6.3.26-12.2 0:5.19-5.5 0:1.3.0-9.2 0:2.5.5-8.2 0:2.9.3-8.2 0:0.6-4.2 0:2.1.0-8.2 0:2.31.6-1.2 0:2.40.10-4.2 0:3.14.2-1.2 0:2.8.14-2.7 0:2.6.2-1.1 0:2.44.1-2.3 0:2.19-17.4 0:2.19-17.1 0:3.10.0-3.1 0:3.16.0-4.3 0:3.16.4.1-1.2 0:3.16.4-1.2 0:3.2.15-6.2 0:1.6.0-9.1 0:1.22.2-7.4 0:1.22.2-7.7 0:0.10.23-20.8 0:3.7.4-5.2 0:1.2.2-6.2 0:7.4.326-3.10 0:1.6-9.4 0:1.0-8.1 0:3.14.6-3.10 0:1.8.28-3.3 0:6-10.1 0:1.4.14-1.1 0:1.5.0-9.2 0:1.6.1-1.2 0:3.8.3-267.6 0:0.8.0-4.4 0:s20121221-3.3 0:0.8.17-4.2 0:1.1.1-1.3 0:1.8.0.60-4.11 0:3.00-3.2 0:1.15.5-6.1 0:4.11.22-1.7 0:4.14.10-2.11 0:15.04.3-3.3 0:15.04.3-3.4 0:15.08.1-1.2 0:4.1.12-1.1 0:15.08.0-7.6 0:1.3.3-4.2 0:1.4.1-779.1 0:2.0-779.1 0:1.6-2.9 0:1.12.1-19.9 0:4.6.4-4.3 0:1.0.7-1.1 0:3.18-4.2 0:2.1.0-6.2 0:1.4.5-18.1 0:5.5.0-2.1 0:1.6.3-1.1 0:1.0.7-5.1 0:1.1.14-6.1 0:1.3.3-3.1 0:5.0.1-5.1 0:1.5.1-5.2 0:1.7.5-1.1 0:1.1.3-5.1 0:1.0.3-1.1 0:1.5.0-1.1 0:0.9.9-1.1 0:1.1.5-1.1 0:1.2.2-5.1 0:1.0.10-5.1 0:1.0.9-1.1 0:1.1.4-5.1 0:1.1.4-1.1 0:1.5.3-3.2 0:1.5.1-5.1 0:2.25-7.2 0:2.25-7.1 0:1.10.10-3.2 0:4.2.4-4.3 0:1.7.1-3.1 0:9.4.5-1.1 0:9.4.5-1.2 0:2.0.21-5.1 0:0.6.21-10.1 0:0.25-4.8 0:2.5.4.26856-5.4 0:3.20-1.2 0:1.12.1-2.2 0:1.6.1-18.7 0:2.0.0-1.1 0:0.4-5.1 0:210-84.1 0:0.9-9.1 0:52.1-10.3 0:0.15.1b-184.1 0:1.2.0-4.7 0:1.900.1-164.1 0:2.4.9-4.10 0:2.0-3.2 0:1.3.1-31.3 0:62.1.0-31.1 0:8.0.2-31.3 0:0.12-4.2 0:1.3.0-2.2 0:1.19-19.1 0:1.15.0-4.2 0:2.4.2-16.6 0:5.2.2-3.2 0:2.08-4.1 0:3.3.7-3.2 0:1.9-4.4 0:0.6.4-3.1 0:0.8.8.5-4.1 0:4.0.4-1.8 0:3.1.2-10.5 0:0.5-4.2 0:2.1.5-29.1 0:10.0.21-1.5 0:0.30.1-2.9 0:0.52.16-3.3 0:1.5.2-3.4 0:1.0.1i-4.1 0:1.36.8-2.2 0:1.8.14-1.1 0:6.14.12-3.5 0:1.2.50-3.2 0:1.6.8-2.2 0:0.112-4.2 0:0.24.4-5.3 0:0.24.4-5.2 0:0.4.11-13.2 0:7.0-3.1 0:2.10.11-4.3 0:2.7.9-21.3 0:3.4.1-6.2 0:4.8.6-5.2 0:4.8.6-5.1 0:2.0.15-2.2 0:0.16.2-2.6 0:5.0.2.2-1.2 0:1.0.0-2.2 0:2.1.2-5.7 0:1.3.8-4.2 0:0.4.8-20.1 0:1.0.25-20.1 0:5.7.3-2.5 0:2.50.0-2.3 0:0.29-4.2 0:0.12.5-6.1 0:1.4.3-10.1 0:1.11.5.1-5.1 0:1.9.1-4.6 0:3.7-10.2 0:1.6.10-2.7 0:1.0.20100204cvs-20.1 0:4.0.4-1.1 0:2.1.6-3.2 0:2.7.1-1.4 0:1.1.1-8.6 0:1.2.18.1-3.2 0:1.3.3-3.7 0:0.28.2-19.1 0:0.2.8.4-240.1 0:1.11.1-1.1 0:3.1.1-14.2 0:2.9.1-8.1 0:0.1.6-3.1 0:0.11.1-3.1 0:2.8-3.2 0:1.2.10-75.1 0:3.8.7-7.1 0:2.8.7-3.2 0:2.1.20-2.2 0:12.5-21.1 0:1.13.3-1.5 0:1.2.5-5.3 0:4.10.8-2.2 0:1.5.24-1.7 0:3.5.1-1.1 0:2.4.2-4.2 0:3.11-3.2 0:1.4.4-19.2 0:4.2.8p3-7.5 0:0.5.3-1.1 0:7.06-2.2 0:2.4.41-9.5 0:2.0.0-8.3 0:6.6p1-6.3 0:2.3.8-4.2 0:2.4-726.1 0:0.152.0-3.2 0:9.20.1-13.4 0:1.1.8-12.4 0:12.1-25.1 0:2.4.4-8.2 0:2.1-3.2 0:2.7.5-5.5 0:5.18.2-3.5 0:0.23-2.2 0:2.82-3.2 0:3.71-3.7 0:6.04-7.1 0:2.0019-5.6 0:0.38-2.2 0:2.3-5.2 0:5.4.2-2.1 0:2.4.7-3.2 0:3.0.23-4.2 0:3.22-267.4 0:2.07-4.2 0:2.7.9-21.1 0:3.4.1-6.1 0:2.9.0-4.3 0:1.5.7-3.6 0:0.14-5.2 0:2.6.1-4.1 0:7.1.2-4.5 0:2.7.0-2.3 0:2.3.1-7.2 0:1.0.0-7.2 0:1.8.1-7.2 0:8-7.2 0:0.99.24.1-3.6 0:2.11-3.2 0:0.2.1_rc4-9.1 0:4.11.2-6.2 0:3.1.0-4.1 0:8.4.0-3.1 0:0.11_git201205151338-10.1 0:9.21-4.6 0:1.4.8-1.1 0:0.12.0-5.1 0:0.9-2.1 0:4.3-4.1 0:1.8.10-3.3 0:1.8.10p3-3.8 0:0.83.8-5.2 0:2.88+-97.1 0:5.2.10-4.2 0:4.5.1-2.2 0:0.18.3-2.2 0:0.2.0-3.2 0:5.2-11.1 0:1.5.0-11.1 0:20141104-2.2 0:2.84-5.3 0:2.3.1-3.2 0:6.00-27.1 0:1.1.23-3.2 0:3.16.0-2.3 0:5.0.6-2.5 0:5.0.6_k4.1.12_1-2.5 0:3.0.2-15.1 0:0.5.3-156.1 0:1.14-2.2 0:1.12.7-7.3 0:2.2-6.2 0:2.7.0-4.2 0:4.5.1_10-1.4 0:4.5.1_10_k4.1.12_1-1.4 0:2.99.917-7.1 0:2.3.15-8.1 0:5.43-7.2 0:7.6_1-16.1 0:1.1.0-5.1 0:7.6-47.1 0:7.6_1.17.2-7.3 0:3.1.155-1.1 0:3.1.18-1.1 0:2.10-1027.2 0:4.2.1-10.1 0:4.2.1-4.1 0:2.3.0-3.1 0:1.12.8-9.1 0:3.3.13-3.1 0:1.8.10p3-5.1 0:0.3.6-9.1 0:2.25-9.4 0:2.25-9.5 0:2.25-9.1 0:1.13-5.1 0:1.53-16.1 0:0.113-6.1 0:4.4.15.1-3.1 0:42.0-3.5 0:3.20.1-3.3 0:4.10.10-4.1 0:2.39-3.1 0:38.4.0-3.2 0:1.1.3-3.1 0:4.8.5-18.1 0:4.8.5-18.2 0:4.8.5-18.3 0:7.9.1-7.1 0:4.5.1_12-3.1 0:4.5.1_12_k4.1.12_1-3.1 0:1.7.0.91-22.1 0:1.12.1-21.1 0:0.66-6.1 0:4.2.8p4-9.2 0:5.33-4.1 0:46.0.2490.86-3.1 0:1.9-6.1 0:1.9.0-4.1 0:5.2.2-7.1 0:1.0.25-24.1 0:1.6.8-4.1 0:1.2.50-5.1 0:2.4.7-5.1 0:2.4.18-3.1 0:1.3.0-4.1 0:037-68.1 0:0.9.9-13.1 0:38.4.0-4.2 0:4.1.13-5.1 0:4.1.13-5.4 0:4.1.13-5.2 0:2.0.24-5.1 0:5.6.27-8.1 0:4.5.2_01-6.1 0:4.5.2_01_k4.1.12_1-6.1 0:1.3.15-6.1 0:1.0.1i-9.1 0:47.0.2526.80-7.1 0:1.5.1-7.1 0:2.3.0-7.1 0:0.12.2-7.1 0:47.0.2526.106-10.1 0:0.9.8j-6.1 0:43.0-6.1 0:1.1.24-7.1 0:4.2.4-9.2 0:2.1.5-7.1 0:1.3.8-7.1 0:0.9.26-7.1 0:9.9.6P1-27.1 0:2.46.0-11.1 0:1.0.4-6.3 0:5.16.0-6.3 0:5.4.3-6.3 0:5.4.3-6.10 0:5.5.1-2.1 0:5.5.1-3.3 0:5.5.1-4.1 0:5.5.1-3.2 0:5.5.1-3.1 0:3.5.1-6.6 0:0.20-3.1 0:5.5.1-4.3 0:0.9.0-4.2 0:0.9.0-4.1 0:0.7.1-5.1 0:1.12.1-24.1 0:2.8.3-6.1 0:38.5.0-7.1 0:38.5.0-7.2 0:3.20.2-6.1 0:3.12.0-4.1 0:2.02~beta2-76.1 0:4.7.20-7.1 0:3.4.6-3.1 0:2.3.9-7.1 0:4.0.6-3.1 0:1.28-6.1 0:6.8.8.1-18.2 0:4.4.15.8-25.1 0:4.5.40-7.1 0:48.0.1-30.6 0:3.24-26.2 0:4.8.6-13.1 0:4.8.6-13.3 0:2.3.37-11.1 0:2.4.41-11.1 0:1.2.3-5.1 0:3.0.26-9.1 0:3.1.1-19.1 0:3.16.5-9.1 0:8.0.32-8.1 0:1.8.0.72-6.1 0:2.25.35.1-6.1 0:3.1.71-4.1 0:1.5.4-6.1 0:1.1.32-7.1 0:1.12.1-36.3 0:1.12.1-36.1 0:1.14-4.1 0:10.0.26-9.1 0:2.11.0-5.1 0:2.32.3-8.1 0:4.02.3-3.2 0:1.0.10-11.2 0:8.4.6-8.1 0:8.4.6_k4.1.31_30-8.1 0:1.28-24.1 0:1.28_k4.1.31_30-24.1 0:6.25.1-5.1 0:6.25.1_k4.1.31_30-5.1 0:4.1.31-30.2 0:4.1.31-30.1 0:4.1.31-30.3 0:2.7.0-2.1 0:2.7.0_k4.1.31_30-2.1 0:0.44-266.1 0:0.44_k4.1.31_30-266.1 0:20140928-5.1 0:20140928_k4.1.31_30-5.1 0:5.1.35-6.1 0:5.18.2-5.1 0:39.0.2256.71-25.1 0:4.0.6-6.1 0:6.6p1-14.1 0:3.16.5-7.2 0:40.0.2308.54-28.1 0:3.4.6-6.2 0:2.1.0-10.1 0:4.2.4-21.3 0:2.24.31-11.2 0:42.1-13.1 0:2.20.2-29.3 0:49.0-33.1 0:3.25-29.1 0:7.37.0-13.1 0:1.0.2-11.1 0:9.9.9P1-39.1 0:1.0.1i-18.1 0:1.6.1-32.1 0:1.5.2-5.1 0:1.7.0.95-25.1 0:3.1.14-9.2 0:2.5.37-11.1 0:2.32.1-19.1 0:10.66.3-6.1 0:2.0.0-14.1 0:1.0.9-1078.1 0:6.1.6-13.1 0:5.5.14-59.1 0:4.1.15-8.1 0:4.1.15-8.3 0:4.1.15-8.2 0:2.8.8-19.1 0:9.4.9-7.1 0:4.5.3_10-15.2 0:4.5.3_10_k4.1.31_30-15.2 0:4.6.0-33.1 0:4.0.6-9.1 0:0.9.8j-15.1 0:103-3.1 0:5.1.5.2-11.1 0:5.5.14-62.1 0:210-98.1 0:1.12.9-14.1 0:1.1.6-12.1 0:9.15-8.1 0:1.4-3.1 0:8.4.6-10.1 0:8.4.6_k4.1.34_33-10.1 0:1.28-26.1 0:1.28_k4.1.34_33-26.1 0:6.25.1-7.1 0:6.25.1_k4.1.34_33-7.1 0:4.1.34-33.1 0:4.1.34-33.3 0:2.7.0-4.1 0:2.7.0_k4.1.34_33-4.1 0:0.44-268.1 0:0.44_k4.1.34_33-268.1 0:20140928-7.1 0:20140928_k4.1.34_33-7.1 0:1.6.3-6.1 0:1.7.5-3.1 0:1.5.0-3.1 0:0.9.9-3.1 0:1.0.9-3.1 0:0.8.15-27.1 0:0.2.7.6-13.1 0:1.8.22-10.1 0:1.3.21-14.1 0:1.8.8-22.1 0:0.99.24.1-14.1 0:2.3.1-19.3 0:1.0.0-19.3 0:2.3.1-19.1 0:1.8.1-19.3 0:8-19.3 0:2.3.1-19.6 0:1.11.5.1-16.1 0:2.9.1-22.1 0:2.40-6.2 0:0.16.2-4.1 0:38.6.0-10.2 0:9.9.9P1-42.1 0:4.6.1-36.1 0:44.0-12.2 0:3.21-9.1 0:4.11-7.1 0:7.37.0-16.1 0:2.1.0-13.1 0:6.8.8.1-21.1 0:5.6.34-19.2 0:41.0.2353.56-3.1 0:54.0.2840.100-91.1 0:4.4.15.2-8.1 0:3.0.24-6.1 0:1.900.14-167.1 0:1.3.21-17.1 0:1.4.22-6.1 0:2.25-18.1 0:2.25-18.2 0:5.5.14-65.2 0:50.0-39.2 0:3.26.2-32.1 0:5.20.0-13.1 0:2.2.25-3.1 0:6.2.1-5.1 0:4.2-81.1 0:6.2-81.1 0:1.1.34-9.1 0:1.8.0.111-3.1 0:7.4.326-8.1 0:50.0.2-42.2 0:45.5.1-28.2 0:0.94-7.1 0:0.2.4+gitr565_0366d7e-5.1 0:1.12.3-22.1 0:0.1.1+gitr2816_02f8fa7-5.1 0:3.1.2-16.1 0:4.4.15.9-28.1 0:1.3.21-20.1 0:10.0.28-15.1 0:1.1.7-15.1 0:1.6.3-9.1 0:1.7.5-6.1 0:1.5.0-5.1 0:8.4.6-12.2 0:8.4.6_k4.1.36_38-12.2 0:1.28-28.2 0:1.28_k4.1.36_38-28.2 0:6.25.1-9.2 0:6.25.1_k4.1.36_38-9.2 0:4.1.36-38.1 0:4.1.36-38.2 0:2.7.0-6.2 0:2.7.0_k4.1.36_38-6.2 0:0.44-270.2 0:0.44_k4.1.36_38-270.2 0:20140928-9.2 0:20140928_k4.1.36_38-9.2 0:3.4.6-9.2 0:4.1.36-41.1 0:4.1.36-41.2 0:0.12.3-6.1 0:6.8.8.1-24.2 0:1.7.0.121-37.2 0:1.1.13-23.2 0:8.39-6.1 0:5.5.14-69.1 0:2.3.1-22.1 0:1.0.0-22.1 0:1.8.1-22.1 0:8-22.1 0:2.3.1-22.2 0:55.0.2883.75-99.2 0:2.1.1-2.1 0:2.4.2-2.1 0:8.0.32-11.1 0:7.2d-8.1 0:1.0.2-5.1 0:0.10.23-22.1 0:15.4.0-3.1 0:1.4.5-8.1 0:1.1.2-10.1 0:50.1.0-45.1 0:2.5.4-6.1 0:2.4.4-11.1 0:2.20-12.1 0:4.4.15.4-13.1 0:1.3.25-6.1 0:1.3.21-23.1 0:7.37.0-7.1 0:4.2.8p9-27.1 0:0.2.7.6-16.1 0:5.5.14-41.1 0:1.8.1-5.1 0:5.6.28-13.1 0:0.8.8f-8.1 0:0.8.8f-5.1 0:2.2.1-24.1 0:3.12.0-7.1 0:1.7.3.1-6.1 0:48.0.2564.109-21.1 0:38.6.0-10.1 0:44.0.2-15.2 0:2.19-19.1 0:2.19-19.2 0:1.12.1-27.1 0:48.0.2564.116-24.1 0:2.8.6-16.1 0:0.5.1.git.1455712026.9c0a4a0-6.1 0:0.3-5.1 0:0.3.1+git20160217.7897d3f-7.1 0:0.6+git20160218.73d6618-5.1 0:0.1.1-20.1 0:2.3.1-12.1 0:1.0.0-12.1 0:1.8.1-12.1 0:8-12.1 0:2.3.1-12.2 0:9.4-6.1 0:9.3.11-3.2 0:2.8.4-9.1 0:0.7.1-8.1 0:9.4.6-4.1 0:1.6.8-7.1 0:1.54-19.1 0:4.3.1-24.1 0:5.19.0-6.3 0:5.19.0-6.2 0:5.19.0-5.8 0:5.19.0-9.2 0:5.19.0-11.2 0:5.19.0-8.1 0:5.19.0-6.6 0:5.19.0-6.7 0:5.19.0-9.3 0:5.19.0-12.5 0:5.19.0-7.2 0:5.18.0-5.3 0:1.0.1i-12.1 0:0.16.5-4.1 0:0.9.8zh-14.1 0:3.16.4-6.1 0:1.2.50-8.1 0:1.12.10-17.1 0:4.4.15.5-16.1 0:1.3.4-3.1 0:2015.8.7-13.1 0:4.1.1-4.1 0:3.2.1-13.1 0:4.86.2-8.1 0:0.9.8j-9.1 0:0.6.3-10.1 0:3.1.4-5.1 0:45.0-18.1 0:3.21.1-12.1 0:4.12-10.1 0:2.9.0-6.1 0:2.10.7-7.1 0:2.0.0.b5-30.1 0:4.2.4-9.1 0:2.6.2-3.1 0:0.12-9.1 0:4.5.2_04-9.2 0:4.5.2_04_k4.1.13_5-9.2 0:49.0.2623.87-31.1 0:1.3.3-7.1 0:1.4.4-5.1 0:6.6p1-8.1 0:9.9.6P1-33.1 0:8.0.32-5.1 0:2016.72-8.1 0:1.4.3-12.1 0:38.7.0-13.1 0:0.99.24.1-5.1 0:4.0.2-7.1 0:4.2.4-12.1 0:2.4.10-7.2 0:4.5.2_06-12.1 0:4.5.2_06_k4.1.15_8-12.1 0:4.8.6-7.2 0:49.0.2623.110-37.1 0:9.15-5.1 0:2.6.6-7.1 0:201604040002-71.1 0:1.8.0.77-9.1 0:1.7.0.99-28.1 0:4.1.20-11.1 0:4.1.20-11.3 0:4.1.20-11.2 0:201604110002-74.1 0:4.2.4-15.1 0:0.3.1-10.1 0:0.99.24.1-8.1 0:3.5.1-3.1 0:0.7.5-8.2 0:5.3.1+r233831-6.1 0:5.3.1+r233831-6.2 0:0.38-4.1 0:1.12.1-30.1 0:3.1.1-16.1 0:201604180001-77.1 0:5.5.14-44.1 0:50.0.2661.94-45.1 0:46.0-21.1 0:3.22.3-15.2 0:1.5-7.1 0:3.1.41.3-10.1 0:5.0.5-10.1 0:1.12.11-20.1 0:1.6.1-26.1 0:1.0.1i-15.1 0:0.9.8zh-17.1 0:1.8.10-9.1 0:1.8.0.91-12.1 0:1.7.0.101-31.1 0:6.8.8.1-9.1 0:0.9.8j-12.2 0:4.2.8p6-15.1 0:3.1.22-6.1 0:2.9.1-16.1 0:50.0.2661.102-48.1 0:0.12.2-10.1 0:1.3.16-9.1 0:7.2.6-5.1 0:0.99.24.1-11.1 0:4.2.8p7-21.1 0:43.0.3-9.2 0:0.8.8f-11.1 0:1.3.21-5.1 0:1.3.5b-4.1 0:1.6.1-14.1 0:5.6.30-16.2 0:2.40.15-7.1 0:3.5.1-6.1 0:5.5.14-47.1 0:4.1.21-14.2 0:4.1.21-14.5 0:4.1.21-14.4 0:210-92.1 0:51.0.2704.63-51.1 0:4.4.15.6-19.1 0:3.0.4-3.1 0:5.0.18-16.1 0:5.0.18_k4.1.21_14-16.1 0:0.67-9.1 0:6.6p1-11.1 0:2.31.6-4.1 0:1.0.58-12.1 0:3.0.26-6.1 0:201606060002-105.1 0:0.12-6.1 0:1.3.21-8.1 0:5.5.14-50.1 0:1.3.0-7.1 0:1.0.10-4.1 0:9.9.6P1-30.1 0:38.0.2220.29-16.1 0:47.0-24.1 0:3.23-18.1 0:4.4.5-27.1 0:201606130003-109.1 0:5.10-10.1 0:2.9.1-19.1 0:1.12.12-23.1 0:51.0.2704.103-57.1 0:4.2.8p8-24.1 0:1.0.9-7.1 0:2.5.5-7.1 0:4.1.26-21.1 0:4.1.26-21.2 0:2.2.4-27.1 0:6.8.8.1-12.1 0:0.6+git20160531.fbfe336-11.1 0:3.1.2-10.1 0:1.2.18.2-5.1 0:9.20.1-15.1 0:3.7-12.1 0:11.4-5.1 0:3.2.1-5.1 0:1.1.4-6.1 0:4.4.15.7-22.1 0:2.8.16-4.1 0:0.12.5-8.1 0:1.8-3.1 0:2.3.1-15.1 0:1.0.0-15.1 0:1.8.1-15.1 0:8-15.1 0:2.3.1-15.2 0:2.19-22.1 0:2.19-22.2 0:4.1.27-24.1 0:4.1.27-24.2 0:0.5.1-3.1 0:1.3.2-5.1 0:0.1.6-3.2 0:0.11.0-3.1 0:0.11.0-4.1 0:5.1.3.2-8.1 0:0.1.5-3.1 0:0.4.2-3.1 0:1.1.0-2.1 0:20160511-4.1 0:1.2.18.2-11.1 0:2.4.16-12.1 0:6.8.8.1-15.1 0:4.4.5-30.2 0:4.3.3-7.1 0:4.2-3.1 0:1.26.5-2.1 0:1.3.17-12.1 0:2.7.12-23.1 0:2016.74-11.1 0:1.7a-7.1 0:48.0-27.1 0:3.24-21.1 0:2.8.5-12.1 0:1.2.18.4-14.2 0:4.3-9.2 0:1.12.13-29.1 0:10.22-7.1 0:3.1.2-13.2 0:3.8.10.2-7.1 0:1.0.1+git.1456406635.49e230d-5.1 0:1.7.0.111-34.1 0:1.8.0.101-15.1 0:1.3.21-11.1 0:1.0.3-4.1 0:3.3.14-6.1 0:48.0.2564.82-13.1 0:1.1.5-9.1 0:3.4.5-8.1 0:4.1.36-44.1 0:4.1.36-44.2 0:4.1.36-44.3 0:2.71-8.1 0:1.14.0-4.1 0:0.31.1-7.1 0:1.8.17-3.1 0:4.2.4-24.1 0:3.4.9-3.1 0:9.9.9P1-43.1 0:0.22.1-5.1 0:3.3.14-12.1 0:3.7.3-7.1 0:0.6.0-8.1 0:4.021-14.1 0:2.2.12-8.1 0:1.6.0-6.1 0:5.0.32-34.1 0:5.0.32_k4.1.36_44-34.1 0:2.8-3.1 0:0.2.5+gitr569_2a5e70c-8.1 0:1.12.6-25.2 0:0.1.1+gitr2819_50a19c6-8.1 0:51.0.1-50.2 0:2.46-9.2 0:1.0.3-6.1 0:201701300007-34.1 0:1.10a-10.1 0:4.4.15.10-31.2 0:1.8.0.121-6.4 0:3.2.15-9.1 0:2.11-33.1 0:0.22.1-8.1 0:1.3.21-26.1 0:2.3.0-10.1 0:2.3.4-3.1 0:0.12.5-11.1 0:1.12-5.1 0:43.0.2442.806-21.1 0:1.0.1-12.1 0:1.6.0-11.1 0:4.1.38-47.1 0:4.1.38-47.2 0:4.1.38-47.3 0:1.0.1i-21.1 0:10.0.29-18.1 0:5.6.35-22.1 0:2.0.9-8.1 0:3.0.2-3.1 0:1.10a-11.2 0:56.0.2924.87-102.1 0:3.2.2-2.1 0:1.4.2-3.1 0:1.1.26-6.1 0:10.1.0-6.1 0:1.1-6.1 0:1.7.0.131-40.1 0:2.5.6.27020-10.1 0:7.4.326-11.1 0:4.0.7-15.1 0:1.12-7.1 0:4.7.3-39.1 0:0.5.0-4.1 0:4.1.38-50.1 0:4.1.38-50.3 0:4.1.38-50.2 0:1.2.4cvs20150223-6.1 0:2.1.0-16.1 0:0.14.16-11.1 0:0.9.2.3-6.1 0:3.5.11-8.1 0:6.8.8.1-28.1 0:2.25-21.1 0:5.5.14-75.2 0:2.0.25-9.1 0:1.0.24-5.1 0:1.14-8.1 0:1.0.4-14.1 0:1.39-5.1 0:3.4.2-3.1 0:2.8.7-6.1 0:1.2.2-6.1 0:6.6p1-17.1 0:52.0-55.2 0:1.8.0.121-8.1 0:3.28.3-38.1 0:037-80.1 0:0.68-12.1 0:1.1.8-18.1 0:52.0.1-57.3.1 0:2.9-5.3.1 0:3.3.11-2.3.1 0:1.8.22-3.1 0:0.3.5a-2.3.1 0:4.5.5_06-18.1 0:4.5.5_06_k4.1.36_41-18.1 0:5.5.14-77.3.1 0:1.14-8.3.1 0:1.3.21-29.1 0:2.4.16-18.1 0:4.1.39-53.1 0:4.1.39-53.2 0:2.10.11-9.1 0:2.2.6-6.3.1 0:2.3.3-2.3.1 0:4.2.4-27.1 0:1.2.50-10.3.1 0:1.6.8-9.3.1 0:201704030005-54.9.1 0:2.10.2-12.3.1 0:7.2.9-7.3.1 0:1.0.3-4.3.1 0:1.1.5-12.1 0:1.2.8-8.1 0:4.4.15.10-33.6.1 0:9.3.14-5.5.1 0:1.6.0-16.5.1 0:0.3.6-10.3.1 0:1.5.22-5.3.1 0:1.900.14-175.3.1 0:1.3.5d-6.3.1 0:9.9.9P1-48.3.1 0:0.10.36-17.1 0:1.8.0.121-10.2.1 0:3.28.4-40.3.1 0:52.1.0-57.6.1 0:4.2.8p10-29.3.2 0:7.37.0-16.3.1 0:1.0.25-26.3.1 0:4.0.7-17.3.1 0:1.1.20-3.3.1 0:4.1.0-5.3.1 0:2.1.9-8.3.2 0:4.0.7-12.1 0:2.18.3-6.3.1 0:5.0.40-40.1 0:5.0.40_k4.1.39_53-40.1 0:1.3.21-32.1 0:52.1.0-41.3.1 0:0.99.24.1-17.1 0:1.16.10-14.1 0:0.13.62-10.3.1 0:5.6.36-24.3.3 0:1.8.1-7.3.1 0:4.9.0-6.3.1 0:9.15-11.3.1 0:2.5.3-13.1 0:4.1.39-56.1 0:4.1.39-56.2 0:4.1.39-56.3 0:0.9.2-8.3.1 0:1.3.1-4.3.1 0:2.1-151.3.1 0:1.9.1-6.1 0:1.1.9-17.6.1 0:8.0.43-6.7.1 0:2.3.1-25.1 0:1.0.0-25.1 0:1.8.1-25.1 0:8-25.1 0:4.2.4-33.1 0:5.5.14-72.1 0:1.900.14-170.1 0:2.6.1-7.1 0:1.14-6.1 0:1.4.5-11.1